Hi Joe,
On Thu, Jul 24, 2014, at 07:31 AM, Joe Patterson wrote:
> If I'm understanding you correctly, I think I know the problem: "route"
> statements cannot go in a ccd (or, more accurately, they don't do anything
> if they're there), because route statements are injecting routes into the
> OS routing table, which is only done on start-up (and in the case of
> running openvpn un-privileged, only *can* be done at startup before
> dropping root privs)
Well, that certainly explains the behavior I'm seeing!
> There are two ways to get around this. First, and generally best, is to
> put all the "route" statements that you expect to need in the main config.
> Second, you *could* put routing commands in a client-connect script (I do
> something similar to this to inject client routes into quagga)
My main's gonna get messy ... so a client-connect script seems the option I'll
take.
I'm reading docs
--client-connect script
Run script on client connection. The script is passed the common name and
IP address of the just-authenticated client as environmental variables (see
environmental variable section below). The script is also passed the pathname
of a not-yet-created temporary file as $1 (i.e. the first command line
argument), to be used by the script to pass dynamically generated config file
directives back to OpenVPN.
and that seems clear. What I'm missing is -- does THAT ^^ need to be invoked
in the main config? OR can/does it go in the server's ccd/clientN.conf?
The latter keeps things neat(est). The latter, 'messes up' my main again --
though not as much as the 'raw' routes would.
PG
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
