On 11/27/19 11:28 AM, Joe Patterson wrote: > Pretty sure there isn't a size limitation, however if you're going to > roll your own address management, you probably don't want to use the > "server" directive. Look in the documentation, "server" is a shortcut > to a whole big chunk of other commands, only some of which you > actually want. You want "mode server" and "tls-server", and > "ifconfig" and "route", but you don't want the "ifconfig-pool", > because you're going to be doing that on your own.
Oh, I know--thanks for raising that point, though. Actually, an interesting note on that point is that it _is possible_ to use ifconfig-pool while simultaneously generating ifconfig-push directives from a client-connect script: a generated ifconfig-push directive overrides whatever ifconfig-pool would have done for that client (and the address that would have been allocated in the pool then remains unallocated); and any clients that don't get an ifconfig-push directive injected by the client-connect script fall back to getting their addresses determined by ifconfig-pool. This is what I ended up doing: I allocated a large set of addresses at the high end of a subnet to be managed by my client-connect script, and then left the lower end of the subnet to be managed by ifconfig-pool, e.g. the the client-connect script manages the top 30k addresses of a /17, and ifconfig-pool manages the lower 2k addresses. So I'm doing _most_ of the address-management myself.... In my case this is because I can trivially derive IP addresses for _most_ clients from the serial numbers in their certificates (not the x.509 certificate serial numbers, more like client-device serial numbers...), but I have a few clients that currently defy categorization or analysis beyond being put into a "misc." bucket, so it's easier to just let OpenVPN manage the allocation of addresses for those items (at least for the time being). _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
