How can I ensure openVPN clients persistently take the same VPN IP address?
I have added client-config-dir ccd
to openvpn.conf
and created files in /etc/openvpn/ccd/ with the names of the clients eg. "/etc/openvpn/ccd/CLIENTNAME" simply contains 192.168.255.20 but this IP address is not assigned to a client connecting with CLIENTNAME.ovpn
For context, the point of the VPN is to allow several remote clients to access each other from arbitrary locations, but they should use the default local routing for everything else: www PoE cameras etc. OpenVPN Server is running inside a docker using https://github.com/kylemanna/docker-openvpn
So client certificate/ovpns were generated with: docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn
client is OpenVPN 2.4.7 on Ubuntu 16.04
my local .ovpn config
client
nobind
dev tun
remote-cert-tls server
remote XXX.XXX.XXX.XXX 1194 udp
# only route the subnet
route-nopull
route 192.168.255.0 255.255.255.0
# various certificates / keys
My server openvpn.conf
# client specific configurations
client-config-dir ccd
# allow clients to reach other
client-to-client
server 192.168.255.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/XXX.XXX.XXX.XXX.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/XXX.XXX.XXX.XXX.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun
proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /tmp/openvpn-status.log
user nobody
group nogroup
comp-lzo no
### Route Configurations Below
route 192.168.254.0 255.255.255.0
### Push Configurations Below
push "block-outside-dns"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "comp-lzo no"