Reply To: Fixed IP´s for OpenVPN-Clients

Forums Network Management VPN Fixed IP´s for OpenVPN-Clients Reply To: Fixed IP´s for OpenVPN-Clients


My functioning config. has been done as follows, I create the dir. ccd in /Database/etc ,

mkdir /Database/etc/ccd

then for each user has been created a file , eg. foo

vi  /Database/etc/ccd/foo

that contains


Int this sample, foo is the username , if you use only x509, specify the CN of the client certificate. In command line parameters

--client-config-dir /Database/etc/ccd

you could also add

--ccd-exclusive --remote-cert-eku 'TLS Web Client Authentication'

the first parameter tells to the server accept connections only from clients for which has been created a configuration file in the ccd directory , while the second one accepts connections only clients with certificate with TLS Web Client Authentication as extended key usage , in the client config (the file on the client) also add

remote-cert-eku 'TLS Web Server Authentication'

to avoid the “MITM” warning