Author Topic: [SOLVED] OpenVPN DHCP client list  (Read 18131 times)

coffen

  • Zen Apprentice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
[SOLVED] OpenVPN DHCP client list
« on: March 16, 2011, 08:32:44 am »
Is there some place where I can see the ip addresses of the VPN clients currently connected to the TAP interface?
Dashboard only shows DHCP leases of eth0, but not tap0
« Last Edit: March 19, 2011, 08:16:00 am by coffen »

Trym

  • Zen Warrior
  • ***
  • Posts: 117
  • Karma: +1/-0
    • View Profile
Re: OpenVPN DHCP client list
« Reply #1 on: March 16, 2011, 03:05:45 pm »
You can easily see who's connected by adding the OpenVPN-widgets to your dashbard. ("Configure Widgets", top of the page, next to the search field.).

That, however, will only list the address the client is connecting from, not which internal VPN-address it has.

I'm sure there's a better way to do this, but you can see which certificate is given which IP by:

Code: [Select]
sudo cat /etc/openvpn/<name of vpn>-ipp.txt

That file is updated with new ip's as clients with different certificates connect for the first time.
I think you can edit that file too if you want to hand out specific addresses to specific clients/certificates.

::Trym

coffen

  • Zen Apprentice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: OpenVPN DHCP client list
« Reply #2 on: March 16, 2011, 04:28:18 pm »
You can easily see who's connected by adding the OpenVPN-widgets to your dashbard. ("Configure Widgets", top of the page, next to the search field.).

That, however, will only list the address the client is connecting from, not which internal VPN-address it has.

I'm sure there's a better way to do this, but you can see which certificate is given which IP by:

Code: [Select]
sudo cat /etc/openvpn/<name of vpn>-ipp.txt

That file is updated with new ip's as clients with different certificates connect for the first time.
I think you can edit that file too if you want to hand out specific addresses to specific clients/certificates.

::Trym

OK, that sort of solves my problem.
I am looking for a way to easilly open an vnc session to a client connecting through vpn.
For that I need to know the vpn ip the client is assigned.
Would be nice if the widget showed both public ip and vpn ip of the client.

The <name of vpn>-ipp.txt shows a list of ip's assigned even if the vpn session is no longer active.
« Last Edit: March 16, 2011, 04:33:05 pm by coffen »

Trym

  • Zen Warrior
  • ***
  • Posts: 117
  • Karma: +1/-0
    • View Profile
Re: OpenVPN DHCP client list
« Reply #3 on: March 16, 2011, 05:55:17 pm »
Quote
The <name of vpn>-ipp.txt shows a list of ip's assigned even if the vpn session is no longer active.

Yes, which is why you need to look at the dashboard-widget to see who's currently connected to VPN.

Quote
Would be nice if the widget showed both public ip and vpn ip of the client.

Agreed, I suggest you add it to the Zentyal wish-list.

::Trym

Sam Graf

  • Guest
Re: OpenVPN DHCP client list
« Reply #4 on: March 16, 2011, 10:43:08 pm »
Unless something changed recently, Zentyal supports a single simultaneous VPN client connection per server. In my case, I have one server per possible client connection (so nobody gets bumped) and so maybe I'm missing something here. But at least in my 1-to-1 server/client relationships, the client's VPN interface address is always the server's VPN interface address plus one (at least using /24 addresses). A client connecting to a server running at VPN interface address 192.168.200.1 will have a VPN interface address of 192.168.200.2. It's true that Zentyal doesn't tell me that at the server end, but that's how it has worked out in my experience, making it possible to assume the client address almost certainly to be the server address plus 1.

Am I completely missing something here?  :)

Trym

  • Zen Warrior
  • ***
  • Posts: 117
  • Karma: +1/-0
    • View Profile
Re: OpenVPN DHCP client list
« Reply #5 on: March 16, 2011, 11:01:46 pm »
Maybe I'm the one missing something. I manage a server with one OpenVPN-server set up, and certificates given out to approx 75% of the users, approx 20 in total. Out of them, 12 use VPN regularly.

I've never had any complaints about drop-outs, and I've with my own eyes seen four users connected simultaneously. The samba logs shows all users except me were browsing and opening files from shares on the server at around the same time.

Maybe this isn't supposed to work, but it does for me.

(Unless you are using the same certificate for different users of course, that won't work.)

::Trym
« Last Edit: March 16, 2011, 11:11:27 pm by Trym »

sixstone

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1417
  • Karma: +26/-0
    • View Profile
    • Sixstone's blog
Re: OpenVPN DHCP client list
« Reply #6 on: March 16, 2011, 11:58:23 pm »
Hi there,

The VPN module is intended to be multihost with a unique certificate per VPN client for security purposes.

I've added your request to our wishlist. [1]

Thanks very much for your suggestions.

[1] http://trac.zentyal.org/wiki/Document/Development/Wishlist/Module/OpenVPN#ShowtheVPNIPaddressinwidget
My secret is my silence...

Sam Graf

  • Guest
Re: OpenVPN DHCP client list
« Reply #7 on: March 17, 2011, 03:42:32 am »
Maybe I'm the one missing something.

Nope. Maybe it was the way I described in eBox? Maybe I just don't know what I'm talking about and am hopelessly confused? In any case, I learned something. Now if I can just remember that I learned something …

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 867
  • Karma: +59/-0
    • View Profile
Re: OpenVPN DHCP client list
« Reply #8 on: March 17, 2011, 04:32:39 am »
Since the IP address is persistent (user always gets the same IP) you can just add them to your dns manually.