[eduVPN-deploy] Fixed IP - ccd

Mon Jul 25 10:14:55 CEST 2022

Hi,
I might have a use case where this would really save my day:
I want to deploy eduVPN to provide access to internal resources, and I would need a LOT of different profiles.
I see several different ways to get there:

1. fixed IP per client (the IP could be returned by SAML)
2. lots of different profiles (is there still a limit of 64 profiles in v3?)
3. find the right place to place hooks in the connection/disconnection code, where I could call a script(username, vpn-ip) that opens/closes the firewall accordingly.

1. would be easiest to implement for me, and quickest for the user
2. doable, but it might not scale well if I had 250 profiles
3. doable, but I'd be grateful for tips on where to place my connect/disconnect calls

Thanks a lot in advance,
Frank

On 4/10/20 5:06 PM, Vincent Perrot wrote:
> Hi,

Hi Vincent,

> is it possible to define a fixed ip for a specific user with a ccd file?
> I tested by adding a "client-config-dir" directly in the openvpn
> configuration but even by restarting the service it does not work

Due to the nature and architecture of both OpenVPN and how eduVPN had to
"work around" this, it is not possible to do this.

We found that in many cases an *exact* IP-to-user match is not
required... The use of profiles can most likely fill the functional need
[1]. If you have a specific use case where this is absolutely required,
i.e. not just "would be nice", I'd be interested in hearing that!

> I found this commit
> https://github.com/eduvpn/vpn-server-api/commit/013fc9a0ab6e5c2c524c907622910cd25e8a7565
> but it is 4 years old.

Yeah, that is from more optimistic times where we thought we can also do
IP management ourselves, remain stable *and* scale up to 1000s of users
with this ;-)

Regards,
François

[1] https://github.com/eduvpn/documentation/blob/v2/MULTI_PROFILE.md

--

Frank Weis
Conseiller informaticien

LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG
Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse
Centre de gestion informatique de l’éducation

eduPôle - Walferdange
Route de Diekirch, L-7220 Walferdange
Adresse postale : B.P. 98, L-7201 Bereldange

Tél. Helpdesk: (+352) 247-85999 . Tél. Secrétariat: (+352) 247-85970 .Fax : (+352) 247-85174
E-mail : Frank.Weis at cgie.lu<mailto:Frank.Weis at cgie.lu>
www.cgie.lu<http://www.cgie.lu/>
www.men.lu<http://www.men.lu/>
www.gouvernement.lu<http://www.gouvernement.lu>
[cid:part1.mZxxmkmR.0EhB5yJF at cgie.lu]
Ce message et toutes pièces jointes sont établis à l'intention exclusive de ses destinataires. Ils peuvent contenir des informations confidentielles. Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation de ce message non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. Ce message a fait l'objet d'un traitement anti-virus.

Le contenu de ce message et des pièces jointes ne pourrait engager la responsabilité du ministère que s'il a été émis par une personne dûment habilitée agissant dans le strict cadre des fonctions auxquelles elle est employée et à des fins non étrangères à ses attributions.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.surfnet.nl/pipermail/eduvpn-deploy/attachments/20220725/a2cf98bf/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 3SDRp0RrY0l41vlZ.png
Type: image/png
Size: 48587 bytes
Desc: 3SDRp0RrY0l41vlZ.png
URL: <https://list.surfnet.nl/pipermail/eduvpn-deploy/attachments/20220725/a2cf98bf/attachment-0001.png>