Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How to assign Static IP for OpenVPN Client?

Posted on 2009-04-25
Medium Priority
Last Modified: 2012-05-06
I have Client both WinXP and Linux, and now it has dynamic IP from OpenVPN server
How to assign Static IP for them?
(I config with: dev tap0)

Thanks in advanced!
Question by:laptop1vn
  • 3
  • 2
LVL 72

Expert Comment

ID: 24235025
If you have used --ifconfig-pool-persist, the certificate determines the IP address (stored in the file as stated as argument of that option). If you use the same certificate, you get the same IP address.

Author Comment

ID: 24235210
But I use the same cert for all Client :(

Have u got solution, or I need create cert for each client?
LVL 72

Expert Comment

ID: 24235331
OpenVPN cannot identify the client uniquely if you use the same certificate for all clients, hence it cannot assign the same IP each time. Opposed to DHCP, OpenVPN does not consider MAC addresses, which would help in re-assigning IP addresses.

You have to create unique certificates, which you should in any case. Imagine you have to lock one of those clients for whatever reason ... With unique certificates, you can create a revocation list to invalidate certifcates.

Author Comment

ID: 24240379
Yes, but how Server allocate IP address with each certificate of client?
It's mean, what IP number to allocate?

Can I assign fix IP for TAP-NIC of client?

And I have other problem, some Client connect well and not be changed IP (VPN server use DHCP)
and some other client disconnect Each Some Minutes, so change IP each restart time!
Is it normal?
LVL 72

Accepted Solution

Qlemo earned 1600 total points
ID: 24243565
No, such an interruption is unusual. However, this could be a result of confusing IP addresses between users with the same certificate.

With unique certificates, the file as mentioned keeps the certificate owner / ip address pairs. You can edit that list, if you are keen on it, but it is much easier to let them connect once to get a new IP address, which is sticky from now on.


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question