Carlos Eduardo Pacheco
Share this post:
I can't remember the location of the file. Something like /var/lib/openvpn/ipp.txt. Have a look in /etc/clearos/clients.conf. It has one line pointing to the file. Normally OpenVPN builds this file by itself as new clients connect and it uses this to try to give the same IP to the same client. From memory it uses the username from the certificate and an IP. The IP's increment by 4 every time. If you want to guarantee fixed IP's (mine don't seem to move) you can set the immutable bit on the file (chattr +I filename) so the system can't update it. There is no harm doing that. I believe it is the recommended way. You'd need to remove the immutable bit every time you wanted to edit the file to add a new host.
Accepted AnswerHi Carlos,
I had a sudden thought and there is a better way to handle IP persistence in /var/lib/openvpn/ipp.txt. In /etc/openvpn/clients.conf, change the number at the end of the ifconfig-pool-persist line (120) to 0. OpenVPN should then treat the file as read-only. See the man pages here.
Accepted AnswerCarlos Eduardo PachecoOffline
Accepted AnswerI think the question was asked a few years ago and there was no answer then.
Can I make my usual point? These days even Micro$oft, who created the protocol, no longer recommend you use it as its security is easily broken. OpenVPN is a more secure solution and you can assign static IP's. If you require auto-login on start up (so no user/pass authentication, relying on certificates only), this is also easy to set up although not through the ClearOS webconfig.