5

I'm facing some troubles right now with an OpenVPN server an former colleague set up (I'm not too into it ATM). We're using OpenVPN for a private network of ~200 clients (to be more specific, only 15 clients, with VMs on them, bridged to the same network, 192.168.1.0/24).

It worked nicely for years, but for some weeks, it's acting strange. I have a laptop in this network, which used to have IP 192.168.1.156. Here the interesting part of my OpenVPN server configuration:

ifconfig-pool-persist ipp.txt
ifconfig-pool 192.168.1.1 192.168.1.254 255.255.255.0

And in my ipp.txt file:

gfenollar.xxxxx.local,192.168.1.156

But when I restart my openvpn client, I got another IP, always different. Of course, it allocate me an IP already used by another OpenVPN client, which is insane! Here is the log of my client:

Wed Feb  6 12:36:29 2013 SENT CONTROL [xxx]: 'PUSH_REQUEST' (status=1)
Wed Feb  6 12:36:29 2013 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 192.168.1.5,ping 8,ping-restart 20,ifconfig 192.168.1.24 255.255.255.0'
Wed Feb  6 12:36:29 2013 OPTIONS IMPORT: timers and/or timeouts modified
Wed Feb  6 12:36:29 2013 OPTIONS IMPORT: --ifconfig/up options modified
Wed Feb  6 12:36:29 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Feb  6 12:36:29 2013 TUN/TAP device tap0 opened
Wed Feb  6 12:36:29 2013 TUN/TAP TX queue length set to 100
Wed Feb  6 12:36:29 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Feb  6 12:36:29 2013 /sbin/ifconfig tap0 192.168.1.24 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255

So here I got 192.168.1.24 instead of .156. It happens to every of my hosts, but fortunately they have a private IP in interfaces file, in static, so they're kind of unallowed to modify the ip with "ifconfig" command, like it happens to me.

Can anybody point me out a way to investigate?

Thanks a lot in advance!

Guillaume

Guillaume Fenollar
  • 261
  • 1
  • 2
  • 5
  • 1
    The `ipp.txt` file is just a status file. It isn't a place to define reservations. Past that, I am not really sure what you are trying to do. – Zoredache Feb 07 '13 at 15:45
  • I just wanted to reserve my IP. I found a way by using ccd method, which I didn't wanted to do. Plus, there is the option ifconfig-noexec which prevent from push ifconfig commands. So this is kind of fixed :-) – Guillaume Fenollar Feb 07 '13 at 16:01
  • 1
    @Zoredache The [openvpn manpage](http://manpages.ubuntu.com/manpages/precise/en/man8/openvpn.8.html) implies that `ifconfig-pool-persist` should do this: "The goal of this option is to provide a long-term association between clients (denoted by their common name) and the virtual IP address assigned to them from the ifconfig-pool." – mgorven Feb 07 '13 at 17:57
  • 1
    @mgorven: I also saw that: "Note that the entries in this file are treated by OpenVPN as suggestions only, based on past associations between a common name and IP address. They do not guarantee that the given common name will always receive the given IP address. If you want guaranteed assignment, use --ifconfig-push". – quanta Jul 20 '15 at 04:17

1 Answers1

3

To force manual IP assignment use

ifconfig-pool-persist ipp.txt 0

instead of

ifconfig-pool-persist ipp.txt

make sure that you have added IPs to all clients.

Bouzid Zitouni
  • 161
  • 7