Discussion:
openvpn: client ip doesn't change
Yevhen Kyriukha
2014-05-12 23:15:08 UTC
Permalink
There is an issue when openvpn server restarts while client is been
connected to it: client doesn't update its VPN IP address.

Steps to reproduce:
1) In openvpn server config add "ifconfig-pool-persist ipp.txt" option.
2) Create ipp.txt file and define recommended IP for the client in a
following way:
myclient,10.10.10.23
3) Start VPN server.
3) Establish VPN connection on client (using connman and connman-vpn).
4) Stop VPN server.
5) Change IP for client in ipp.txt file:
myclient,10.10.10.44
6) Start VPN server.
7) Wait for VPN connection is established on client and check IP of vpn
interface.

Expected results:
Interface gets new IP 10.10.10.44.

Actual results:
Interface using old IP 10.10.10.23.

This is a serious issue as user can't access VPN network without restarting
VPN client.
--
Best regards,
Yevhen
Patrik Flykt
2014-05-20 08:10:26 UTC
Permalink
Hi,
Post by Yevhen Kyriukha
There is an issue when openvpn server restarts while client is been
connected to it: client doesn't update its VPN IP address.
1) In openvpn server config add "ifconfig-pool-persist ipp.txt" option.
When a VPN program, such as openvpn, is started by connman-vpnd, all
possible options are either given on the command line or written to a
temporary config file supplied to the VPN program.

What config file in which location did you configure in 1) above?
Post by Yevhen Kyriukha
2) Create ipp.txt file and define recommended IP for the client in a
myclient,10.10.10.23
3) Start VPN server.
3) Establish VPN connection on client (using connman and connman-vpn).
4) Stop VPN server.
Was 10.10.10.23 the default address the server would have assigned
anyway? How about using 10.10.10.44 already at this step to see if it is
a problem in any of the connects or just the reconnect in 6) ?
Post by Yevhen Kyriukha
myclient,10.10.10.44
6) Start VPN server.
7) Wait for VPN connection is established on client and check IP of vpn
interface.
Interface gets new IP 10.10.10.44.
Interface using old IP 10.10.10.23.
This is a serious issue as user can't access VPN network without restarting
VPN client.
Cheers,

Patrik
Yevhen Kyriukha
2014-05-20 21:29:50 UTC
Permalink
Post by Patrik Flykt
Post by Yevhen Kyriukha
1) In openvpn server config add "ifconfig-pool-persist ipp.txt" option.
When a VPN program, such as openvpn, is started by connman-vpnd, all
possible options are either given on the command line or written to a
temporary config file supplied to the VPN program.
What config file in which location did you configure in 1) above?
It is a config for openvpn (/etc/openvpn). Openvpn is configured on
ubuntu *without* connman.
You can create simple server config and put "ifconfig-pool-persist
ipp.txt" option to it. It will be enough for testing.
Post by Patrik Flykt
Post by Yevhen Kyriukha
2) Create ipp.txt file and define recommended IP for the client in a
myclient,10.10.10.23
3) Start VPN server.
3) Establish VPN connection on client (using connman and connman-vpn).
4) Stop VPN server.
Was 10.10.10.23 the default address the server would have assigned
anyway? How about using 10.10.10.44 already at this step to see if it is
a problem in any of the connects or just the reconnect in 6) ?
It doesn't matter. Problem persists. I have around of 50 clients
connected using connman so I tested this issue well.

P.S.: Please, add author to CC when answering emails.
--
Best regards,
Yevhen
Patrik Flykt
2014-05-21 07:16:41 UTC
Permalink
Post by Yevhen Kyriukha
It is a config for openvpn (/etc/openvpn). Openvpn is configured on
ubuntu *without* connman. You can create simple server config and put
"ifconfig-pool-persist ipp.txt" option to it. It will be enough for
testing.
This file is not read when openvpn is started by connman-vpnd. See
doc/vpn-config-format.txt to see if there already is an option you can
use.

