2017-04-04 15:34 GMT+05:00 David Sommerseth <
open...@sf.lists.topphemmelig.net>:
> On 04/04/17 11:50, Илья Шипицин wrote:
> > hello,
> >
> > you did not use "topology", so, I guess "net30" is used by default.
> > if so, you spent 4 addresses per connection.
>
> Yes --topology net30 is the default. Unfortunately, we cannot easily
> change that without breaking many setups.
>
unfortunately, there's a caveat, people use default setting and they get
only 25% of expected pool size.
maybe we should mark "net30" as deprecated and give a warning.
>
> > if you are not using too old clients (I guess, released 10 years ago),
> > you can switch to "topology subnet"
>
> Any OpenVPN version as of 2.1 and newer supports --topology subnet. And
> if you are using anything older than v2.3, you should upgrade ASAP
> regardless.
>
>
> --
> kind regards,
>
> David Sommerseth
>
>
> > 2017-04-04 14:39 GMT+05:00 <saato...@keemail.me
> > <mailto:saato...@keemail.me>>:
> >
> > I'm performing a number of tests with OpenVPN, where amongst other
> > things, I connect and disconnect with the same client certificate
> > and slightly different client config settings over and over (>75
> > times, withing a short time).
> >
> > I realised that I exhaust my servers IP pool pretty quickly. Even
> > waiting for >10 minutes before exhausting the IP pool doesn't seem
> > to help.
> >
> > The goal is to find a way to prevent this from the client side. I do
> > not want to amend the server configuration if possible.
> >
> > The server configuration is pretty simple:
> > port 443
> >
> > proto udp
> >
> > dev tun
> >
> > server 172.16.0.0 255.255.255.0
> >
> > ca /etc/openvpn/server/ca.crt
> >
> > cert /etc/openvpn/server/stretch-server.crt
> >
> > key /etc/openvpn/server/stretch-server.key
> >
> > dh /etc/openvpn/server/dh4096.pem
> >
> > tls-crypt /etc/openvpn/server/static.key
> >
> > tls-version-min 1.2
> >
> > tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
> >
> > cipher AES-256-CBC
> >
> > auth SHA512
> >
> > verb 3
> >
> > log-append /etc/openvpn/server/log/stretch-server.log
> >
> > comp-lzo
> >
> > duplicate-cn
> >
> > ncp-disable
> >
> >
> > ------
> >
> > For every new connection to the VPN the client makes, the server
> > hands out a new IP address. Is there some way to re-use IP addresses
> > on the client?
> >
> > I know that it would be possible to reserve an IP for the client on
> > the server, but that would make it highly static.
> >
> >
> >
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
