E
E
Egor Medko2017-07-03 12:58:05
System administration
Egor Medko, 2017-07-03 12:58:05

How to give a static ip to a client connected via openvpn using docker?

Есть сервер. Есть клиент, который подключается к серверу через openvpn. Нужно сделать так чтобы клиенту присваивался статический локальный ip. Т.е. занять один ip, чтоб он был зарезервирован и другим клиентам присваивались другие. Всё это нужно сделать через docker.
Проблема в том что я пока слабо представляю как это сделать, да ещё и с docker разобраться не могу, как именно эти изменения передавать в контейнер. Нужно ли ставить openvpn в контейнер, ведь он уже настроен на сервере? Или можно как-то передать установленный openvpn вместе с конфигами в docker? Может проще вообще скачать образ где уже настроен openvpn? И вообще в правильном ли я направлении двигаюсь?
Помогите понять куда хоть копать, с чего начинать чтоб разобраться.
Заранее благодарен.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
M
Max Medar, 2017-07-03
@mag62442

В конфиге сервера указать:
Persist/unpersist ifconfig-pool data to file, at seconds intervals (default=600), as well as on program startup and shutdown.
The goal of this option is to provide a long-term association between clients (denoted by their common name) and the virtual IP address assigned to them from the ifconfig-pool. Maintaining a long-term association is good for clients because it allows them to effectively use the --persist-tun option.
file is a comma-delimited ASCII file, formatted as ,.
If seconds = 0, file will be treated as read-only. This is useful if you would like to treat file as a configuration file.
Note that the entries in this file are treated by OpenVPN as suggestions only, based on past associations between a common name and IP address. They do not guarantee that the given common name will always receive the given IP address. If you want guaranteed assignment, use --ifconfig-push
Или руками задавай для каждого клиента:
Push virtual IP endpoints for client tunnel, overriding the --ifconfig-pool dynamic allocation.
The parameters local and remote-netmask are set according to the --ifconfig directive which you want to execute on the client machine to configure the remote end of the tunnel. Note that the parameters local and remote-netmask are from the perspective of the client, not the server. They may be DNS names rather than IP addresses, in which case they will be resolved on the server at the time of client connection.
This option must be associated with a specific client instance, which means that it must be specified either in a client instance config file using --client-config-dir or dynamically generated using a --client-connect script.
Remember also to include a --route directive in the main OpenVPN config file which encloses local, so that the kernel will know to route it to the server's TUN/TAP interface.
OpenVPN's internal client IP address selection algorithm works as follows:
1 -- Use --client-connect script generated file for static IP (first choice).
2 -- Use --client-config-dir file for static IP (next choice).
3 -- Use --ifconfig-pool allocation for dynamic IP (last choice).
https://openvpn.net/index.php/open-source/document...

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question