@Gertjan said in OpenVPN client frequently change tunnel IP address:
Normally, the internal DHCP server build into the VPN server will give the same IP to the same device when it comes back.
If the client tries to reconnect within the default --keepalive 10 60 setting, then the server gives a different tunnel IP. This is because the server doesn't know the client has lost it's connection. It can take up to 120 seconds before the server realizes/assumes that the client is gone.
Even if the client is assigned a static tunnel IP based on it's certificate CommonName through Client Specific Overides. It is no guarantee the client gets the same IP. Even not with --ifconfig-pool-persist ips.txt
The following is the only way to assure the client gets the same IP:
server 10.0.8.0 255.255.255.0 'nopool'
ifconfig-pool 10.0.8.101 10.0.8.253
In this example 10.0.8.2 till 10.0.8.100 can be used for static assignment, 10.0.8.101 till 10.0.8.253 for dynamic assignment.
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage