Arkadiusz Patyk <a...@areq.eu.org> said:

> Hi
> 
> ifconfig-pool is fine, but I would need an option for IP
> reservation for users.
> The reservation could be realized on thebase of x509name
> 
> for example:
> 
> fixed-address 10.8.0.46
/C=PL/ST=NA/O=Dot.net/CN=Maciej.Nowak/emailAddress=m.no...@firma.com
> fixed-address 10.8.0.50
/C=PL/ST=NA/O=Dot.net/CN=Zenon.Ptak/emailAddress=z.p...@firma.com
> 
> which would guarantee that user X always gets address Y
> as option fixed-address in dhcpd
> 
> The possibility of IP reservation will simplify firewall configuration -
> espesially if it is installed on other machine than openvpn server.

Yes, I agree that this feature is necessary.  But I'm concerned that making
options that take an x509 name as a parameter (as you propose with
'fixed-address' above) might not be general enough.  I think that people are
going to want the ability to arbitrarily customize the options which are
pushed back to the client based on the client's x509 name.

What if it were done by scripting?

A script would be called with the x509 name, and the script could then
generate options which would either be executed locally or pushed to the client.

This would offer more general, programmatic control over customizing the
tunnel based on the x509 name.

James


Reply via email to