On 27/05/21 12:33, Bo Berglund wrote:
I am a bit confused about how the ccd mechanism works...
Say that I want to assign a limited number of clients with specific tunnel
addresses, whereas the other connecting clients will use dhcp provided
addresses.
In the server.conf file I have this:
server 10.8.1.0 255.255.255.0 'nopool'
ifconfig-pool 10.8.1.2 10.8.1.127 255.255.255.0
client-config-dir /etc/openvpn/ccd2
ifconfig-pool-persist ipp2.txt
client-to-client
Then in the dir /etc/openvpn/ccd2 I have a few files named as the CN (common
name) of a few "server" clients, each of which will contain this (with a
different last number in the IP address):
ifconfig-push 10.8.1.130 255.255.255.0
My question now is how this works?
Will the presence of a ccd file named as the CN of the connecting client mean
that the main directive ifconfig-pool is *not* used if the ccd file contains an
ifconfig-push directive?
the settings from the ccd file overwrite the settings from the main file
I assume that all clients not mentioned in the ccd directory will just get the
next "free" IP from the defined pool between 2 and 127?
Correct, unless you had used
--ccd-exclusive
which means that clients without a CCD file simply are not allowed to
connect.
Also, you can a "default" CCD file named DEFAULT (capitals, no extensions)
I want to set up a system whereby a couple of TCP/IP servers can connect to this
OpenVPN and get fixed known tunnel addresses. Then "normal" clients can also
connect and get their addresses out of the pool.
With this running the clients should be able to connect to the servers using
their known addresses from the ccd file.
Is this how it will work?
Yup, this is definitely doable but you need to ensure that routing is
done correctly to and from the CCD-based clients.
HTH,
JJK
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
