Hi, On Sat, Jul 25, 2020 at 10:39:49PM +0000, Fermin Francisco via Openvpn-users wrote: > How can I to generate IPs by range using OpenVPN? > > I mean, we got 3 departaments, and we need to generate IP range by > departaments. > > Example: > > IT departament: 10.0.8 2 to 10.0.8.20 > > Legal Departament: 10.0.8.21 to 10.0.8.30 > > Accounting Departament: 10.0.8.31 to 10.0.8.45 > > Ho can I do that??
OpenVPN itself can only do a single pool today.
What you can do is: per-user static assignment (see "--client-config-dir"
and "--ifconfig-push" in the manpage). This is annoying to set up for
"hundreds!" of users, but you could have a basic pool for "IT" and
then some 10 hard-coded IP addresses for Legal and Accounting.
If your requirements are more complex, you need to write a --client-connect
script or plugin which takes the username (from the client certificate),
maps it to your different teams, and does some sort of per-team pool
management. Again, returning the result with "ifconfig-push".
(With the pool cleanup Antonio did for 2.5, adding multiple pools is
not extremely hard anymore - then "client-connect" could just return
a pool name and openvpn would use the right pool, then. But the code
has not been written yet, will not be in time for 2.5, and it's unclear
whether this is something *really* needed when we can do it by plugin
or script)
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
