I am running an OpenVPN server, and I want to assign a specific client a static IP.
This is my server.conf. I think this configures the pool of virtual IPs to span from 10.5.24.209 to 10.5.24.223.
port 443
proto tcp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.5.24.208 255.255.255.240
#This netmask should span IPs .208-.223.
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 168.xx.xx.xx"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
client-to-client
client-config-dir ccd
This is the contents of /etc/openvpn/ccd/W7LocalVM
, where W7LocalVM is the Common Name of my client. I don't quite understand what this directive does, but I think the first IP should be the desired static IP of my client, and the second IP should be the IP of my server.
ifconfig-push 10.5.24.210 10.5.24.209
However, when I try to connect my client with this server configuration, I get the following error:
Mon Aug 07 14:07:34 2017 Set TAP-Windows TUN subnet mode network/local/netmask = 10.5.24.208/10.5.24.210/10.5.24.209 [SUCCEEDED]
Mon Aug 07 14:07:34 2017 MANAGEMENT: Client disconnected
Mon Aug 07 14:07:34 2017 ERROR: --ip-win32 dynamic [offset] : offset is outside of --ifconfig subnet
Mon Aug 07 14:07:34 2017 Exiting due to fatal error
I thought the IP 10.5.24.210 would be within the subnet defined on the server side, and I don't understand why I'm getting this error. Could anyone help me out on this?
Best Answer
This problem is created because openvpn is trying to parse your ifconfig options as an ip followed by an subnet mask.
According to the man page:
Inside you server code, you set your topology to
subnet
, and then push it to the client using theserver
statement.According to the above documentation, instead of pushing your ifconfig using "local", "remote" address, you need to add the following to "/etc/openvpn/ccd/W7LocalVM":
The last line is probably not needed, but is left as an example what ifconfig-push "should" do on the server side to make the connection work.