loading...

Assigning Static IP for OpenVPN on Asus Routers

aelesia profile image aelesia Updated on ・2 min read

Configure a static IP so that you will always be assigned the same VPN IP address based on your username


SSH into Router

  1. Open your router at 192.168.0.1 (or whichever gateway you're using)

  2. Administration > System > Enable SSH > LAN only

  3. Open SSH client of choice
    Windows - Use Windows Powershell
    Mac - Use Terminal

  4. SSH into router by typing the following command (change your username to whichever you use when logging in, and IP address to your default gateway)

    ssh admin@192.168.0.1

  5. Enter your password when prompted

Reference


Create Script

  1. Create a scripts folder in '/jffs/scripts'

    cd ../../../jffs; mkdir scripts; cd scripts;

  2. Create new file 'clientconnect.sh'

    cat > clientconnect.sh

  3. Enter this script: (explanation later)

    #!/bin/bash
    if [ "$username" = "test" ];
    then
        echo "ifconfig-push 10.8.0.18 10.8.0.17" >>$1
    elif [ "$username" = "test2" ];
    then
        echo "ifconfig-push 10.8.0.22 10.8.0.21" >>$1
    fi
    
  4. Save by pressing Enter, then Ctrl-D

  5. Verify that the script has been saved. You should see the full code.

    cat clientconnect.sh

  6. Grant execution permissions

    chmod +x clientconnect.sh

Reference


Execute script on connect

  1. VPN > OpenVPN > VPN Details > Advanced Settings

  2. Enter this code under "Custom Configurations"

    script-security 2
    --client-connect /jffs/scripts/clientconnect.sh
    
  3. Apply

Reference #1
Reference #2


Connect to OpenVPN

  1. Create two OpenVPN users
    User 1: test
    User 2: test2

  2. Connect to OpenVPN with both accounts using your OpenVPN client of choice

  3. You should be connected to 10.8.0.18 with test, and 10.8.0.22 with test2

Reference


Modifying the script

If you wish to add more users, simply copy the "elif then echo" block and change the IP address and username.

#!/bin/bash
if [ "$username" = "test" ];
then
    echo "ifconfig-push 10.8.0.18 10.8.0.17" >>$1
elif [ "$username" = "test2" ];
then
    echo "ifconfig-push 10.8.0.22 10.8.0.21" >>$1
elif [ "$username" = "test3" ];
then
    echo "ifconfig-push 10.8.0.26 10.8.0.25" >>$1
elif [ "$username" = "test4" ];
then
    echo "ifconfig-push 10.8.0.30 10.8.0.29" >>$1
fi

The first IP can only be in multiples of 4 + 2 (18,22,26,30...), while the second IP must be one number lower than the first (17,21,25,29...)

I suggest not to use lower IPs to avoid collisions as OpenVPN will assign lower numbers first. (OpenVPN starts from 10.8.0.6)

If you wish to change the username, simply replace 'test' or 'test2' with the username of your choice.

Discussion

pic
Editor guide
Collapse
lechonsin profile image
Lechonsin

Hi i follow your steps but, if i activate in the router the script
script-security 2
--client-connect /jffs/scripts/clientconnect.sh

i cant conecct in clients, always say user authentication failed, and if quit the srcript conect fine, what happen? can yuou helpme please?