| | 1 | = Addressing = |
| | 2 | |
| | 3 | [[TOC(depth=3)]] |
| | 4 | |
| | 5 | This page discusses the concepts of addressing in OpenVPN |
| | 6 | |
| | 7 | == Addressing Basics == |
| | 8 | |
| | 9 | Addressing in OpenVPN depends on the [wiki:Topology] in use. The 3 types of possible addressing styles are explained in the Topology page and are: |
| | 10 | |
| | 11 | subnet:: The preferred topology for server/client steups |
| | 12 | net30:: The deprecated /30 subnet allocation (best to avoid this) |
| | 13 | p2p:: Used by non-server, peer-to-peer setups (non-Windows only; uses Point-To-Point, or PtP networking) |
| | 14 | |
| | 15 | Note that with net30, non-Windows clients will configure addressing as PtP anyway; Windows uses the /30 as a virtual "network." |
| | 16 | |
| | 17 | == The Address Pool == |
| | 18 | |
| | 19 | In server mode, an addressing pool is commonly used; when used, clients that do not have server-side static addressing configured will be allocated an IP dynamically from this pool. |
| | 20 | |
| | 21 | It is important to note that defining static addressing with an address that is also in the pool will result in problematic behavior if that IP was already allocated to another client. For this reason it is critical to reduce your pool range and assign static addresses that are outside the defined pool. |
| | 22 | |
| | 23 | This means you cannot use the `--server` directive with static addressing as it consumes the entire network for the pool; instead, expand the directive and reduce the pool range. |
| | 24 | |
| | 25 | == Examples == |
| | 26 | |
| | 27 | The examples below use 10.8.0.0/24 as the VPN network and include samples for both full-pool allocation, and a reduced allocation with static addressing for 2 clients called 'client1' and 'client2'. |
| | 28 | |
| | 29 | Since the TLS setup is not the focus here, the `--pkcs12` is used here; your setup will likely be different. Addressing is the important part of these examples. Also note that the `--topology` directive is often pushed, and is in these examples. |
| | 30 | |
| | 31 | === Examples for subnet topology === |
| | 32 | |
| | 33 | ==== subnet Example with full pool ==== |
| | 34 | |
| | 35 | * server config: |
| | 36 | {{{ |
| | 37 | --server 10.8.0.0 255.255.255.0 |
| | 38 | --dev tun |
| | 39 | --topology subnet |
| | 40 | |
| | 41 | # TLS needs: |
| | 42 | --pkcs12 /vpn/server.p12 |
| | 43 | --dh /vpn/dh.pem |
| | 44 | }}} |
| | 45 | |
| | 46 | * client config: |
| | 47 | {{{ |
| | 48 | --client |
| | 49 | --dev tun |
| | 50 | |
| | 51 | # TLS needs: |
| | 52 | --pkcs12 /vpn/client.p12 |
| | 53 | }}} |
| | 54 | |
| | 55 | ==== subnet Example with static ccd ==== |
| | 56 | |
| | 57 | * server config: |
| | 58 | {{{ |
| | 59 | --mode server |
| | 60 | --tls-server |
| | 61 | --ifconfig 10.8.0.1 255.255.255.0 |
| | 62 | --push "route-gateway 10.8.0.1" |
| | 63 | --ifconfig-pool 10.8.0.2 10.8.0.199 255.255.255.0 |
| | 64 | --ccd /vpn/ccd-dir |
| | 65 | |
| | 66 | # TLS needs: |
| | 67 | --pkcs12 /vpn/server.p12 |
| | 68 | --dh /vpn/dh.pem |
| | 69 | }}} |
| | 70 | * server's `/vpn/ccd-dir/client1` file: |
| | 71 | {{{ |
| | 72 | ifconfig-push 10.8.0.201 255.255.255.0 |
| | 73 | }}} |
| | 74 | * server's `/vpn/ccd-dir/client2` file: |
| | 75 | {{{ |
| | 76 | ifconfig-push 10.8.0.202 255.255.255.0 |
| | 77 | }}} |
| | 78 | |
| | 79 | * client config: |
| | 80 | {{{ |
| | 81 | --client |
| | 82 | --dev tun |
| | 83 | |
| | 84 | # TLS needs: |
| | 85 | --pkcs12 /vpn/client.p12 |
| | 86 | }}} |
