Home Page › Forums › Network Management › VPN › Fixed IP´s for OpenVPN-Clients › Reply To: Fixed IP´s for OpenVPN-Clients
My functioning config. has been done as follows, I create the dir. ccd in /Database/etc ,
mkdir /Database/etc/ccd
then for each user has been created a file , eg. foo
vi /Database/etc/ccd/foo
that contains
ifconfig-push 192.168.250.10 255.255.255.224
Int this sample, foo is the username , if you use only x509, specify the CN of the client certificate. In command line parameters
--client-config-dir /Database/etc/ccd
you could also add
--ccd-exclusive --remote-cert-eku 'TLS Web Client Authentication'
the first parameter tells to the server accept connections only from clients for which has been created a configuration file in the ccd directory , while the second one accepts connections only clients with certificate with TLS Web Client Authentication as extended key usage , in the client config (the file on the client) also add
remote-cert-eku 'TLS Web Server Authentication'
to avoid the “MITM” warning
greetings