New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cedar: DHCP server now assigns static IPv4 address, if present in user note #1218
Conversation
I would like to propose a different approach: MAC address <-> IP address mapping (commonly used in DHCP servers). What are your thoughts about it? |
I found the following problems with assigning a static IP address to a user based on the MAC<->IP binding:
All my users should receive:
An internal DHCP server will be sufficient for this, if it can perform a USER<->IP binding. |
The static MAC address should be applied client-side for L2 protocols; for L3 protocols it can be forced in the user notes field: SoftEtherVPN/src/Cedar/Account.h Line 11 in 684d17e
SoftEtherVPN/src/Cedar/Account.c Lines 1275 to 1320 in 2aeec32
|
Davide Beatrice wrote: Yes, but I need to assign a static IP address to the user, not the device. |
In that case we may want to implement a per-user setting that allows to set an allowed-IP list, as mentioned in #604. |
This is one feature that would be super helpful when setting up ACLs or using protocols that don't have a MAC address aasigned like L3 OpenVPN and PPP. Does this feature support both IPv4 and IPv6? |
@davidebeatrici |
@andrewfer000 All you need to do if you want to apply my approach is to add an expression similar to: Unfortunately, the built-in DHCP server only processes IPv4 frames,, so far. |
This PR would close #16 if merged - I think an implementation of this idea has been needed for a very long time |
…r note This works for all VPN protocols. In SessionMain(): for DHCPDISCOVER and DHCPREQUEST frames, write the static IP address (which is retrieved from the user notes) in the SIADDR field of DHCPHEADER. In VirtualDhcpServer(): for DHCPDISCOVER and DHCPREQUEST frames, read the static IP address from the SIADDR field of DHCPHEADER and assign it to the client.
2c6b2e9
to
d29d1f5
Compare
Thank you very much for your contribution! |
Hi, Leo.
I conducted several tests and I received the same entries in the log file
when the IP address assigned to the user was inside the server's DHCP pool
.
The static IP address assigned to the client shouldn't be a member of DHCP
pool.
So, if your clients need only static IP addresses, you should define the
DHCP pool as small as possible, e.g. from 192.168.30.10 to 192.168.30.10.
Regards
Peter
pt., 24 gru 2021 o 08:00 Leo ***@***.***> napisał(a):
… I added IPv4: 192.168.30.19 in user notes and enable internal DHCP server
but it does not work, I use OPENVPN client to do this. OPENVPN client throw
User authentication failed. I check SoftEther VPN log as below:
2021-12-24 14:58:03.838 On the TCP Listener (Port 0), a Client (IP address
39.170.91.xx, Host name "39.170.91.xx", Port number 39937) has connected.
2021-12-24 14:58:03.838 For the client (IP address: 39.170.91.xx, host
name: "39.170.91.xx", port number: 39937), connection "CID-19" has been
created.
2021-12-24 14:58:03.838 SSL communication for connection "CID-19" has been
started. The encryption algorithm name is "(null)".
2021-12-24 14:58:03.838 [HUB "lkt"] The connection "CID-19" (IP address:
39.170.91.xx, Host name: 39.170.91.xx, Port number: 39937, Client name:
"OpenVPN Client", Version: 5.02, Build: 5180) is attempting to connect to
the Virtual Hub. The auth type provided is "External server authentication"
and the user name is "lkt1".
2021-12-24 14:58:03.838 [HUB "lkt"] Connection "CID-19": Successfully
authenticated as user "lkt1".
2021-12-24 14:58:03.838 [HUB "lkt"] Connection "CID-19": The new session
"SID-LKT1-[OPENVPN_L3]-12" has been created. (IP address: 39.170.91.xx,
Port number: 39937, Physical underlying protocol: "Legacy VPN - OPENVPN_L3")
2021-12-24 14:58:03.838 [HUB "lkt"] Session "SID-LKT1-[OPENVPN_L3]-12":
The parameter has been set. Max number of TCP connections: 1, Use of
encryption: Yes, Use of compression: No, Use of Half duplex communication:
No, Timeout: 20 seconds.
2021-12-24 14:58:03.838 [HUB "lkt"] Session "SID-LKT1-[OPENVPN_L3]-12":
VPN Client details: (Client product name: "OpenVPN Client", Client version:
502, Client build number: 5180, Server product name: "SoftEther VPN Server
Developer Edition (64 bit) (Open Source)", Server version: 502, Server
build number: 5180, Client OS name: "OpenVPN Client", Client OS version:
"-", Client product ID: "-", Client host name: "74:8f:3c:ba:ba:ac", Client
IP address: "39.170.91.xx", Client port number: 39937, Server host name:
"172.17.0.14", Server IP address: "172.17.0.14", Server port number: 1194,
Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0,
Virtual Hub name: "lkt", Client unique ID:
"64BC001C98DBF38FA4AE0402A84DC1ED")
2021-12-24 14:58:08.838 OpenVPN Session 1 (39.170.91.xx:39937 ->
172.17.0.14:1194) Channel 0: Acquiring an IP address from the DHCP server
failed. To accept a PPP session, you need to have a DHCP server. Make sure
that a DHCP server is working normally in the Ethernet segment which the
Virtual Hub belongs to. If you do not have a DHCP server, you can use the
Virtual DHCP function of the SecureNAT on the Virtual Hub instead.
2021-12-24 14:58:08.838 OpenVPN Session 1 (39.170.91.xx:39937 ->
172.17.0.14:1194) Channel 0: Failed to connect a channel.
2021-12-24 14:58:09.100 [HUB "lkt"] Session "SID-LKT1-[OPENVPN_L3]-12":
The session has been terminated. The statistical information is as follows:
Total outgoing data size: 1616 bytes, Total incoming data size: 1464 bytes.
—
Reply to this email directly, view it on GitHub
<#1218 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ARBPZ2D5TCQMH6ODASY4JOLUSQK73ANCNFSM4RXO5OBA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Feature proposed in this pull request:
assigning a static IP address to the user by the internal DHCP server.
It is independent of the client software.
How it works:
A) in the SessionMain() function:
( which is readed form user's note ) in the SIADDR field of the DHCPHEADER
B) in the VirtualDhcpServer() function:
from the SIADDR field of the DHCPHEADER and treat it as the required IP address