[eduVPN-deploy] Fixed IP - ccd

Marc Langer marc.langer at uos.de
Mon Jul 25 10:53:04 CEST 2022 

Hi,
we also have this usecase for some special users. At the moment they 
have their own profiles and static IP assignments on a PulseSecure 
Appliance, but it would be great to be able to do this more easy with 
eduVPN some day :-)

Best regards,
Marc

Am 25.07.22 um 10:14 schrieb Frank Weis via eduVPN-deploy:
> Hi,
> I might have a use case where this would really save my day:
> I want to deploy eduVPN to provide access to internal resources, and I would need a LOT of different profiles.
> I see several different ways to get there:
> 
> 1. fixed IP per client (the IP could be returned by SAML)
> 2. lots of different profiles (is there still a limit of 64 profiles in v3?)
> 3. find the right place to place hooks in the connection/disconnection code, where I could call a script(username, vpn-ip) that opens/closes the firewall accordingly.
> 
> 1. would be easiest to implement for me, and quickest for the user
> 2. doable, but it might not scale well if I had 250 profiles
> 3. doable, but I'd be grateful for tips on where to place my connect/disconnect calls
> 
> Thanks a lot in advance,
> Frank
> 
> 
> 
> On 4/10/20 5:06 PM, Vincent Perrot wrote:
>>/Hi, /
> Hi Vincent,
> 
>>/is it possible to define a fixed ip for a specific user with a ccd file? />/I tested by adding a "client-config-dir" directly in the openvpn />/configuration but even by restarting the service it does not work /
> Due to the nature and architecture of both OpenVPN and how eduVPN had to
> "work around" this, it is not possible to do this.
> 
> We found that in many cases an *exact* IP-to-user match is not
> required... The use of profiles can most likely fill the functional need
> [1]. If you have a specific use case where this is absolutely required,
> i.e. not just "would be nice", I'd be interested in hearing that!
> 
>>/I found this commit />/https://github.com/eduvpn/vpn-server-api/commit/013fc9a0ab6e5c2c524c907622910cd25e8a7565 
> />/but it is 4 years old. /
> Yeah, that is from more optimistic times where we thought we can also do
> IP management ourselves, remain stable *and* scale up to 1000s of users
> with this ;-)
> 
> Regards,
> François
> 
> [1]https://github.com/eduvpn/documentation/blob/v2/MULTI_PROFILE.md
> 
> -- 
> 
> *Frank Weis*
> Conseiller informaticien
> 
> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG
> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse
> Centre de gestion informatique de l’éducation
> 
> eduPôle - Walferdange
> Route de Diekirch, L-7220 Walferdange
> _Adresse postale_ : B.P. 98, L-7201 Bereldange
> 
> Tél. Helpdesk: (+352) 247-85999 . Tél. Secrétariat: (+352) 247-85970 
> .Fax : (+352) 247-85174
> E-mail : Frank.Weis at cgie.lu
> www.cgie.lu <http://www.cgie.lu/>
> www.men.lu <http://www.men.lu/>
> www.gouvernement.lu <http://www.gouvernement.lu>
> 
> Ce message et toutes pièces jointes sont établis à l'intention exclusive 
> de ses destinataires. Ils peuvent contenir des informations 
> confidentielles. Si vous recevez ce message par erreur, merci de le 
> détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation 
> de ce message non conforme à sa destination, toute diffusion ou toute 
> publication, totale ou partielle, est interdite, sauf autorisation 
> expresse. Ce message a fait l'objet d'un traitement anti-virus.
> 
> Le contenu de ce message et des pièces jointes ne pourrait engager la 
> responsabilité du ministère que s'il a été émis par une personne dûment 
> habilitée agissant dans le strict cadre des fonctions auxquelles elle 
> est employée et à des fins non étrangères à ses attributions.
> 
> 
> _______________________________________________
> eduVPN-deploy mailing list
> eduVPN-deploy at list.surfnet.nl
> https://list.surfnet.nl/mailman/listinfo/eduvpn-deploy

-- 
Uni Osnabrück
Rechenzentrum
Nelson-Mandela-Str. 4
49076 Osnabrück

Tel. 0541-969-2365
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5974 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://list.surfnet.nl/pipermail/eduvpn-deploy/attachments/20220725/835e6114/attachment.p7s>

More information about the eduVPN-deploy mailing list