В OpenVPN можно сделать привязку IP к сертификату. Вот пример

Using a Client Configuration Directory with Per-Client Configurations
Another striking feature of OpenVPN is the fact that we can have client configurations pushed through the tunnel on creation and use client-specific configurations, which are simply set by the subject line of the client's certificate. An appropriate server configuration file may look like the following:


port 443
dev tun0FIT
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/firewall.crt
key /etc/openvpn/certs/firewall.key
dh /etc/openvpn/certs/dh2048.pem
tls-auth /etc/openvpn/certs/ta.key 0
auth SHA1
cipher AES-256-CBC
tls-cipher DHE-RSA-AES256-SHA
server 10.179.0.0 255.255.0.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
client-config-dir clients
keepalive 10 120
resolv-retry 86400
comp-lzo
status /var/log/openvpn/status.log
log /var/log/openvpn/main.log
tls-server
verb 3


There are three lines that are relevant in this context:
1. server 10.179.0.0 255.255.0.0: This tells OpenVPN on this machine to act as a server and automatically distribute IP addresses to clients connecting.
2. ifconfig-pool-persist /etc/openvpn/ipp.txt: This makes OpenVPN keep a list of certificate to IP relationships, so that a client connecting will (probably) always have the same IP.
3. client-config-dir clients: This has OpenVPN look in the directory "clients" for a client-specific configuration file when a client connects.

Используя настройку в файле ipp.txt можно сделать привязку IP к сертификту. Конфиг UNIX-вый.

Посмотри книгу

OpenVPN
Building and Integrating Virtual Private Networks
Learn how to build secure VPNs using this powerful Open Source application
Markus Feilner

Рекомендую.