Openvpn different subnet with dynamic ip using client-config-dir (cdd)

configurationdynamic-ipopenvpnsubnet

Good Morning,

I need some help for a specific configuration in a server. Let's say I have two kind of people that will connect to my VPN. Pepole from Group A and people from Group B. I need them to have a different subnet. The only difference between those two group are the common name of the certificate.

So let say I have two subnet
sub1: 10.0.1.0/24
sub2: 10.0.2.0/24

People from the group A have a certificat like A0000xxx
People from the group B have a certificat like B0000xxx

I want people from the group A to connect to sub1
and
people from the group B to connect to sub2

I thought about using the client-config-dir directive. On client connect, I will use a script to determine if they are from group A or B, and then I will create the good configuration.
My problem is that I don't know how to give them the right adresses. I do not want to give them a staic ip but instead I would like for them to use a dynamic IP.

Is it possible to tell them to look for an adresses in a subnet ?

Thanks

[Edit]

So I somehow manage to do it but I would like to have some opinion on it

So I created a connect.sh script that actually manage to do it but need to be configured, and I used the client-config-dir like this

if [ ! -f configDir/${common_name} ]; then
        if ! grep -q "${common_name}" ipp.txt; then
                regexCA="^CA.*";
                regexFRFDV="^FRFDV.*";
                regexFRPC="^FRPC.*";
                outSet=255
                if [[ ${common_name} =~ $regexCA  ]]; then
                        i=2;
                        while  grep -q "10.0.0.$i" ipp.txt  ;
                        do
                                if [ $i == $outSet ] ; then
                                        break ;
                                fi
                                ((i=$i+1));
                        done
                        if [ $i == $outSet ] ; then
                                exit 1;
                        fi
                        echo "10.0.0.$i, ${common_name}" >> ipp.txt;
                        echo "ifconfig-push 10.0.0.$i 255.255.255.0" > configDir/${common_name};
                        echo "ifconfig-push 10.0.0.$i 255.255.255.0" > $1
                else
                        i=2;
                        while  grep -q "10.0.1.$i" ipp.txt ;
                        do
                                if [ $i == $outSet ]
                                then
                                        break;
                                fi
                                ((i=$i+1));
                        done
                        if [ $i == $outSet ] ; then
                                exit 1;
                        fi
                        echo "10.0.1.$i, ${common_name}" >> ipp.txt;
                        echo "ifconfig-push 10.0.1.$i 255.255.255.0" > configDir/${common_name};
                        echo "ifconfig-push 10.0.1.$i 255.255.255.0" > $1
                fi
        fi
fi
exit 0;

Tell me what you think about it

Best Answer

It is not possible to create different server-side subnets in client-config-dir configuration.

I would implement this by running two OpenVPN instances on different ports and different network configuration.

Related Topic