Project

General

Profile

Feature #3474

Openvpn client-specific-overrides ip conflicts

Added by Simon Barrett about 3 years ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
Start date:
02/19/2014
Due date:
% Done:

0%


Description

Hi,

Would it be possible to replace the --server option in the openvpn server conf with the explicit declarations for each component, then implement ifconfig-pool as a configurable option on the menu? If ifconfig-pool could be declared as a subset of the available range, client-specific IP addresses could be assigned from outside that range and there would be clarity regarding per-client policy.

Currently, if I assign a specific IP address in the client specific overrides menu, I can set the necessary rules for that IP, but there is no mechanism to prevent another CN from being assigned that IP and being subject to those rules.

In short, it would be very useful to us to have the following situation:

10.x.x.0/25 -> general users
10.x.x.128/26 -> admins (IP assigned by CN)
10.x.x.192/26 -> contractors/trusted partners (IP assigned by CN).

With thanks,

Simon

vpn_openvpn_server.php.patch Magnifier - Modify OpenVPN Form to add address pool (1.89 KB) Aurélien BONANNI, 02/15/2017 04:34 AM

History

#1 Updated by Aurélien BONANNI about 1 month ago

If we declare ifconfig-pool in custom options, the server doesn't work because of the "server" directive.

We would like this function be integrated.

You could find as an attachement the patch that update the form. Then we have to modify openvpn configuration files.

Also available in: Atom PDF