I have set up my OpenWrt to connect to my server (running SoftEther, but emulating OpenVPN too, since I had problems getting SoftEther to work with OpenWrt for some reason), but it changes MAC and because of that IP address on the server each time it connects. Is there a way to either set up a static IP from the client or to lock te MAC so it doesn't change? Then I can easily set the static address on the server's DHCP server.
OpenVPN is based on the model that the server will control the clients, so the proper way to do this is to set up a client config directory in the server which will cause the client to always be assigned the same IP. The process to assign tunnel IPs and push them to clients is an integral part of OpenVPN, it is not general DHCP.
3 Likes
As I wrote, it's a server running SoftEther and emulating OpenVPN, so the DHCP server part of the server (not SoftEther itself) gives out the IP addresses. But I take it that it's not possible to define the IP from the client side. Thanks! Then I have to do it from the SoftEther side.
Would you be able to refer me to the best source for learning how to setup the client config directory on OpenWrt?
I need to solve the problem OP describes (assigning a static IP to the client), and am using OpenVPN on OpenWrt at both ends.
Thanks.
Run OpenVPN with an external configuration file (option config in /etc/config/openvpn) then the configuration is the same native format as on any other sytem.
1 Like
Thanks. I had applied that tweak, however I was unable to find out how to assign the needed username (t match the client directory's name) to the client itself.
The filename inside the CCD must match the CN in the client certificate.
You can also get it from the server side log when connecting the client.
1 Like
Still lost. Sorry. How can I discover the CN (I know I used it when creating the cert, but damned if I recall what I typed 3 years ago) in the client cert? It's not in the config files, nor visible in the certs that I can tell.
(As you might imagine, I'm not accustomed to spending time inside this kind of crypto config, so I appreciate your tolerance.)
Connect the client while monitoring the log on the server.
1 Like
Can you point me to where "option config ..." is documented?
(I've been searching in vain for a while...)
Thanks.
In general?
- The
option 'string' 'some value' andoption 'boolean' '1' lines define simple values within the section. Note that there are no syntactical differences between text and boolean options. Per convention, boolean options may have one of the values '0', 'no', 'off', 'false' or 'disabled' to specify a false value or '1' , 'yes', 'on', 'true' or 'enabled' to specify a true value.
~ From: https://openwrt.org/docs/guide-user/base-system/uci#file_syntax
Specifically to OpenVPN config on OpenWrt?
I can't find a reference anywhere thus far - except 1 reference. It's another forum post by @mk24 - from 2017:
It needs to be added to the relevant Wiki(s).
1 Like
The default /etc/config/openvpn file which ships with the OpenVPN package contains an example section "include a custom config file."
That isn't quite correct since the file will be the entire OpenVPN configuration, you can't add any of the regular OpenVPN UCI options. They will be ignored rather than merged in like the word "include" suggests.
2 Likes