OpenVPN not assigning fixed IP

openvpn

I am configuring an OpenVPN server on my VPS and I'm trying to assign fixed IP to clients (to be able to apply firewall rules later on).

Here is my /etc/openvpn/server.conf

#Serveur UDP/443
mode server
proto udp
port 443
dev tun

#Cles et certificats
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 1
key-direction 0
cipher AES-256-CBC

#Reseau
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
client-config-dir ccd
keepalive 10 120

#Securite
user nobody
group nogroup
chroot /etc/openvpn/jail
persist-key
persist-tun
comp-lzo

#Log
verb 3
mute 20
status openvpn-status.log
log-append /var/log/openvpn.log

Then, in my /etc/openvpn/ccd/userRaph I've put :

ifconfig-push 10.8.0.50 10.8.0.49

I also created a link with the directory from where the server will run :

ln -s /etc/openvpn/ccd /etc/openvpn/jail/ccd

And my /etc/openvpn/clientconf/userRaph/client.conf :

# Client
client
dev tun
proto udp
remote ***.***.***.*** 443 #Hidden for confidentiality
resolv-retry infinite
cipher AES-256-CBC

# Cles
ca ca.crt
cert userRaph.crt
key userRaph.key
tls-auth ta.key 1
key-direction 1

# Securite
nobind
persist-key
persist-tun
comp-lzo
verb 3

The problem is that every time I log on my Windows PC to the VPN with these configs, it assigns the IP 10.8.0.6, and not 10.8.0.50 like supposed to.
I also checked the fact that the IP must be in /30 range (it is the case for 10.8.0.50 with 10.8.0.49) like explained here : https://openvpn.net/index.php/open-source/documentation/howto.html#policy

I also tried a chmod -R 777 /etc/openvpn/ccd /etc/openvpn/jail/ccd, no more success.

Read all on this thread as well with the same issue, but I don't see what I do differently : https://forums.openvpn.net/topic7896.html

I don't know what else to do …

EDIT : in my client logs (while connecting), I see this relevant line :

Thu Jul 24 11:16:40 2014 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'

Which confirms the fact the the ccd option isn't taken into account, still don't have any idea about how to solve this though

EDIT2 : in my server logs I see this (masked IP address for confidentiality):

Thu Jul 24 09:16:38 2014 ***.***.***.***:50807 [userRaph] Peer Connection Initiated with [AF_INET]***.***.***.***:50807
Thu Jul 24 09:16:38 2014 userRaph/***.***.***.***:50807 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=1a00::78c0:9a58:c57f:0
Thu Jul 24 09:16:38 2014 userRaph/***.***.***.***:50807 MULTI: Learn: 10.8.0.6 -> userRaph/***.***.***.***:50807
Thu Jul 24 09:16:38 2014 userRaph/***.***.***.***:50807 MULTI: primary virtual IP for userRaph/***.***.***.***:50807: 10.8.0.6

I don't know what causes that (gonna look into this "MULTI_sva" stuff)

Best Answer

After asking on the OpenVPN forums, someone figured it out for me :

It was my link of the folder openvpn/jail/ccd pointing to openvpn/ccd that wasn't working as intended. After replacing the linked folder by a normal folder (a simple copy of openvpn/ccd to openvpn/jail/ccd), it worked.

Related Topic