how to add a kernel's route on the openvpn server?

[fondpiggy]

how to add a kernel's route on the openvpn server when a client connected.

I know that the ccd files can auto add a LAN route on server, but it is internal route, not is kernel's route.
iroute 192.168.0.0 255.255.255.0

the options "--route" is not my expectation, because I have a lot of client, I want get the his LAN route when the client connected.


Thanks

[krzee]

you do want --route
i dont understand why you think you dont
did you read my writeup here?
viewtopic.php?f=8&t=98

[fondpiggy]

Yeah, I had read your writing.
I want setup another openvpn server to implement failover function.
so I running the zebra on the vpn servers to communicate with internal OSPF router, but the zebra only recognize the kernel route.
it means that there are two vpn servers configured on the clients, when one server can't reachable, the clients can auto connect to another vpn server. so the internal router(hosts) need get new route to access the LAN behind clients.

thanks your respond.

[krzee]

you cannot do this in client/server with tun
you either need tap (do not need a bridge, just tap) or a ptp (instead of client/server)

[fondpiggy]

do you mean that if I configure tap virtual interface, it will add a kernel route?
unlucky, my client box not support tap interface.

[krzee]

well the problem you will have is dynamically adding iroutes for the client when other lans are behind it... using tap gets around that
the other way to get around it is using a bunch of ptp links
then you can let ospf do its thing over the vpn

[fondpiggy]

Hi, krzee.
Sorry, I can’t quite understand the solution that you said. Could you please explain more detail?

Is there another solution using openvpn scripting function?
Another striking option of OpenVPN is its scripting capabilities. We can create our own scripts and have them called on changes of the connection state. This makes it easy to execute a special script any time a client connects or on similar occasions

OpenVPN has several points of time when scripts can be executed. Like one of them, --route-up <command>.
the problem is, How can I configure openvpn server to execute a special script when a special client connected ?
Like ccd file script, it is only executed when special client connected, Not for all client.

[krzee]

Hi, krzee.
Sorry, I can’t quite understand the solution that you said. Could you please explain more detail?

https://www.secure-computing.net/wiki/i ... RIPRouting
see "what didnt work"

How can I configure openvpn server to execute a special script when a special client connected ?
Like ccd file script, it is only executed when special client connected, Not for all client.

--client-connect <script>, runs script on client connection. This can be useful for generating firewall rules dynamicly, or for assigning static ips. This can do anything that a ccd (see !ccd) entry can do, but dynamicly... to use it that way, you should write your dynamic ccd commands to the file named by $1

[kid.xiyang]

Using bridge mode have a try

[krzee]

you dont need a bridge, just tap