[CentOS] Optimal VPN

David Sommerseth dazo at users.sourceforge.net
Thu Dec 9 15:38:01 UTC 2010


On 30/11/10 15:49, Ben McGinnes wrote:
>> > That is there must be a specific IP address assigned to a user/password
>> > combination. pptp does not really do this but I wrote sort of a backend
>> > (or maybe frontend? ;-) ) to change the IP address assigned based on a
>> > login and password. It is extra stuff I would prefer not to do though.
>
> RADIUS can assign a specific IP to a given user, but let OpenVPN
> handle the encryption.

You don't even need RADIUS to provide specific IP addresses.  You can
either use --ifconfig-pool-persist or --client-config-dir.

--ifconfig-pool-persist will create a file with a kind of a database of
which IP addresses assigned to clients earlier, and will re-assign the
same IP address if found here.  That's the automatic way of doing it.
However, if you're running out of IP addresses from your initial address
pool, IP addresses will be reused.

--client-config-dir combined with --push "ifconfig <ipaddr> <netmask>"
in a client specific config file, will provide this feature consistently.

It's also possible to use other plug-ins or scripts to provide client
specific IP addresses and/or routes dynamically, based on who the client
is ... Which is what the RADIUS plug-in does.


kind regards,

David Sommerseth




More information about the CentOS mailing list