openvpn per client configure




Per Client config file


設定 per client 的 config file 放在那裡

client-config-dir /etc/openvpn/clients

Client "XXX" 的設定, XXX --> client's X509 common name





--push option

Push a config file option back to the client for remote execution.

* option must be enclosed in double quotes ("")

* The client must specify --pull in its config file




Don't inherit(global config) the global push list for a specific client instance(--client-config-dir).

--ifconfig-push local remote-netmask

Push virtual IP endpoints for client tunnel, overriding the --ifconfig-pool dynamic allocation.

(相當於在 Client Side 行 "--ifconfig")


Client Side Configure(pull)



This option must be used on a client which is connecting to a multi-client server. 

It indicates to OpenVPN  that it should accept options pushed by the server,

provided they are part of the legal set of pushable options

(note that the --pull option is implied by --client ).

In particular, --pull allows the server to push routes to the client, so you should  not  use  --pull  or

--client in situations where you don't trust the server to have control over the client's routing table.


When used with --client or --pull, accept options pushed by server EXCEPT for routes.


Window client add route


If you have a problem adding routes in windows, make sure you have it starting as administrator.

You may also need to use one of these options:

Client configure

# changes how windows adds a route
route-method exe
# waits to add the route


push "route"