Find OpenVPN IP based on client's public key/cert

Asked Jan 23 '17 at 18:55

Active Jan 24 '17 at 16:24

Viewed 128 times

0

A client is connected to an OpenVPN network. I'm on the OpenVPN server and have access to the client's public key/cert file (e.g. client5.crt).

(How) can I find out what IP is assigned to the client in the OpenVPN network based on that?

asked Jan 23 '17 at 18:55

akavel

818

How is the client obtaining an IP address? Is it statically assigned or assigned by a DHCP server? – heavyd Jan 23 '17 at 19:11
@heavyd For some clients, it's assigned statically. For others, it's not (so I assume a DHCP server?) I'd love a solution which would work in both those cases, or is it not possible? – akavel Jan 24 '17 at 12:21

1 Answers1

0

It seems that one should be able somehow to extract a "Common Name" from a public key/cert (TODO: how?).
Then, one can enable "management console" in the OpenVPN server (line management /var/run/openvpn.mgmt unix in openvpn config), and query it to match "Common Name" with an IP:
```
$ echo 'status 2' | socat stdio /var/run/openvpn.mgmt | grep '^ROUTING_TABLE' | cut -d, -f2-3
10.91.0.1,foobar
10.91.0.6,other-name
...
```

Something based on this may work, as long as every client has a unique "Common Name".

edited Mar 20 '17 at 10:17

Community

1

answered Jan 24 '17 at 16:24

akavel

818