By default, when connecting, OpenVPN clients receive a dynamic IP from the DHCP range that you set in the OpenVPN server configuration file (server.ovpn)
server network netmask (for example,
server 10.24.1.0 255.255.255.0). In some cases, you want certain OpenVPN clients to get the same static IP address every time they connect.
To do this, add the following line to the server.conf file:
Create a directory:
# mkdir /etc/openvpn/ccd
The contents of the /etc/openvpn/ccd directory must be readable by the OpenVPN user.
# chmod 744 /etc/openvpn/ccd
If OpenVPN is running under nobody:
# chown -R nobody:nogroup /etc/openvpn/ccd
In this directory, create a file with the name of the client (the client file name must match the name of the client in the certificate Common Name). For example, for your user with certificate testuser1 (
subject=CN= testuser1), you need to create a file with exactly the same name:
# nano /etc/openvpn/ccd/testuser1
If this is an OpenVPN client with Windows, you need to add the following configuration to the file:
#ifconfig-push clientIP serverIP
ifconfig-push 10.24.1.10 10.24.1.1
If it’s a Linux OpenVPN client:
#ifconfig-push clientIP Netmask
ifconfig-push 10.24.1.11 255.255.255.0
Restart the OpenVPN server service:
# systemctl restart network.service
Connect to the OpenVPN server from the client and check that it has received the IP address you specified.
For example, on a Linux OpenVPN client, run the command
ip add show tun0 and check that the tun0 interface is assigned the IP address 10.24.1.11.
You can also set a list of static IP addresses for OpenVPN clients using the ipp.txt file.
To do this, add the following line to the /etc/openvpn/server.conf configuration file:
Then fill in the list of clients and static IPs in the /etc/openvpn/ipp.txt file: