Reply To: Fixed IP´s for OpenVPN-Clients

Home Page Forums Network Management VPN Fixed IP´s for OpenVPN-Clients Reply To: Fixed IP´s for OpenVPN-Clients

#53000

redfive
Participant

My functioning config. has been done as follows, I create the dir. ccd in /Database/etc ,

mkdir /Database/etc/ccd

then for each user has been created a file , eg. foo

vi  /Database/etc/ccd/foo

that contains

ifconfig-push 192.168.250.10 255.255.255.224

Int this sample, foo is the username , if you use only x509, specify the CN of the client certificate. In command line parameters

--client-config-dir /Database/etc/ccd

you could also add

--ccd-exclusive --remote-cert-eku 'TLS Web Client Authentication'

the first parameter tells to the server accept connections only from clients for which has been created a configuration file in the ccd directory , while the second one accepts connections only clients with certificate with TLS Web Client Authentication as extended key usage , in the client config (the file on the client) also add

remote-cert-eku 'TLS Web Server Authentication'

to avoid the “MITM” warning
greetings