My previous attempt was a client-connect script that directly added static routes to quagga via vtysh commands. It worked... usually. Sometimes.
I see what you're saying about adding iroutes dynamically post-connect. I skirt this issue by using OSPF on p2p links between my openvpn servers, then using my client-connect script or my management daemon to add ifconfig-push'd static IP addresses or iroutes from CCD files to the routing table when p2mp clients connect. So I have no facility for adding a new iroute to a particular client beyond restarting the connection. I can definitely understand how that could be challenging. On Thu, Apr 30, 2020 at 2:14 PM Gert Doering <g...@greenie.muc.de> wrote: > > Hi, > > On Thu, Apr 30, 2020 at 01:53:29PM -0400, Joe Patterson wrote: > > So, I've got a back-burner project that does parts of this. It's a > > daemon that connects to the management console and handles things like > > client auth and such. The way I did it was that the daemon keeps an > > internal copy of basically the iroute table, and then advertises it > > via RIPv2 on localhost. I can then set up quagga to listen for RIP on > > localhost and redistribute RIP-learned routes via OSPF. At some point > > I will probably share it to the world, as it does some other handy > > things as well, and also because I am not a master coder, so I'm sure > > it could be improved upon by smarter folks than me. > > Nice. > > It's the easier part of the whole thing, though... (You can do the > "learn about iroute and put into kernel routing" part in client-connect > scripts as well, and radiusplugin is also doing something along those > lines to get radius-provided routes installed). > > The part that is - as far as I am aware - totally impossible today is > "while a client is connected, tell OpenVPN that a new iroute is needed > for this client" (which would be needed if OSPF decides "hey, I want > to route <network> to <this client>"). > > We have a trac ticket for this, somewhere, and all progress we've > made so far was "uh, this is hard, and there be dragons" :-) > > gert > > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh Mistress > > Gert Doering - Munich, Germany g...@greenie.muc.de _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
