openvpn - ifconfig parameter

Question

What does ifconfig parameter in openvpn configuration file mean? Here is an example file:

dev tun0
proto udp
comp-lzo
port 5073
remote 172.16.23.73 5073
ifconfig 172.17.3.41 172.17.3.43

score 3 · Accepted Answer · answered Jan 28 '20 at 12:05

From OpenVPNs own documentation:

# 10.1.0.2 is our local VPN endpoint (home).
# 10.1.0.1 is our remote VPN endpoint (office).
ifconfig 10.1.0.2 10.1.0.1

In other words this is when you want your VPN clients to assign their own VPN IP address.

The client will in my example have the IP address 10.1.0.2 and the VPN gateway will have the IP address 10.1.0.1.

Found it on my Ubuntu server under /usr/share/doc/openvpn/examples/sample-config-files/static-home.conf

The alternative is using client-config-dir <path> in OpenVPN servers master file and let all clients connect to the server using a client certificate with unique CommonName in the certificate.

Lets say you have setup client-config-dir to point to the subdirectory ccd.

You can then create a file with a name matching the CommonName in each client certificate that contains the line ifconfig-push <IP address> <subnet mask>. Using my example above:

ifconfig-push 10.1.0.2 255.255.255.0

This assumes you have a line in the servers master config file that contains the line:

server 10.1.0.0 255.255.255.0

Thank you for explaining this! – umar14 Jan 28 '20 at 12:10 — umar14, Jan 28 '20 at 12:10

score 0 · Answer 2 · answered Jan 28 '20 at 11:05

0

It is to give the same VPN IP to the client. Read the Master config file. These details are already in the config file and commented out.

answered Jan 28 '20 at 11:05

Nazia Jahan Trisha

120
1
1
8

openvpn - ifconfig parameter

2 Answers2