Hi,
On 03/09/2023 20:50, Jason Long via Openvpn-users wrote:
I read those steps from an OpenVPN document. Can you tell me where
the problem is?
There is no problem.
It is simply not possible to "configure" OpenVPN to assign an IP address
based on the computer name or MAC.
As you have already done, you can assign an IP address based on the
certificate Common Name (CN) because it is presented during negotiation.
If you truly want to assign an IP address based on extra variables (like
MAC address, computer name, world clock, t-shirt color, etc..) you need
to implement this logic by yourself by using two mechanisms:
1) UV_* variables on the client side, where you put the value to send to
the server (i.e. MAC address)
2) --client-connect script on the server side, where you read the UV_*
variable and programmatically create your ifconfig-push directive for
that specific client.
Now, UV_* variables are not authenticated therefore *any* client could
simply send the value it wants: i.e. client A and B could send the same
MAC address and your logic would not work anymore.
The only authenticated pieces of information you have are those related
to your certificates, like the CN, and this is the main reason why you
should rely on those when trying to identifying clients in order to
assign special properties.
I hope this helps.
Cheers,
--
Antonio Quartulli
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
