Re: [Openvpn-users] Split Tunnel on a per client basis

Mon, 23 May 2016 08:50:38 -0700 

On 22/5/2016 8:40 μμ, Gert Doering wrote:

> ...
>   - call --push-reset, which will remove*everything*  from the push list,
>     and re-build all options except "push redirect-gateway"
> ...

Thank you Gert for all your advice,

I also thank Selva Nair, who replied off-list.

You have been very helpful and detailed, and I sincerely appreciate it.

I decided to try the above solution first (as most handy), and it worked 
as follows; in the client ccd file (identified by common name), I added:

    push-reset
    push "topology subnet"
    push "explicit-exit-notify"
    push "dhcp-option DNS 194.177.xxx.xxx"
    push "dhcp-option DNS 194.177.xxx.xxx"
    push "persist-key"
    push "persist-tun"
    ifconfig-push 10.12.12.2 255.255.255.0
    push "route nnn.nnn.nnn.nnn 255.255.255.128 10.12.12.1"
    push "route zzz.zzz.zzz.zzz 255.255.255.128 10.12.12.1"

Note: Initially (working as a full-tunnel), the client's ccd file 
included only the following line:

    ifconfig-push 10.12.12.2 255.255.255.0

Interestingly, it would not work when I used:

    push "route nnn.nnn.nnn.nnn 255.255.255.128"
    push "route zzz.zzz.zzz.zzz 255.255.255.128"

or

    push "route nnn.nnn.nnn.nnn 255.255.255.128 vpn_gateway"
    push "route zzz.zzz.zzz.zzz 255.255.255.128 vpn_gateway"

Yet, since the documented way, as I understand, seems to be the second

    https://openvpn.net/index.php/open-source/documentation/howto.html#scope

...I wonder why I had this issue. Can you please explain?

Comment: I will also plan to deploy a git master build, or the first 
major release to follow (hopefully soon), since the new "push-remove" 
option is too tempting to ignore!

Thanks again,
Nick


------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to