~eduvpn/server#142: 
Fixed IP assignment

We regularly get the request to create a way to bind an IP to a user.

In the context of eduVPN/Let's Connect! that would mean a fixed IP for a user in a certain profile.

Solution to beat: a profile specific for a user.

Status
REPORTED
Submitter
~fkooman
Assigned to
No-one
Submitted
1 year, 25 days ago
Updated
2 months ago
Labels
v4.x

~fkooman 1 year, 25 days ago*

Considerations:

  1. a user can only use one device (at a time) to connect to that profile and get the fixed IP
    • what would happen if they connect >1 times?
  2. we will lose the distribution of connection over nodes (and OpenVPN processes) as a particular user+profile must always use the same node(+process).

Questions:

  1. Do we need this for OpenVPN as well as WireGuard?
    • for WireGuard this seems easier to implement...
  2. How to manage? Does the server simply pick an IP address and keep it the same? Or does the admin manually configure this for a particular user?
  3. Does this need to work with the app(s) as well, or only with manual portal config downloads?

~fkooman 5 months ago

We could create a permission that contains information about which profile/node/IP the particular account will get access to, e.g. of this format external!node3.vpn.example.org!10.4.4.4!fd44:44:44:44::44 but this is all very messy...

~fkooman 2 months ago

Building on this permission idea: the "Connection Manager" could have some kind of parameter that allows for "IP hint" that would try to assign the IP to a particular user/connection, if it is already in use it would disconnect/kill the existing session.

Register here or Log in to comment, or comment via email.