>Hi, On Wed, Aug 23, 2023 at 06:41:35AM +0000, Jason Long via Openvpn-users wrote: > Hello, > My server and client use range 10.0.2.X: > > Server: 10.0.2.15 > Client: 10.0.2.16
>If this is the "outside" IP (LAN NIC) that client and server use to >setup a VPN session... > client-config-dir ccd > ccd-exclusive > route 10.0.2.0 255.255.255.0 > > And add the following line to the "/etc/openvpn/ccd/client" file: > > iroute 10.0.2.0 255.255.255.0 >... it MUST NOT go into the VPN config, because route/iroute are *inside* >things. >"route/iroute" statements in the Openvpn config and the CCD files are >used to route specific IP addresses / subnets *inside* the VPN to the >other side. This could be something like 192.168.100.0 255.255.255.0, >but not "what you use on the outside NICs". >gert >-- >"If was one thing all people took for granted, was conviction that if you >feed honest figures into a computer, honest figures come out. Never doubted >it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh Mistress >Gert Doering - Munich, Germany g...@greenie.muc.de Hello, As I understand, if the file name is not equal to the CN name in the client.crt file, then the client can't connect to the OpenVPN server. Excuse me, is the ccd-exclusive statement best way to filter the clients? For example, I only want to allow clients to connect to the server whose CN name is Trusted. _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
