N
N
Nikita Melikhov2016-04-19 09:46:25
openvpn
Nikita Melikhov, 2016-04-19 09:46:25

IP address binding in Openvpn flies, how to fix it?

Hello! Comrade asks for help, I did not understand anything.
OpenVPN server config, running under Windows Server 2012R2.

# Поднимаем L3-туннель
local 192.168.0.215
dev tun
# Протокол
proto udp
client-to-client
# Порт который слушает впн
port 1194
# Ключи и сертификаты
ca ca.crt
cert server.crt
key server.key 
dh dh1024.pem
# Грубо говоря экономим адреса
topology subnet
# Пул адресов
ifconfig-pool-persist ipp.txt
server 10.8.0.0 255.255.255.0
# Метод шифрования
cipher AES-128-CBC
# Сжатие
comp-lzo
# Немного улучшит пинг
mssfix
# Время жизни клиентов, если не откликнулся — отключает
keepalive 10 120
# Уровень отладки
verb 3

The ipp.txt file is something like this, there are 15 more branches
novohopersk,10.8.0.14
kamenka,10.8.0.15
ertil,10.8.0.16

The problem is that after some time, the same branches are duplicated in this file in a random place (!!!), but with different IP addresses, while the old ones are not deleted (!!!). As a result, the entire exchange through web services breaks down, because the addresses of branches are registered in the main coordinator.
Client config:
client
dev tun
proto udp
# Адрес и порт сервера
remote ХХХХХХХХХХХХХХ
# Ключи должны лежать в папке с конфигом
ca keys/ca.crt
cert keys/rossosh.crt
key keys/rossosh.key
cipher AES-128-CBC
nobind
comp-lzo
persist-key
persist-tun
verb 3

What could be the reason?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
AlexeySetevoi, 2016-05-03
@Sl1mShady

In my memory, ifconfig-pool-persist ipp.txt was originally conceived in order to distribute IP addresses from the pool similarly to dhcp without mandatory bindings, and after some timeout it considers the IP address to be free and can distribute it.
If it is statically assigned to you, it can be easier and better to make separate static settings for each client through ccd (client-config-dir) - they definitely do not change with the software?
Or if the pool is nice and dear to you - it has a third parameter - the number of seconds. Set it to 0 and openvpn won't update it.
However, in the manual, no one guarantees that openvpn must be guided by this file, it considers them as suggestions.
Note that the entries in this file are treated by OpenVPN as suggestions only, based on past associations between a common name and IP address. They do not guarantee that the given common name will always receive the given IP address. If you want guaranteed assignment, use --ifconfig-push

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question