What's new

Assigning Static IP in OpenVPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

XIYO

Occasional Visitor
Hello Community,
I appreciate your understanding as I am using a translator to ask questions, and if there is any rudeness in my tone, please understand.

I am not an English speaker so I am understanding this through a translator.
However, I have a question.


Looking at the document above, it configures persist and then suddenly configures ccd.
From what I understand, to apply ccd, it needs to be specified like `client-config-dir /etc/openvpn/ccd` but there is no explanation in the document.

From what I understand, you can assign a static ip with either persist or ccd.
Persist simply issues a fixed IP, and ccd is used when more detailed control is needed.

However, there seems to be a bit of a lack in the explanation of ccd, is it a problem with the document?
Or am I not understanding the flow of the document because I am not an English speaker?
 
It's better to post the router model and firmware you're running on it for which you're asking the questions. This is because settings change in time, some move the position or page they are on, some are added and/or some are removed from the webui.
Hello Community,
I appreciate your understanding as I am using a translator to ask questions, and if there is any rudeness in my tone, please understand.

I am not an English speaker so I am understanding this through a translator. [...]
That's fine, keep at it and you'll definitely learn to use it without a translator in time.
[...]
Looking at the document above, it configures persist and then suddenly configures ccd.
From what I understand, to apply ccd, it needs to be specified like `client-config-dir /etc/openvpn/ccd` but there is no explanation in the document.[...]
Openvpn server allows you to set the client config directory in it's config file, that's what the client-config-dir /etc/openvpn/ccd line is. In this line, the path for the directory is given in full, starting from /.

In asuswrt-merlin firmware, if you don't specify it in the webui in the Custom Configuration section of the openvpn server, it will automatically set itself to client-config-dir ccd, which is a relative path from where the openvpn server runs.

Since in asuswrt-merlin firmware you can configure two servers, their paths are /etc/openvpn/server1/ and /etc/openvpn/server2/, which would make the ccd full paths /etc/openvpn/server1/ccd and /etc/openvpn/server2/ccd, respectively.

Now you see why there isn't a mention of client-config-dir /etc/openvpn/ccd in that document, because it's relative to the openvpn server you are using in asuswrt-merlin firmware.
[...]From what I understand, you can assign a static ip with either persist or ccd.[...]
No, you need ifconfig-push option from ccd, but may want ifconfig-pool-persist option as well, keep reading for finding the reasons why.
[...]Persist simply issues a fixed IP, and ccd is used when more detailed control is needed.[...]
The main function of ifconfig-pool-persist option is to make reservations for ip addresses for the openvpn clients, so that the server won't assign them to another client first.
Exerpt for the ifconfig-pool-persist option from the Reference manual for OpenVPN 2.6 page:

--ifconfig-pool-persist args
Persist/unpersist ifconfig-pool data to file, at seconds intervals (default 600), as well as on program startup and shutdown.
Valid syntax:
ifconfig-pool-persist file [seconds]

The goal of this option is to provide a long-term association between clients (denoted by their common name) and the virtual IP address assigned to them from the ifconfig-pool. Maintaining a long-term association is good for clients because it allows them to effectively use the --persist-tun option.

file is a comma-delimited ASCII file, formatted as <Common-Name>,<IP-address>.

If seconds = 0, file will be treated as read-only. This is useful if you would like to treat file as a configuration file.
Note that the entries in this file are treated by OpenVPN as suggestions only, based on past associations between a common name and IP address. They do not guarantee that the given common name will always receive the given IP address. If you want guaranteed assignment, use --ifconfig-push

After reading the above table it's clear that ifconfig-push option is the one that assigns the ip address to a client, and each client has a different one, hence using a file with this line for each client in the configured ccd directory.
[...]However, there seems to be a bit of a lack in the explanation of ccd, is it a problem with the document?[...]
For the full explanation for any option you can read the openvpn manual. The merlin wiki is for the specific implementation in the asuswrt-merlin firmware.
More information for ccd in asuswrt-merlin in the wiki Custom config files page, Replacing or appending content to config files section, last two paragraphs:
Code:
Also, you can put your own OpenVPN ccd files in the following directories:

  /jffs/configs/openvpn/ccd1/
  /jffs/configs/openvpn/ccd2/

The content of these will be copied to their respective server instance's ccd directory when the server is started.

So you see, even though the client-config-dir option is not used, and thus the client configuration directories are being automatically assigned to /etc/openvpn/server1/ccd and /etc/openvpn/server2/ccd, there are also the /jffs/configs/openvpn/ccd1/ and /jffs/configs/openvpn/ccd2/ directories you need to use in asuswrt-merlin for persistency reasons.
Rebooting the router will delete everything in /etc, but /jffs will still have its contents, this is the reason for using it as the place to store the ccd files.
Or am I not understanding the flow of the document because I am not an English speaker?
It may contribute to this fact, but information is divided in the wiki.
This page, Static ip for OpenVPN clients, is a "do the following" for this to work, it does not contain explanaitions for why you need to do them.

I hope you now have a better understanding of what you need to do and why you need to do it for having openvpn client static ip assigned in asuswrt-merlin firmware.
 
I didn't expect such a professional answer like this,
the detailed explanation was very helpful in understanding.

Thank you very much.
Have a happy day!
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top