~eduvpn/server#142: Fixed IP assignment

We regularly get the request to create a way to bind an IP to a user.

In the context of eduVPN/Let's Connect! that would mean a fixed IP for a user in a certain profile.

Solution to beat: a profile specific for a user.

Status: REPORTED
Submitter: ~fkooman
Assigned to: No-one
Submitted: 1 year, 8 months ago
Updated: 10 months ago
Labels: v4.x

~fkooman added contemplating 1 year, 8 months ago

~fkooman 1 year, 8 months ago*

Considerations:

a user can only use one device (at a time) to connect to that profile and get the fixed IP

what would happen if they connect >1 times?

we will lose the distribution of connection over nodes (and OpenVPN processes) as a particular user+profile must always use the same node(+process).

Questions:

Do we need this for OpenVPN as well as WireGuard?

for WireGuard this seems easier to implement...

How to manage? Does the server simply pick an IP address and keep it the same? Or does the admin manually configure this for a particular user?

Does this need to work with the app(s) as well, or only with manual portal config downloads?

~fkooman added v3.x 1 year, 8 months ago

~fkooman removed contemplating 1 year, 6 months ago

~fkooman removed v3.x 1 year, 6 months ago

~fkooman added v4.x 1 year, 6 months ago

~fkooman 1 year, 1 month ago

We could create a permission that contains information about which profile/node/IP the particular account will get access to, e.g. of this format external!node3.vpn.example.org!10.4.4.4!fd44:44:44:44::44 but this is all very messy...

~fkooman 10 months ago

Building on this permission idea: the "Connection Manager" could have some kind of parameter that allows for "IP hint" that would try to assign the IP to a particular user/connection, if it is already in use it would disconnect/kill the existing session.