>Hi, >On 03/09/2023 20:50, Jason Long via Openvpn-users wrote: > I read those steps from an OpenVPN document. Can you tell me where > the problem is?
>There is no problem. >It is simply not possible to "configure" OpenVPN to assign an IP address >based on the computer name or MAC. >As you have already done, you can assign an IP address based on the >certificate Common Name (CN) because it is presented during negotiation. >If you truly want to assign an IP address based on extra variables (like >MAC address, computer name, world clock, t-shirt color, etc..) you need >to implement this logic by yourself by using two mechanisms: >1) UV_* variables on the client side, where you put the value to send to >the server (i.e. MAC address) >2) --client-connect script on the server side, where you read the UV_* >variable and programmatically create your ifconfig-push directive for >that specific client. >Now, UV_* variables are not authenticated therefore *any* client could >simply send the value it wants: i.e. client A and B could send the same >MAC address and your logic would not work anymore. >The only authenticated pieces of information you have are those related >to your certificates, like the CN, and this is the main reason why you >should rely on those when trying to identifying clients in order to >assign special properties. >I hope this helps. >Cheers, >-- >Antonio Quartulli Hello, Thank you so much for your great information. _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
