It's better to post the router model and firmware you're running on it for which you're asking the questions. This is because settings change in time, some move the position or page they are on, some are added and/or some are removed from the webui.
Hello Community,
I appreciate your understanding as I am using a translator to ask questions, and if there is any rudeness in my tone, please understand.
I am not an English speaker so I am understanding this through a translator. [...]
That's fine, keep at it and you'll definitely learn to use it without a translator in time.
[...]
Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng
github.com
Looking at the document above, it configures persist and then suddenly configures ccd.
From what I understand, to apply ccd, it needs to be specified like `client-config-dir /etc/openvpn/ccd` but there is no explanation in the document.[...]
Openvpn server allows you to set the client config directory in it's config file, that's what the
client-config-dir /etc/openvpn/ccd line is. In this line, the path for the directory is given in full, starting from
/.
In asuswrt-merlin firmware, if you don't specify it in the webui in the Custom Configuration section of the openvpn server, it will automatically set itself to
client-config-dir ccd, which is a relative path from where the openvpn server runs.
Since in asuswrt-merlin firmware you can configure two servers, their paths are
/etc/openvpn/server1/ and
/etc/openvpn/server2/, which would make the ccd full paths
/etc/openvpn/server1/ccd and
/etc/openvpn/server2/ccd, respectively.
Now you see why there isn't a mention of
client-config-dir /etc/openvpn/ccd in that document, because it's relative to the openvpn server you are using in asuswrt-merlin firmware.
[...]From what I understand, you can assign a static ip with either persist or ccd.[...]
No, you need
ifconfig-push option from ccd, but may want
ifconfig-pool-persist option as well, keep reading for finding the reasons why.
[...]Persist simply issues a fixed IP, and ccd is used when more detailed control is needed.[...]
The main function of
ifconfig-pool-persist option is to make reservations for ip addresses for the openvpn clients, so that the server won't assign them to another client first.
Exerpt for the
ifconfig-pool-persist option from the
Reference manual for OpenVPN 2.6 page:
| --ifconfig-pool-persist args | |
| Persist/unpersist ifconfig-pool data to file, at seconds intervals (default 600), as well as on program startup and shutdown.
Valid syntax:
ifconfig-pool-persist file [seconds]
The goal of this option is to provide a long-term association between clients (denoted by their common name) and the virtual IP address assigned to them from the ifconfig-pool. Maintaining a long-term association is good for clients because it allows them to effectively use the --persist-tun option.
file is a comma-delimited ASCII file, formatted as <Common-Name>,<IP-address>.
If seconds = 0, file will be treated as read-only. This is useful if you would like to treat file as a configuration file.
Note that the entries in this file are treated by OpenVPN as suggestions only, based on past associations between a common name and IP address. They do not guarantee that the given common name will always receive the given IP address. If you want guaranteed assignment, use --ifconfig-push |
After reading the above table it's clear that
ifconfig-push option is the one that assigns the ip address to a client, and each client has a different one, hence using a file with this line for each client in the configured ccd directory.
[...]However, there seems to be a bit of a lack in the explanation of ccd, is it a problem with the document?[...]
For the full explanation for any option you can read the openvpn manual. The merlin wiki is for the specific implementation in the asuswrt-merlin firmware.
More information for ccd in asuswrt-merlin in the wiki
Custom config files page, Replacing or appending content to config files section, last two paragraphs:
Code:
Also, you can put your own OpenVPN ccd files in the following directories:
/jffs/configs/openvpn/ccd1/
/jffs/configs/openvpn/ccd2/
The content of these will be copied to their respective server instance's ccd directory when the server is started.
So you see, even though the
client-config-dir option is not used, and thus the client configuration directories are being automatically assigned to
/etc/openvpn/server1/ccd and
/etc/openvpn/server2/ccd, there are also the
/jffs/configs/openvpn/ccd1/ and
/jffs/configs/openvpn/ccd2/ directories you need to use in asuswrt-merlin for persistency reasons.
Rebooting the router will delete everything in
/etc, but
/jffs will still have its contents, this is the reason for using it as the place to store the ccd files.
Or am I not understanding the flow of the document because I am not an English speaker?
It may contribute to this fact, but information is divided in the wiki.
This page, Static ip for OpenVPN clients, is a "do the following" for this to work, it does not contain explanaitions for why you need to do them.
I hope you now have a better understanding of what you need to do and why you need to do it for having openvpn client static ip assigned in asuswrt-merlin firmware.
