Hi,
On Mon, May 23, 2016 at 11:47 AM, Nikolaos Milas <nmi...@noa.gr> wrote:
> On 22/5/2016 8:40 μμ, Gert Doering wrote:
>
> > ...
> > - call --push-reset, which will remove*everything* from the push list,
> > and re-build all options except "push redirect-gateway"
> > ...
>
> Thank you Gert for all your advice,
>
> I also thank Selva Nair, who replied off-list.
>
off-list was by mistake :)
> You have been very helpful and detailed, and I sincerely appreciate it.
>
> I decided to try the above solution first (as most handy), and it worked
> as follows; in the client ccd file (identified by common name), I added:
>
> push-reset
> push "topology subnet"
> push "explicit-exit-notify"
> push "dhcp-option DNS 194.177.xxx.xxx"
> push "dhcp-option DNS 194.177.xxx.xxx"
> push "persist-key"
> push "persist-tun"
> ifconfig-push 10.12.12.2 255.255.255.0
> push "route nnn.nnn.nnn.nnn 255.255.255.128 10.12.12.1"
> push "route zzz.zzz.zzz.zzz 255.255.255.128 10.12.12.1"
>
While this should work, leaving all common options in the config file and
the ones that need client-specific override in ccd/DEFAULT may be easier to
maintain than using push-reset and redefining all push options. Then all
clients without a specific ccd file will get the common options plus those
in DEFAULT while the ones with a ccd file would get the common options plus
those in the ccd file.
push-remove in git master is even better.
> Note: Initially (working as a full-tunnel), the client's ccd file
> included only the following line:
>
> ifconfig-push 10.12.12.2 255.255.255.0
>
> Interestingly, it would not work when I used:
>
> push "route nnn.nnn.nnn.nnn 255.255.255.128"
> push "route zzz.zzz.zzz.zzz 255.255.255.128"
>
This will use the default value of gateway which is taken from
--route-gateway or --ifconfig. Neither of those may be defined in your
client config so the route may fail with no gateway specified error. See
the error logs. Adding "vpn_gateway" doesn't help here as its just another
name for the same.
In your server config add push "route-gateway 10.12.12.1". This is
automatically done (for topology subnet) if --server option is used to
setup the server ip, ip-pool etc, not otherwise. Also see --server and
--route options in the man page for more details.
Selva
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
