On Thu, Jul 24, 2014 at 2:14 PM, <pg0...@fastmail.fm> wrote:
>
> > I've got an older bash script I used (before I started doing dynamic
> > routing via ospf) for a client connect script that probably does what you
> > want. It's kind of ugly, but functional:
> >
> > #!/bin/bash
> > if [ "$script_type" = "client-connect" ]; then
> (snip)
> > exit 0
>
> That gets invoked from the *main* openvpn config, right?
>
>
Yes. So, for example, I have that script at /etc/openvpn/client-connect,
then I have an entry in the main openvpn config that says "client-connect
client-connect"
> > If you add in something like "cat /etc/openvpn/ccd/$common_name > $1" to
> > the end, you can remove the client-config-dir directive from your main
> > config
>
> Ah, so it replaces ccd/*
>
It *can* replace the client-config-dir directive (or be used alongside it).
You'll note that in my script, I'm using the files in ccd/*. Now, it
doesn't *have* to do that, it could be a huge obnoxious script with a bunch
of 'elif [ "$common_name" = "foo" ]; then ..., or it could tie into a
database where you keep all your configuration data, or it could be just '.
/etc/openvpn/up-scripts/$common_name' (note that I'm not actually
*suggesting* that you do any of these things, I'm just saying that you
*could*)
> TBH, I appreciate the ccd/* metaphor. It's very clean and tidy. And very
> nicely portable. It'd ReallyNiceToHave(tm) the ability/option to "do it
> all", per client, in each client's ccd/*. Still not sure if it's doable,
> and/or of it entails much more than a client-connect-script capability --
> in effect, an "up script", in ccd/*.
>
> > and just to give a bit of history on why *I* did this
>
> Noted ...
>
> > ospf
>
> Know of it. Never used it. Think it's vast overkill for my need. Watch
> now -- I've jinxed it :-/
>
It is overkill for your need. The point at which you need it is really
when you start having routing that changes dynamically across more than a
single system.
-Joe
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
