I am a bit confused about how the ccd mechanism works... Say that I want to assign a limited number of clients with specific tunnel addresses, whereas the other connecting clients will use dhcp provided addresses. In the server.conf file I have this:
server 10.8.1.0 255.255.255.0 'nopool' ifconfig-pool 10.8.1.2 10.8.1.127 255.255.255.0 client-config-dir /etc/openvpn/ccd2 ifconfig-pool-persist ipp2.txt client-to-client Then in the dir /etc/openvpn/ccd2 I have a few files named as the CN (common name) of a few "server" clients, each of which will contain this (with a different last number in the IP address): ifconfig-push 10.8.1.130 255.255.255.0 My question now is how this works? Will the presence of a ccd file named as the CN of the connecting client mean that the main directive ifconfig-pool is *not* used if the ccd file contains an ifconfig-push directive? I assume that all clients not mentioned in the ccd directory will just get the next "free" IP from the defined pool between 2 and 127? I want to set up a system whereby a couple of TCP/IP servers can connect to this OpenVPN and get fixed known tunnel addresses. Then "normal" clients can also connect and get their addresses out of the pool. With this running the clients should be able to connect to the servers using their known addresses from the ccd file. Is this how it will work? I have read the server.conf example shipped with openvpn on Linux and this is what I see and really do not understand: # EXAMPLE: Suppose you want to give # Thelonious a fixed VPN IP address of 10.9.0.1. # First uncomment out these lines: ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 # Then add this line to ccd/Thelonious: # ifconfig-push 10.9.0.1 10.9.0.2 In the preceding paragraphs they are using a different address: # Configure server mode and supply a VPN subnet # for OpenVPN to draw client addresses from. # The server will take 10.8.0.1 for itself, # the rest will be made available to clients. # Each client will be able to reach the server # on 10.8.0.1. Comment this line out if you are # ethernet bridging. See the man page for more info. server 10.8.0.0 255.255.255.0 So how come the 10.9.0.x network get into play here? -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
