User Tools

Site Tools


synologyopenvpnstaticip

Synology: OpenVPN server: Configuring static IP addresses for VPN clients with Tux

Hey, my name is "Tux"! Did you ever wonder how you set static IP addresses for OpenVPN clients when using Synology as an OpenVPN server?

Hey, my name is "Tux" and this tutorial will show you how you can configure static OpenVPN client IPv4 addresses on OpenVPN server side.



First thoughts

Note

OpenVPN does not allow to configure static IP addresses on client side. Instead client IP addresses are offered by the OpenVPN server. The OpenVPN server acts kind of a DHCP server, but not the "classic" way based on unique MAC addresses but on OpenVPN client usernames which therefore have to be unique on every OpenVPN client which are connected at the same time to the OpenVPN server.


Start of tutorial

SSH into the Synology NAS which has the OpenVPN server installed.

Now navigate to:

$ cd /usr/syno/etc/packages/VPNCenter/

Create the following directory:

$ mkdir ./ccd


Change permissions:

$ chmod 0755 ./ccd


Create a file which its name holds the according OpenVPN client username:

$ vi ./ccd/<myOpenVPNClientUsername>


Add the following content:

ifconfig-push <myStaticIPAddress> <myVPNGatewayIPAddress>

Save the file, quit the editor and change permissions:

$ chmod 0644 ./ccd/<myOpenVPNClientUsername>


Edit the following file…

$ vi /usr/syno/etc/packages/VPNCenter/openvpn/openvpn.conf


…and add the following content:

client-config-dir /usr/syno/etc/packages/VPNCenter/ccd/

Save the file and quit the editor.


Edit the following file…

$ vi /volume1/@appstore/VPNCenter/etc/openvpn/radiusplugin.cnf


…look out for the following line…

overwriteccfiles=true

…and chage it to:

overwriteccfiles=false

Save the file and quit the editor.
Now restart the OpenVPN server serivce.

Note: After every OpenVPN server update you have to check if these customized settings are still set. If not, repeat the according steps above!

Important!

1) Within an OpenVPN subnet the first four IPv4 addresses are always reserved for the OpenVPN server, therefore the following addresses:

xxx.xxx.xxx.xx0 to xxx.xxx.xxx.xxx3

2) On the config file there are only two (2) IPv4 addresses being configured per client but every client automatically got four (4) IPv4 addresses being reseved by the OpenVPN server. The reason for this is that on connection the OpenVPN server reserves a /30 subnet (255.255.255.252) for every OpenVPN client. Inside the config file there are only two (2) IPv4 addresses being configured:
  1. The client IPv4 address
  2. The client-gateway IPv4 address

Those two IPv4 addresses are the middle part of the /30 subnet per definition.

Example of a config file with the following content:

ifconfig-push 10.0.0.6 10.0.0.5

On this example the following IPv4 addresses are being reserved by the OpenVPN for the according OpenVPN /30 client subnet:

10.0.0.7 → Broadcast
10.0.0.6 → Client-Gateway
10.0.0.5 → Client
10.0.0.4 → Net-ID

Broadcast and Net-ID are being configured automatically per OpenVPN client by the OpenVPN server.

When configuring static IPv4 addresses please note that it is very important to always double check there is no overlapping between OpenVPN client subnets!


End of tutorial

synologyopenvpnstaticip.txt · Last modified: 2020/11/03