openvpn per client configure

 

 

 


Per Client config file

 

設定 per client 的 config file 放在那裡

client-config-dir /etc/openvpn/clients

Client "XXX" 的設定, XXX --> client's X509 common name

/etc/openvpn/clients/XXX

 


push

 

--push option

Push a config file option back to the client for remote execution.

* option must be enclosed in double quotes ("")

* The client must specify --pull in its config file

 

有用的設定

push-reset

Don't inherit(global config) the global push list for a specific client instance(--client-config-dir).

--ifconfig-push local remote-netmask

Push virtual IP endpoints for client tunnel, overriding the --ifconfig-pool dynamic allocation.

(相當於在 Client Side 行 "--ifconfig")

 


Client Side Configure(pull)

 

--pull

This option must be used on a client which is connecting to a multi-client server. 

It indicates to OpenVPN  that it should accept options pushed by the server,

provided they are part of the legal set of pushable options

(note that the --pull option is implied by --client ).

In particular, --pull allows the server to push routes to the client, so you should  not  use  --pull  or

--client in situations where you don't trust the server to have control over the client's routing table.

--route-nopull

When used with --client or --pull, accept options pushed by server EXCEPT for routes.

 


Window client add route

 

If you have a problem adding routes in windows, make sure you have it starting as administrator.

You may also need to use one of these options:

Client configure

# changes how windows adds a route
route-method exe
# waits to add the route
route-delay

Server

push "route 10.8.0.0 255.255.255.0"