Set Static Internal IP for OpenVPN Clients
-
Is there a way to set static IPs for our VPN clients? The static IPs in the DHCP server are all done by MAC address but I would assume that it doesn't carry through the VPN from our remote systems. Also, our remote systems for that particular network all use the same certificate to connect.
-
Setup a client-specific override for their certificate common name/username, and assign it there. Every OpenVPN user gets a /30 carved out of the tunnel subnet specified for the VPN, so the user subnets also need to be /30's, so you can assign for example x.x.x.4/30, x.x.x.8/30, and so on.
-
Why is it that each user needs 4 IPs?
-
That is how OpenVPN works in tun mode. Every user gets an interconnect subnet.
x.x.x.y = Null route
x.x.x.y+1 = Server IP
x.x.x.y+2 = Client IP
x.x.x.y+3 = BroadcastIt's covered in the OpenVPN faq.
-
That is how OpenVPN works in tun mode. Every user gets an interconnect subnet.
x.x.x.y = Null route
x.x.x.y+1 = Server IP
x.x.x.y+2 = Client IP
x.x.x.y+3 = BroadcastIt's covered in the OpenVPN faq.
Hmm, I didn't see it explained like that in the FAQ but your answer makes perfect sense. Thanks!
-
coughcoughcough
:-) -