Hi folks, I'm hoping to understand how changes on Access Server to the client config flow (or don't flow) to clients/users.
1. On Access Server, if I change a client config, presumably that would result in a different .ovpn file if the client was to log in and fetch it.
2. But do those changes get automatically pushed to clients? Or does the client have to retrieve and install a new ovpn file?
2a. If automatically, does that happen immediately (if the client is currently connected), or does it wait until the next time client connects? Or?
2b. If the new config info gets pushed to the client, does it temporarily (in memory) override the config that the client got from its local ovpn file, or does it actually overwrite the ovpn file? Ie: persist locally in a file?
Thanks -- Graham
AS Client config flow of changes?
-
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Oct 16, 2018 2:24 am
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: AS Client config flow of changes?
Some settings must be present in the client configuration file, or the connection cannot be established. Things like cipher used, address and port to connect to, that sort of stuff.
Things like routes and DNS settings, can be 'pushed' by the server when the VPN tunnel is up, and that doesn't require changes to the client configuration file.
Things like routes and DNS settings, can be 'pushed' by the server when the VPN tunnel is up, and that doesn't require changes to the client configuration file.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Oct 16, 2018 2:24 am
Re: AS Client config flow of changes?
Thanks novaflash. I see what you mean that certain settings don't make sense to push, and maybe the ones that are pushable don't overlap with ones in the config file.
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: AS Client config flow of changes?
Generally they don't conflict, no, but in some cases they might change behavior. Like routes. They can be local, and they can also be pushed. But you can't change what port to connect to by pushing that information, since then you have the chicken and the egg problem.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.