If you want to tie a client to a particular VPN ip address, create a file in:
/etc/openvpn/ccd/clientnamewhere "clientname" is the Common Name from the certificate your client uses.
In this file put:
ifconfig-push 192.168.1.8 192.168.1.5
This will tie the "clientname" box to 192.168.1.8. There appears to be a lot of confusion on the web and in forums as to what should be in the second parameter. The doco states it is the remote-netmask. In this case "192.168.1.5" is the local end of the point-to-point link, which works. If the doco is right "255.255.255.0" might be more correct. As an aside, the address allocation is in successive /30 subnets (so last octet is 1,2,5,6,9) to be compatible with Windows.
If you also want all traffic from the client to exit via the VPN (ie. have the VPN as the default route) add this special sauce after the ifconfig-push line:
push "redirect-gateway def1 bypass-dhcp"This tells openvpn that you want to use the VPN as the default gateway but still use local DHCP.
No comments:
Post a Comment