Score:0

Allow OpenVPN clients to manually set their IP addresses in tun interface

cn flag

I need to frequently change the client's IP address manually so modifying the server's configuration every time just seems troublesome.
Is there anything similar to AllowedIPs in WireGuard allowing clients to set their own IP addresses inside specific ranges in OpenVPN?
I've tried to just ignore the pushed IP and manually set another one but failed, for that OpenVPN seems to block the traffic whose source IP doesn't match with the allocated one.
dev tun and topology subnet are used.

vidarlo avatar
ar flag
This sounds like a X-Y-problem. *Why* do you need to change the IP's?
mnihyc avatar
cn flag
@vidarlo I'm using source-based routing to switch between multiple networks, and running many dedicated OpenVPN instances doesn't seem to be a good solution. Actually I'm switching from WireGuard to OpenVPN, and WireGuard does work perfectly in this case.
Score:0
cn flag

It turns out that I have somehow misunderstood the error MULTI: bad source address from client.
This doesn't mean that OpenVPN is trying to prevent an IP spoofing, but that it has no routes to this IP.
See https://openvpn.net/faq/multi-bad-source-address-from-client-packet-dropped-or-get-inst-by-virt-failed/
Like AllowedIPs in WireGuard, iroute must be added to CCDs to tell OpenVPN the client to which packets should route.
Manually adding proper kernel routes (done by route) and iroute solved the problem.

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.