Thanks to IP Management With duplicate-cn, we can use --client-connect cmd to write different configurations to a dynamically generated temporary file for different clients. In Reference manual for OpenVPN 2.4, it says
OpenVPN's internal client IP address selection algorithm works as follows:
1 Use --client-connect script generated file for static IP (first choice).
2 Use --client-config-dir file for static IP (next choice).
3 Use --ifconfig-pool allocation for dynamic IP (last choice).
So we can overwrite the server's ifconfig-pool with this script. In my case, I distinguish different clients by their IP and set static IP for a special client. When the special IP x.x.x.x appears, a static IP 172.0.0.3 will be distributed to this client. The script for client-connect is
$ cat /etc/openvpn/client-connect.sh
#!/bin/bash
if [ $trusted_ip = "x.x.x.x" ]; then
echo "static ip triggered for" $trusted_ip
echo "ifconfig-push 172.0.0.3 255.255.255.0" >> ${@:-1}
else
echo "still random ip for" $trusted_ip
fi
exit 0
I also set the ifconfig-pool on the server side to avoid conflict with 172.0.0.3
mode server
server 172.0.0.0 255.255.255.0 'nopool'
ifconfig-pool 172.0.0.16 172.0.0.128 255.255.255.0
