Arkadiusz Patyk <a...@areq.eu.org> said: > Hi > > ifconfig-pool is fine, but I would need an option for IP > reservation for users. > The reservation could be realized on thebase of x509name > > for example: > > fixed-address 10.8.0.46 /C=PL/ST=NA/O=Dot.net/CN=Maciej.Nowak/emailAddress=m.no...@firma.com > fixed-address 10.8.0.50 /C=PL/ST=NA/O=Dot.net/CN=Zenon.Ptak/emailAddress=z.p...@firma.com > > which would guarantee that user X always gets address Y > as option fixed-address in dhcpd > > The possibility of IP reservation will simplify firewall configuration - > espesially if it is installed on other machine than openvpn server.
Yes, I agree that this feature is necessary. But I'm concerned that making options that take an x509 name as a parameter (as you propose with 'fixed-address' above) might not be general enough. I think that people are going to want the ability to arbitrarily customize the options which are pushed back to the client based on the client's x509 name. What if it were done by scripting? A script would be called with the x509 name, and the script could then generate options which would either be executed locally or pushed to the client. This would offer more general, programmatic control over customizing the tunnel based on the x509 name. James