Changing OpenVPN DHCP pool
OK finally it is solved with some changes on the config file:
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
mode server
tls-server
topology subnet
push "topology subnet"
ifconfig 10.8.0.1 255.255.254.0
ifconfig-pool 10.8.1.0 10.8.1.253
route-gateway 10.8.0.1
push "route-gateway 10.8.0.1"
client-config-dir /etc/openvpn/ccd
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 300
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /etc/openvpn/openvpn-status.log
verb 6
To piggyback on Zoltan Szabo's answer and to fulfill the clarifications requested in the comments, here is my take on an answer.
How to change the DHCP address pool?
First things first, the answer to the initial question. There's probably something like server 10.8.0.0 255.255.255.0
in your config. This directive will automatically allocate a DHCP pool with ifconfig-pool 10.8.0.4 10.8.0.251
. If you try to specify the ifconfig-pool
yourself, OpenVPN will complain that you can't use server
and ifconfig-pool
together. Now there are two ways to customize the DHCP address pool.
a) Use nopool
There is an option to force OpenVPN to not allocate a DHCP address pool. Just add the nopool
argument at the end of the server directive and you can specify the pool yourself.
server 10.8.0.0 255.255.255.0 nopool
ifconfig-pool 10.8.0.100 10.8.0.200
b) Declare and customise the expanded server
directive yourself
This solution is what was used by Zoltan and is a bit trickier, but let's you customise more aspects of the server. The OpenVPN manual shows how the server
directive is expanded. Building upon this, you can declare all the necessary options yourself. This is highly dependent on the topology and if you're using dev tun
or dev tap
.
I just add an example based on the configuration in the question (topology subnet
and dev tun
).
mode server
tls-server
push "topology subnet"
ifconfig 10.8.0.1 255.255.255.0
ifconfig-pool 10.8.0.2 10.8.0.253 255.255.255.0
push "route-gateway 10.8.0.1"
route-gateway 10.8.0.1
See the notes below and the manual for more info.
How to assign a static IP address to a client?
The second part of the question was about assigning static IPs. It seems like OP figured that one out, and there are already plenty of resources about this topic on the internet. Nevertheless I would like to add a short paragraph about assigning static IP addresses to certain clients.
The solution is to use a client configuration directory and add a file for each client in there.
Add this to your OpenVPN server configuration:
client-config-dir /etc/openvpn/ccd
If you want to, for example, assign the IP 10.8.0.5 to a client with the common name client1
, create a file /etc/openvpn/ccd/client1
with this content (note: this is for topology subnet
):
ifconfig-push 10.8.0.5 255.255.255.0
Also keep the note in the OpenVPN manual about ifconfig-push
in mind. I couldn't find the route
directive in the configuration Zoltan posted in his answer.
Remember also to include a --route directive in the main OpenVPN config file which encloses local, so that the kernel will know to route it to the server's TUN/TAP interface.
Notes
Just for completion, this is the section in the OpenVPN manual about the expanding of the server directive.
For example,
--server 10.8.0.0 255.255.255.0
expands as follows:mode server tls-server push "topology [topology]" if dev tun AND (topology == net30 OR topology == p2p): ifconfig 10.8.0.1 10.8.0.2 if !nopool: ifconfig-pool 10.8.0.4 10.8.0.251 route 10.8.0.0 255.255.255.0 if client-to-client: push "route 10.8.0.0 255.255.255.0" else if topology == net30: push "route 10.8.0.1" if dev tap OR (dev tun AND topology == subnet): ifconfig 10.8.0.1 255.255.255.0 if !nopool: ifconfig-pool 10.8.0.2 10.8.0.253 255.255.255.0 push "route-gateway 10.8.0.1" if route-gateway unset: route-gateway 10.8.0.2