Cheers,

Patrik
Jukka Rissanen
2014-05-21 12:43:06 UTC
Permalink
Post by Patrik Flykt
Post by Yevhen Kyriukha
It is a config for openvpn (/etc/openvpn). Openvpn is configured on
ubuntu *without* connman. You can create simple server config and put
"ifconfig-pool-persist ipp.txt" option to it. It will be enough for
testing.
This file is not read when openvpn is started by connman-vpnd. See
doc/vpn-config-format.txt to see if there already is an option you can
use.
There is a OpenVPN.ConfigFile option available that can pass an OpenVPN
configuration file via connman-vpnd to OpenVPN client process.
Unfortunately it is not currently documented in vpn-config-format.txt
file.


Cheers,
Jukka
Yevhen Kyriukha
2014-05-21 13:52:17 UTC
Permalink
Post by Jukka Rissanen
Post by Patrik Flykt
Post by Yevhen Kyriukha
It is a config for openvpn (/etc/openvpn). Openvpn is configured on
ubuntu *without* connman. You can create simple server config and put
"ifconfig-pool-persist ipp.txt" option to it. It will be enough for
testing.
This file is not read when openvpn is started by connman-vpnd. See
doc/vpn-config-format.txt to see if there already is an option you can
use.
There is a OpenVPN.ConfigFile option available that can pass an OpenVPN
configuration file via connman-vpnd to OpenVPN client process.
Unfortunately it is not currently documented in vpn-config-format.txt
file.
Cheers,
Jukka
openvpn is started automatically by init script on my Ubuntu server.
It is started on separate machine (without connman). I placed config
file for my VPN server at /etc/openvpn, so openvpn will run it
automatically.
--
Best regards,
Yevhen
Patrik Flykt
2014-05-23 10:07:33 UTC
Permalink
Hi,
Post by Yevhen Kyriukha
openvpn is started automatically by init script on my Ubuntu server.
It is started on separate machine (without connman). I placed config
file for my VPN server at /etc/openvpn, so openvpn will run it
automatically.
If you want to utilize connman and connman-vpnd in this setup, then
openvpn must be started by connman-vpnd. openvpn does not have any APIs
for on the fly run-time configuration. In order for connman-vpnd to be
able to control openvpn, connman-vpnd needs to be the one that starts
and stops openvpn.

The config file can be specified as an option as Jukka pointed out.

Cheers,

Patrik
Yevhen Kyriukha
2014-05-24 16:17:09 UTC
Permalink
Post by Patrik Flykt
If you want to utilize connman and connman-vpnd in this setup, then
openvpn must be started by connman-vpnd. openvpn does not have > > any
APIs
Post by Patrik Flykt
for on the fly run-time configuration. In order for connman-vpnd to be
able to control openvpn, connman-vpnd needs to be the one that starts
and stops openvpn.
Seems you didn't understand me. I was explaining my SERVER configuration.
It works OK.
I have problems with my CLIENT configuration where I have connman and
openvpn installed.

Again:

There is an issue when openvpn server restarts while client is been
connected to it: client doesn't update its VPN IP address.

In other words, when vpn server changes client's IP, client still uses its
old IP. Client uses connman, connman-vpn and openvpn. Connection is
established using "vpn-connect" script.
The problem is on client side.

Steps to reproduce:
1) In openvpn server config add "ifconfig-pool-persist ipp.txt" option.
2) Create ipp.txt file and define recommended IP for the client in a
following way:
myclient,10.10.10.23
3) Start VPN server.
3) Establish VPN connection on client using "vpn-connect" script.
4) Stop VPN server.
5) Change IP for client in ipp.txt file:
myclient,10.10.10.44
6) Start VPN server.
7) Wait for VPN connection is established on client and check IP of vpn
interface.

Expected results:
Interface gets new IP 10.10.10.44.

Actual results:
Interface using old IP 10.10.10.23.
--
Best regards,
Yevhen
Continue reading on narkive:
Loading...