OpenVPN Set up static IPs for the clients

[SystemF]

Hi! Is there any way with Asus stock firmware to set up static IPs for the clients?

 

[Xentrk]

Look at the LAN-DHCP page. You will need to know the MAC addresses of the clients. On Windows devices, you can use the command "getmac" to find it. There will be a separate MAC address for ETH and WIFI network interfaces.

 

[SystemF]

Nope i don't see any MAC when i connect throw OpenVPN, must be something in Openvpn configuration, for example i set up 10.0.0.8/24 and when i connect from remote pc i want always to get lets say 10.0.0.10.

 

[Xentrk]

Nope i don't see any MAC when i connect throw OpenVPN, must be something in Openvpn configuration, for example i set up 10.0.0.8/24 and when i connect from remote pc i want always to get lets say 10.0.0.10.

Sorry, I misunderstood your question in the OP.

Do you want to set static IP for the VPN clients configured on your router?

 

[SystemF]

Yep , I do but unfortunately with ASUSwrt firmware not sure i can do this, and hoping someone that achieve this will help here!

 

[Xentrk]

This is something I have not looked into. What is your use case for doing this? Perhaps there is a method to achieve your objective.

With my VPVN provider, they assign the virtual IP address based on the Port & Protocol selected for the VPN Client. Example below:

Port    Protocol    Subnet    DNS
443    UDP    10.9.x.x    10.9.0.1
            
443    TCP    10.8.x.x    10.8.0.1
            
80    UDP    10.22.x.x    10.22.0.1
            
80    TCP    10.21.x.x    10.21.0.1

For example, if I choose 443 and UDP, they will assign a virtual IP 10.9.x.x (e.g. 10.9.0.5) to my OpenVPN Client.

 

[RMerlin]

I think it's possible by enabling the client specific options, and having a dedicated client certificate - you can then associate the certificate's CN with a static IP. But I never really looked at how the Client Specific options worked.

 

[SystemF]

Thank you guys, for the advises, Merlin I will try this, but imho - client specific options is to set only selected users with IP and subnet mask allow to connect to the vpn server. But will tested today!
Cheers!

 

[Martineau]

Hi! Is there any way with Asus stock firmware to set up static IPs for the clients?

Not sure if stock firmware will honour the use of a valid OpenVPN 'client connect' script as allowed by the standard OpenVPN directive (see OpenVPN 2.x manual)

--client-connect cmd

Run command cmd on client connection.

cmd consists of a path to script (or executable program), optionally followed by arguments. The path and arguments may be single- or double-quoted and/or escaped using a backslash, and should be separated by one or more spaces.

The command is passed the common name and IP address of the just-authenticated client as environmental variables (see environmental variable section below). The command is also passed the pathname of a freshly created temporary file as the last argument (after any arguments specified in cmd ), to be used by the command to pass dynamically generated config file directives back to OpenVPN.

If the script wants to generate a dynamic config file to be applied on the server when the client connects, it should write it to the file named by the last argument.

See the --client-config-dir option below for options which can be legally used in a dynamically generated config file.

Note that the return value of script is significant. If script returns a non-zero error status, it will cause the client to be disconnected.

How to set a static IP to OpenVPN TUN clients

 

[SystemF]

After years still not give up! This is configuration from router. I have 1 certificate for all clients. All share one common. I was able to login throw ssh (using putty) (there are 4 directories.:
ovpn-down ovpn-up server1 vpnserver1)
What we need is "server1", contains thees files: (
ca.crt client.ovpn config.ovpn fw.sh server.key
ca.key client_status dh.pem server.crt static.key.
Then command

cat

or

less

config.ovpn
# Tunnel options
proto udp4
multihome
port 48739
dev tun21
sndbuf 0
rcvbuf 0
keepalive 10 30
up '/etc/openvpn/ovpn-up'
down '/etc/openvpn/ovpn-down'
setenv ovpn_type 0
setenv unit 1
script-security 2
daemon vpnserver1
verb 3
status-version 2
status status 10
compress lzo
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn

# Server Mode
server 10.83.79.0 255.255.255.0
duplicate-cn
push "route 192.168.173.0 255.255.255.0 vpn_gateway 500"

# Data Channel Encryption Options
auth SHA224
cipher AES-192-CBC

# TLS Mode Options
ca ca.crt
dh dh.pem
cert server.crt
key server.key
tls-auth static.key 0

# Custom Configuration
username-as-common-name

I was able to add command in custom configuration tab

username-as-common-name

Then tried a lot of commands to set static ip 10.83.79.99 on user: test1 (server side) nothing touched in client configuration file
I have tried:

username-as-common-name
echo "ifconfig-push 10.83.79.50 255.255.255.0" > path to the ccd