IP-less setups - ifconfig-noexec

The goal of this recipe is to create an OpenVPN tunnel without assigning IP addresses to the endpoints of the tunnel. In a routed network setup, this ensures that the tunnel endpoints can never be reached through themselves, which adds some security and can also make the routing tables a bit shorter. In the OpenVPN configuration files, an IP address needs to be specified, but it is never assigned to the tunnel interface.

This recipe has only been tested on Linux systems, as it requires some network-interface configuration that is not available on other platforms.

Getting ready

We will use the following network layout:

Make sure that the client and server are not on the same local network. If the client and server can ...

Get OpenVPN Cookbook - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

OpenVPN Cookbook - Second Edition by Jan Just Keijser

IP-less setups - ifconfig-noexec

Getting ready

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly