Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

nopool option OpenVPN Server

Discussion in 'Asuswrt-Merlin' started by Kevin K, Mar 20, 2017.

  1. Kevin K

    Kevin K Occasional Visitor

    Joined:
    Dec 23, 2016
    Messages:
    19
    In a 2008 change log, I see
    Now, for example, we can configure thusly:

    server 10.8.0.0 255.255.255.0 nopool
    ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0​

    Is there a way to get "nopool" added to the server directive via the GUI, or do I have to stop using the GUI to go here?

    I need to reduce the address pool handed out by OpenVPN, so that I can use a few for static-ip users on the VPN.
     
  2. Martineau

    Martineau Very Senior Member

    Joined:
    Jul 8, 2012
    Messages:
    1,013
    Location:
    UK
    Did you not see this on the VPN Server configuration GUI? :rolleyes:

    upload_2017-3-21_11-28-45.png
     
  3. Kevin K

    Kevin K Occasional Visitor

    Joined:
    Dec 23, 2016
    Messages:
    19
    @Martineau - Thank you for your reply. I can't tell whether you are calling my attention to the "Manage Client Specific Options" or to the "Custom Configuration" field, or both -- I'll assume both.

    Whether I set "Manage Client-Specific Options" to Yes or No, config.ovpn contains "server 10.8.0.0 255.255.255.0". If I later add my own "server 10.8.0.0 255.255.255.0 nopool", which one wins?
     
  4. Martineau

    Martineau Very Senior Member

    Joined:
    Jul 8, 2012
    Messages:
    1,013
    Location:
    UK
    Hmm.....<sigh> perhaps examining the appropriate resulting generated config? :rolleyes:

    e.g. for Server 1
    Code:
    /etc/openvpn/server1/config.ovpn
     
  5. Kevin K

    Kevin K Occasional Visitor

    Joined:
    Dec 23, 2016
    Messages:
    19
    Of course. That's how I knew it had both
    "server 10.8.0.0 255.255.255.0" and "server 10.8.0.0 255.255.255.0 nopool".

    What config.ovpn doesn't clarify is which one is defined to "win" when OpenVPN loads them. Empirically, today, with the version included with Merlin 308.65_2, it appears to choose the latter and not the former. Without a clear definition as to which one wins when there are conflicting directives, behavior could change with a later release (or even be affected when I change some other option).

    Of course, if I were in an enterprise environment, I would thoroughly QA each release in a lab before migrating to it. OTOH, if I were in an enterprise environment, I'd hardly be running with a consume-grade router. ;-)
     
  6. Martineau

    Martineau Very Senior Member

    Joined:
    Jul 8, 2012
    Messages:
    1,013
    Location:
    UK
    Well clearly that is something you should take up with the OpenVPN developers - this is a router firmware support forum, not an OpenVPN support forum!;)

    Actually, working for the world's 2nd largest IT company, you'd be surprised what the bean-counters force us to use internally :eek:

    Anyway, to ensure there is no ambiguity in the processing of the VPN config directives...

    RTFM! :p

    https://github.com/RMerl/asuswrt-merlin/wiki/Custom-config-files

    Hint: You will need to create the script /jffs/scripts/openvpnserver1.postconf.
     
    Last edited: Mar 21, 2017
  7. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    4,226
    Location:
    United States
    Second hint: There is now also a pc_delete directive that hadn't been documented yet in the wiki. (I just added it :) )
     
  8. Martineau

    Martineau Very Senior Member

    Joined:
    Jul 8, 2012
    Messages:
    1,013
    Location:
    UK
    OK thanks...although I personally choose to hand-craft the 'sed' statements rather than use the 'helper' functions.
    Can't remember why? - vaguely recall I was trying to use 'regexp' such as '^start of line.*$' to get rid of a particular line and it failed to work. :confused:

    P.S. Fixed my typo '/jffs/scripts/openserver1.postconf' should read '/jffs/scripts/openvpnserver1.postconf'

    P.P.S. Perhaps the wiki should be updated now while it's on your mind!? ;)
     
  9. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    4,226
    Location:
    United States
    That's what I meant....wiki has been updated.....the pc_delete function had been added a while ago
     

Share This Page