Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've installed openvpn on Centos 7 server. My client can connect but I need use a static ip. I 've search many solutions on web but I've not fix the problem.
Beneath you can view my configuration files
Thanks a lot for any suggestions
server.conf
Quote:
proto udp
dev tun
ca /usr/share/easy-rsa/3.0.7/pki/ca.crt
cert /usr/share/easy-rsa/3.0.7/issued/server1.crt
key /usr/share/easy-rsa/3.0.7/pki/private/server1.key
You haven't included the "server" directive in your server config.
It probably isn't wise to use your PKI key for tls-auth as well. The documentation recommends generating the tls-auth key with openvpn itself, like this:
Code:
$ openvpn --genkey --secret ta.key
Try these tweaks to your configs: (I've commented out a few lines, because I don't think they're necessary. Additions in bold)
server.conf
Code:
port 1193 #you're using a non-standard port, so I think you have to specify it here
proto udp
dev tun
ca /usr/share/easy-rsa/3.0.7/pki/ca.crt
cert /usr/share/easy-rsa/3.0.7/issued/server1.crt
key /usr/share/easy-rsa/3.0.7/pki/private/server1.key
dh /usr/share/easy-rsa/3.0.7/pki/dh.pem
server 10.8.0.0 255.255.255.0
push "route 192.168.x.0 255.255.255.0" #use subnet to access at server end
comp-lzo #you need this at both ends if you want to use compression
ifconfig-pool-persist ipp.txt
#push "redirect-gateway def1 bypass-dhcp"
#push "dhcp-option DNS 8.8.8.8"
#push "dhcp-option DNS 8.8.4.4"
#topology subnet
#remote-cert-eku "TLS Web Client Authentication"
tls-auth /usr/share/easy-rsa/3.0.7/pki/private/server1.key 0 #copy the tls key to the clients
user nobody
group nobody
daemon #Use this and the 2 lines above if running on Linux
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 3
explicit-exit-notify 1
client.conf
Code:
client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1193
nobind
persist-key
persist-tun
ca ca.crt
cert client01.crt
key client01.key
remote-cert-tls server
tls-auth /path/to/tls-auth.key 1 #copy tls-auth key from server to client machine
cipher AES-256-CBC
#auth SHA512
#auth-nocache
#tls-version-min 1.2
#tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
resolv-retry infinite
comp-lzo
user nobody
group nobody #Again, only use this line and the one above if client is running on Linux
nobind
persist-key
persist-tun
mute-replay-warnings
verb 3
You can rename or move ipp.txt. It'll be automatically generated.
After configuring the overall OpenVPN client and server infrastructure, you can connect to a VPN. While the server gets normally always the same IP assigned, the client IP address is assigned dynamically from a pool of IP addresses. Meaning: there is no guarantee that the client always gets the same IP address.[<spamlinkg>. OpenVPN allows to assign a static IP to a client.
My clients are assigned static ips. It's possible:
On your openvpn server, you need to have /etc/openvpn/ccd populated with files named after your static hosts; here's an example file, /etc/openvpn/ccd/ns1:
Also in the /etc/openvpn/ccd directory is the ipp.txt file, which has one-line entries for each host, with hostname, a comma, and then static ip; so in my ipp.txt file, I have this line:
Code:
ns1,10.10.0.53
Be sure that these files are owned by same user that is running openvpn.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.