Per Client ccd config
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVPN User
- Posts: 22
- Joined: Wed Dec 23, 2020 10:12 pm
Per Client ccd config
Hi All,
I am a little confused as I am getting conflicting bits of info. I would like to push a route to just two clients. I read in the OpenVPN Cookbook 2nd edition that you cannot use the route directive inside a CCD file. However, I am seeing in other places that you can add the line
push "route a.b.c.d netmask" in the client's ccd file and it will work. I decided to try putting the push route line in the client file and it worked but every few days, the line is removed automatically, perhaps when the service is restarted. So I am not sure what is correct and why this is happening. Any help would be appreciated.
I am a little confused as I am getting conflicting bits of info. I would like to push a route to just two clients. I read in the OpenVPN Cookbook 2nd edition that you cannot use the route directive inside a CCD file. However, I am seeing in other places that you can add the line
push "route a.b.c.d netmask" in the client's ccd file and it will work. I decided to try putting the push route line in the client file and it worked but every few days, the line is removed automatically, perhaps when the service is restarted. So I am not sure what is correct and why this is happening. Any help would be appreciated.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Per Client ccd config
It is not removed by openvpn.
It sounds like your server is running on a router ..
It sounds like your server is running on a router ..
-
- OpenVPN User
- Posts: 22
- Joined: Wed Dec 23, 2020 10:12 pm
Re: Per Client ccd config
Thanks for your reply. It runs on a FreeBSD 13.1 server and runs OpenVPN 2.5.6. I have to troubleshoot this further then as somehow, the push route line disappears and leaves the ifconfig-push line.
-
- OpenVPN User
- Posts: 22
- Joined: Wed Dec 23, 2020 10:12 pm
Re: Per Client ccd config
I think this may have something to do with what is happening but I just noticed this morning that OpenVPN assigned a new user the same IP address 10.8.0.3/24 as another user (the affected user) who was already logged on. The affected user is the same one who keeps getting the line deleted from their ccd file. So maybe what I need to do is find out why two users would be assigned the same IP. Anyone have any ideas?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Per Client ccd config
Not by OpenVPN.petrocelli1966 wrote: ↑Fri May 27, 2022 1:00 amI decided to try putting the push route line in the client file and it worked but every few days, the line is removed automatically, perhaps when the service is restarted
I can only presume you are using something like pivpn script and you have forgotten about a cron job you created.
viewtopic.php?t=22603#p68963
-
- OpenVPN User
- Posts: 22
- Joined: Wed Dec 23, 2020 10:12 pm
Re: Per Client ccd config
I have a little more information. In server.conf, reneg-sec is set to 28800. What I am noticing is when that time comes and the authentication dialog box comes up, if I just reenter my password and connect, the line is removed from the users ccd file, but if I cancel and reconnect, it doesn't happen. No clue why this is.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Per Client ccd config
Probably gremlins ..
If you are using cipher Blowfish in CBC mode (BF-CBC) then you have probably been hacked.
If you are using cipher Blowfish in CBC mode (BF-CBC) then you have probably been hacked.
-
- OpenVPN User
- Posts: 22
- Joined: Wed Dec 23, 2020 10:12 pm
Re: Per Client ccd config
No. I am using these settings: CIPHER SUITES TLS_AES_256_GCM :TLS CHACHA20_POLY1305_SHA256
and tls-version-min 1.2
Data Ciphers AES-256-GCM
and tls-version-min 1.2
Data Ciphers AES-256-GCM