{{ :supportukraine.gif|}}
====== Synology: OpenVPN server: Configuring static IP addresses for VPN clients with Tux ======
{{en:tux.png |Hey, my name is "Tux"!}} **Did you ever wonder how you set static IP addresses for //OpenVPN// clients when using Synology as an //OpenVPN// server?**
\\ \\
Hey, my name is "Tux" and this tutorial will show you how you can configure static //OpenVPN// client IPv4 addresses on //OpenVPN// server side.
----
\\
===== First thoughts =====
//OpenVPN// does not allow to configure static IP addresses on client side. Instead client IP addresses are offered by the //OpenVPN// server. The //OpenVPN// server acts kind of a //DHCP// server, but not the "classic" way based on unique MAC addresses but on //OpenVPN// client usernames which therefore have to be unique on every //OpenVPN// client which are connected at the same time to the //OpenVPN// server.
\\
===== Start of tutorial =====
//SSH// into the //Synology// NAS which has the //OpenVPN// server installed.
\\
\\
Now navigate to:
$ cd /usr/syno/etc/packages/VPNCenter/
Create the following directory:
$ mkdir ./ccd
\\ Change permissions:
$ chmod 0755 ./ccd
\\ Create a file which its name holds the according //OpenVPN// client username:
\\ $ vi ./ccd/
\\ Add the following content:
ifconfig-push
Save the file, quit the editor and change permissions:
\\ $ chmod 0644 ./ccd/
\\ Edit the following file...
$ vi /usr/syno/etc/packages/VPNCenter/openvpn/openvpn.conf
\\ ...and add the following content:
client-config-dir /usr/syno/etc/packages/VPNCenter/ccd/
Save the file and quit the editor.
\\ Edit the following file...
$ vi /volume1/@appstore/VPNCenter/etc/openvpn/radiusplugin.cnf
\\ ...look out for the following line...
overwriteccfiles=true
...and chage it to:
overwriteccfiles=false
Save the file and quit the editor.
\\ Now restart the //OpenVPN// server serivce.
\\
\\ **Note: After every //OpenVPN// server update you have to check if these customized settings are still set. If not, repeat the according steps above!**
\\
1) Within an //OpenVPN// subnet the first four IPv4 addresses are always reserved for the //OpenVPN// server, therefore the following addresses:
\\
\\ **xxx.xxx.xxx.xx''0''** to **xxx.xxx.xxx.xxx''3''**
\\
\\
2) On the config file there are only **two (2) IPv4 addresses** being configured per client but every client automatically got **four (4) IPv4 addresses** being reseved by the //OpenVPN// server. The reason for this is that on connection the //OpenVPN// server reserves a /30 subnet (255.255.255.252) for every //OpenVPN// client. Inside the config file there are only two (2) IPv4 addresses being configured:
- The client IPv4 address
- The client-gateway IPv4 address
Those two IPv4 addresses are the middle part of the /30 subnet per definition.
\\
\\ Example of a config file with the following content:
ifconfig-push 10.0.0.6 10.0.0.5
On this example the following IPv4 addresses are being reserved by the //OpenVPN// for the according //OpenVPN// /30 client subnet:
\\
\\ ''10.0.0.7'' → Broadcast
\\ ''10.0.0.6'' → Client-Gateway
\\ ''10.0.0.5'' → Client
\\ ''10.0.0.4'' → Net-ID
\\
\\ **Broadcast** and **Net-ID** are being configured automatically per //OpenVPN// client by the //OpenVPN// server.
\\
\\ **When configuring static IPv4 addresses please note that it is very important to always double check there is no overlapping between //OpenVPN// client subnets!**
\\
===== End of tutorial =====
\\
\\
Appreciate my work? \\ [[https://www.buymeacoffee.com/fabioU|Buy me a coffee]] {{:buymeacoffee.png|}} or [[https://www.paypal.com/donate/?hosted_button_id=TH8Q3NTJCAJBA|PayPal]] {{:paypal.png|}}
\\
\\
**Source(s):**
\\
[[https://forum.synology.com/enu/viewtopic.php?t=140470|Synology Forum: OpenVPN to VPN server static private IP]]
\\
[[https://forums.openvpn.net/viewtopic.php?t=8215|OpenVPN Support Forum: Static ip for openvpn clients]]
{{htmlmetatags>metatag-robots=()}}