NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

dfilip's avatar
dfilip
Guide
Jul 01, 2019

OpenVPN w/BR500 and Static IP

I have OpenVPN working from my Cloud (AWS) server to my local LAN network through a BR500 router:       [AWS Cloud Server] <--> [Public Internet] <--> [BR500] <--> [Local LAN Servers]   Howev...
dfilip's avatar
dfilip
Guide
Jul 02, 2019

Interesting ... I don't see any DHCP or IP or NETMASK, etc., parameters in the .ovpn file ... but maybe that is possible?

 

Does anyone have any expeireince with that?

 

Searching the 'Net I see an 'ifconfig' parameter, but I'm not quite sure what to put in for the local IP, and whether this parameter is applicable?

 

I am using TUN (not TAP), so a point-to-point connection, e.g.:

 

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500

        inet 192.168.2.2  netmask 255.255.255.0  destination 192.168.2.2

        inet6 fe80::88cb:771a:fe14:b5c3  prefixlen 64  scopeid 0x20<link>

        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)

        RX packets 1651  bytes 179655 (175.4 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 1587  bytes 128904 (125.8 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

So if I wanted to keep this IP "static", would I specify 192.168.2.2 for both local and remote IPs?

 

I can find documentation on the 'Net for what the parameters are, but I'm not enitrely clear on their use, and haven't found -- not for lack of trying -- any concrete example for what I am trying to do from the client side (most of the examples I've found call for dropping a file into the CCD of the OpenVPN  server, which in my case is the BR500 where I don't have access to the filesystem).

 

If anyone has any examples, please let me know.  In the mean time, I'll try playing around with some of the 'ifconfig' options, to see if I can get this to work, and will post the solution if I do.

 

 

 

dfilip's avatar
dfilip
Guide
Jul 02, 2019

No luck with ifconfig {local} {remote}' in the client config, e.g., this seems to do nothing:

 

    ifconfig 192.168.2.2 192168.2.3

 

other than generate a warning in the logfile (something along the lines of --client and --ifconfig are not what you want to do).  And the '--push' options are also all for the server side of things (to push ifconfig commands to the client).

 

Finally, the '--ipchange' parameter of openvpn command is a bust, as it only provides the IP of the remove server, and NOT the tunneled IP on my LAN.  Basically, what I need is the IP of the tunnel on my LAN back to the VPN'ed server.

 

So I've found about 3 different ways to do this if I could access the OpenVPN server, but not from the client side. *sigh*

 

So the closet so far is doing this on the remote VPN'd system:

 

    $ ifconfig tun0 | grep 192.168 | awk '{print $2}'

    192.168.2.2

 

which may be the way that I have to go, as I haven't found any clean soutions as of yet.

 

Unless anyone else has any ideas of what else I can do from the OpenVPN CLIENT (not server), since I don't have access to the configuration files of the OpenVPN server within the BR500?

 

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More