Rubin Shrestha
Zend certified PHP/Magento developer
Rubin Shrestha
Blog

Why aren’t IPs from pool being released after disconnect on OpenVPN?

by |Published

After setting up OpenVPN with this script here on a fresh install of Ubuntu Server 20.04.3, I notice that after every time I reconnect I get given a new IP from the server pool irrelevant of if I have ‘keepalive’ in my server config or not:

The first time I connect I get this: Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface...;

Second time I get this: Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.3/255.255.255.0 on interface....

I asked about this on OpenVPN’s community forums but according to a moderator this is not the behaviour of OpenVPN and is nothing to do with it. They said: “This behaviour is not expected and I do not know how you can make Openvpn do that.”

As long as I have keepalive took out I shouldn’t be getting this behaviour right? I’m thinking that if I keep my server running, eventually I will run out of IPs and have to restart the server which isn’t very convenient. Is this meant to happen? If not, why could this be happening?

This is my server config:

local XXX.XXX.X.XXX
port 69
proto udp
dev tun0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
;keepalive 10 120
cipher AES-256-CBC
compress lzo
persist-key
persist-tun
status openvpn-status.log
verb 0
crl-verify crl.pem
explicit-exit-notify
management localhost 7505
script-security 3
learn-address "/etc/openvpn/server/learn-address.sh"
max-clients 100
auth-user-pass-verify /etc/openvpn/server/clientCheck.sh via-env
verify-client-cert none
client-cert-not-required

As you can see I have ‘keepalive’ commented out.

And this is my client config:

client
dev tun
proto udp
remote XXX.XXX.X.XXX 69
resolv-retry infinite
nobind
persist-key
persist-tun
remote-random
ping-timer-rem
auth SHA512
compress lzo
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
data-ciphers AES-256-CBC
ignore-unknown-option block-outside-dns
explicit-exit-notify 2
verb 4
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-crypt>

You may also like