Appendix: Consolidating the Logs in the Cloud Using OpenVPN : Configuring On-premises Servers : Prepare the Client Certificate and IP Address
  
Prepare the Client Certificate and IP Address
Each OpenVPN client requires a certificate with a unique name. This could be, for example, the name of the on-premises computer.
Perform the following steps to create the certificate for the OpenVPN client:
1. On the cloud computer where the OpenVPN server is installed, open a command prompt as an administrator.
2. At the command prompt, enter the following commands:
cd "%ProgramFiles%\OpenVPN\easy-rsa"
vars.bat
build-key.bat <computer name>
In the last command, <computer name> stands for the name of the on-premises computer to run the OpenVPN client.
When asked for input, accept or change the default values apart from the Name and Common name fields. In these fields, enter the name of the on-premises computer:
Common name: <computer name>
Name: <computer name>
As a result of these commands, the files <computer name>.crt and <computer name>.key appear in the folder easy-rsa\keys. You should copy these two files along with the file ca.crt to the client’s configuration folder on the on-premises computer (%ProgramFiles%\OpenVPN\config).
The OpenVPN server must be configured to assign a certain fixed IP address to the OpenVPN client. This IP address is associated with the name of the client’s certificate, which in our case is the name of the on-premises computer.
Due to a known limitation of the TAP driver in the case of the routed IP tunnel, the host number in the client IP address must be such that the remainder of dividing it by 4 is 2. For example, if the subnet from which OpenVPN picks addresses has the start IP address of 10.8.0.0 with the network mask 255.255.255.0 (set by the server parameter in the OpenVPN server configuration file), then a valid client address could be 10.8.0.6, 10.8.0.10, 10.8.0.14, 10.8.0.18, and so on.
Perform the following steps to assign a fixed IP address to the on-premises computer running the OpenVPN client:
1. On the cloud computer where the OpenVPN server is installed, open a command prompt as an administrator.
2. At the command prompt, enter the following commands:
net stop OpenVPNService
cd "%ProgramFiles%\OpenVPN\config"
notepad ipp.txt
3. In the file ipp.txt, add a line composed of the client’s certificate name followed by a comma and the desired IP address. For example:
mycomp,10.8.0.6
 
Important:  
To edit the file ipp.txt, the OpenVPN server must be stopped. This condition is ensured with the command net stop OpenVPNService. When finished editing, start that service (for example, by entering net start OpenVPNService at a command prompt).
Having started, the OpenVPN server updates the file ipp.txt to align the client IP address assignment with the TAP driver requirements, subtracting 2 from the actual host number. For example, for a client with the IP address of 10.8.0.6, the IP address set in the file ipp.txt would be 10.8.0.4.