search

hwdsl2 / setup-ipsec-vpn

Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
Other
24.9k stars 6.28k forks source link

Update add_vpn_user.sh #1563

Closed hudoznik closed 2 months ago

hudoznik commented 2 months ago

Set static ip address client

hwdsl2 commented 2 months ago

@hudoznik Hello! First, thank you for contributing! While this would be a valuable addition to the add_vpn_user.sh script, there are a few considerations:

  1. The add_vpn_user.sh script can add users for the IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes, but not IKEv2 mode (run sudo ikev2.sh for that). Therefore, creating /etc/ipsec.d/$VPN_USER.conf to specify a static IP for IKEv2 mode would not work.
  2. We will need to check that the IP address specified is a valid IPv4 address. In addition, it must be from the 192.168.42.0/24 subnet for IPsec/L2TP mode, or from the 192.168.43.0/24 subnet for IPsec/XAuth mode, respectively. Also, the IP must not be from the pool of auto-assigned IPs. Refer to Internal VPN IPs and traffic for more details.

Due to the requirements and complexity mentioned above, let's not add this feature to add_vpn_user.sh at this time.