Direct Restore to Microsoft Azure | VeeamPN software-defined networking
Post Reply
doublem
Influencer
Posts: 11
Liked: 2 times
Joined: Jul 01, 2016 4:07 pm
Contact:

VeeamPN and static client ip

Post by doublem » Feb 12, 2019 7:20 pm

I am running Veeam PN as a HUB on-prem and use it successfully for a number of point-to-site clients, both Windows and Linux.

I can connect clients and I have communication in both directions. Good.

In one use-case I want one client to always get the same ip number. I have looked at several guides for openvpn and tried the following modifications in VeeamPN but not got it to work. Anyone have any suggestions?

This have I done:

1) ssh to veeampm

2) Added those two lines to file

Code: Select all

file: /etc/veeampn/EndpointOVPN.cfg

ifconfig-pool-persist /etc/veeampn/ccd/ipp.txt
client-config-dir /etc/veeampn/ccd
3) Created dir and created one "client file" where 5075084332071946027 matches the CN= in the clients .ovpn file

Code: Select all

mkdir /etc/veeampn/ccd
cat /etc/veeampn/ccd/507508433207194602s

ifconfig-push 10.9.0.4 255.255.255.0
push "dhcp-option DOMAIN example.se"
4) Created /etc/veeampn/ccd/ipp.txt

Code: Select all

cat /etc/veeampn/ccd/ipp.txt

5075084332071946027,10.9.0.4
5) Restarted veeampn-server

When I test this I know that the client specific part is executed because I see the "DOMAIN example.se" in the client log file. But the static ip number is not set. I always get the lowest free ip numbers in the 10.9.0.0/24 when expecting the ip number 10.9.0.4 at the client.

AVasilyev
Veeam Software
Posts: 60
Liked: 14 times
Joined: Jan 01, 2006 1:01 am
Contact:

Re: VeeamPN and static client ip

Post by AVasilyev » Feb 13, 2019 10:15 pm

Hi doublem!

I'm sorry - the way the VeeamPN is developed it is not possible to alternate IP address assignments.

I can suggest another workaround - would it be OK with you if you will be able to resolve the client ip address by its DNS name. I can give you a script which can refresh all clients and IP addresses into a text file which can be used as a source information with DNSmasq server or /etc/hosts file.
Or if this is not working - explain me more about your use case.

Thank you,
Alexey

doublem
Influencer
Posts: 11
Liked: 2 times
Joined: Jul 01, 2016 4:07 pm
Contact:

Re: VeeamPN and static client ip

Post by doublem » Feb 14, 2019 1:11 pm

Hi and thanks for your reply.

> ... it is not possible to alternate IP address assignments.

OK. Good information. Now I do not need to try to figure this out.
(Maybe a "Request for Enhancement"?)


> resolve the client ip address by its DNS name. I can give you a script which can refresh
> all clients and IP addresses into a text file which can be used as a source information
> with DNSmasq server or /etc/hosts file.

Thanks. I would be interested in this workaround.


> explain me more about your use case.

Use case: NAS-backup-software which backup data to a remote client (the vpn-client). The client establishes the initial tcp connection because I can not open ports from "out side" at the client-side (the backup target site).

I can probably use dynamically updated DNS/host-names.

AVasilyev
Veeam Software
Posts: 60
Liked: 14 times
Joined: Jan 01, 2006 1:01 am
Contact:

Re: VeeamPN and static client ip

Post by AVasilyev » Feb 14, 2019 7:34 pm

Please find the code below
Login into the VeeamPN server by ssh and paste the code to a file.

every time you are running the script it writes IP addresses into /etc/hosts_veeampn file (you can change filename by editing value of OUTPUT_FILE variable
the script should be started under admin account - it requires root privileges to access to local UNIX socket to obtain authorization

This result file can be used by DNSmasq if you would like to install it on VeeamPN server. Please refer to the DNSmasq manual - I would suggest to use the following option

Code: Select all

-H, --addn-hosts=<file>
Additional hosts file. Read the specified file as well as /etc/hosts. If --no-hosts is given, read only the specified file. This option may be repeated for more than one additional hosts file. If a directory is given, then read all the files contained in that directory.
Just a note - to make DNSmasq re-read the file you should send a signal SIGHUP (http://www.thekelleys.org.uk/dnsmasq/do ... .html#lbAG)


Code: Select all

#!/bin/sh

source /usr/share/veeampn/azure_cfg/api/hub_utils.sh
source /usr/share/veeampn/azure_cfg/api/ovpn_api.sh
source /usr/share/veeampn/azure_cfg/api/mgmt_api.sh
source /usr/share/veeampn/azure_cfg/api/azure_api.sh

DNS_SUFFIX=".veeampn.loc"
OUTPUT_FILE="/etc/hosts_veeampn"

# connect to localhost
function LOCAL_call_authorize
{
    AUTH_USERNAME=$(check_val "$1" "Need username - 1st argument")
    AUTH_URL=$(check_val "$2" "Need URL - 1st argument")

    AUTH_RES=""
    TRY=0

    while [ ${TRY} -ne 5 ] && [ "$AUTH_RES" = "" ] ; do
        AUTH_RES=$(echo -e "getToken\t$AUTH_USERNAME" | socat UNIX-CONNECT:$AUTH_URL -)

        if [[ $? != 0 ]]; then
            log "Failed to Local Autorize"
            exit -1
        fi

        if [[ "$AUTH_RES" = "" ]]; then
            log "Failed to obtain auth token from LOCAL_AUTH - $TRY"
            sleep 1
        fi


        ((TRY=TRY+1))
    done

    if [[ ${TRY} -eq 5 ]]; then
        log "Cannot connect to LOCAL_AUTH - 5 retries"
        exit -1
    fi

    AUTH_TOKEN=$AUTH_RES
}

function main
{
    VEEAMPN_TEST_LOG_FILE=/var/log/Veeam/veeampn/dns.log
    mkdir -p ${VEEAMPN_TEST_LOG_FILE%/*}

    LOCAL_UNIX_SOCKET="/var/run/veeampn/auth_srv"
    LOCAL_PORT=12345

    LOCAL_call_authorize "localavas" "$LOCAL_UNIX_SOCKET"

    URL="http://localhost:$LOCAL_PORT"

    mgmt_get_version $URL/mgmt
    log "-VERSION=$VERSION-" $(echo $CALL_RES | jq '.result')
    mgmt_get_op_mode $URL/mgmt
    log "-CURRENT_MODE=$OPMODE-"

    if [[ -r "$OUTPUT_FILE"temp ]];
    then
        rm  "$OUTPUT_FILE"temp
    fi
    touch   "$OUTPUT_FILE"temp

    call_jsonrpc '{ "jsonrpc":"2.0","method" : "getConnections", "params" : { "showOnlyConnected":false}, "id" : 123 }'   "$URL/monitor"
    for name in $(echo $CALL_RES | jq -r '.result.connections[]? |.name') ;
        do
                if [[ "$(echo $CALL_RES | jq -r '.result.connections[]? |select(.name=="'$name'").ip?')" != "null" ]] ; 
                then
                        echo -ne "$(echo $CALL_RES | jq -r '.result.connections[]? |select(.name=="'$name'").ip?')  $name $name$DNS_SUFFIX\n" >> "$OUTPUT_FILE"temp
                fi
        done

    mv  "$OUTPUT_FILE"temp  "$OUTPUT_FILE"
}


main



Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest