Per Client ccd config

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
petrocelli1966
OpenVPN User
Posts: 22
Joined: Wed Dec 23, 2020 10:12 pm

Per Client ccd config

Post by petrocelli1966 » Fri May 27, 2022 1:00 am

Hi All,
I am a little confused as I am getting conflicting bits of info. I would like to push a route to just two clients. I read in the OpenVPN Cookbook 2nd edition that you cannot use the route directive inside a CCD file. However, I am seeing in other places that you can add the line
push "route a.b.c.d netmask" in the client's ccd file and it will work. I decided to try putting the push route line in the client file and it worked but every few days, the line is removed automatically, perhaps when the service is restarted. So I am not sure what is correct and why this is happening. Any help would be appreciated.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Per Client ccd config

Post by TinCanTech » Fri May 27, 2022 7:07 am

It is not removed by openvpn.

It sounds like your server is running on a router ..

petrocelli1966
OpenVPN User
Posts: 22
Joined: Wed Dec 23, 2020 10:12 pm

Re: Per Client ccd config

Post by petrocelli1966 » Fri May 27, 2022 12:43 pm

Thanks for your reply. It runs on a FreeBSD 13.1 server and runs OpenVPN 2.5.6. I have to troubleshoot this further then as somehow, the push route line disappears and leaves the ifconfig-push line.

petrocelli1966
OpenVPN User
Posts: 22
Joined: Wed Dec 23, 2020 10:12 pm

Re: Per Client ccd config

Post by petrocelli1966 » Mon May 30, 2022 2:39 pm

I think this may have something to do with what is happening but I just noticed this morning that OpenVPN assigned a new user the same IP address 10.8.0.3/24 as another user (the affected user) who was already logged on. The affected user is the same one who keeps getting the line deleted from their ccd file. So maybe what I need to do is find out why two users would be assigned the same IP. Anyone have any ideas?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Per Client ccd config

Post by TinCanTech » Mon May 30, 2022 3:17 pm

petrocelli1966 wrote:
Fri May 27, 2022 1:00 am
I decided to try putting the push route line in the client file and it worked but every few days, the line is removed automatically, perhaps when the service is restarted
Not by OpenVPN.

I can only presume you are using something like pivpn script and you have forgotten about a cron job you created.

viewtopic.php?t=22603#p68963

petrocelli1966
OpenVPN User
Posts: 22
Joined: Wed Dec 23, 2020 10:12 pm

Re: Per Client ccd config

Post by petrocelli1966 » Wed Jun 15, 2022 7:44 pm

I have a little more information. In server.conf, reneg-sec is set to 28800. What I am noticing is when that time comes and the authentication dialog box comes up, if I just reenter my password and connect, the line is removed from the users ccd file, but if I cancel and reconnect, it doesn't happen. No clue why this is.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Per Client ccd config

Post by TinCanTech » Wed Jun 15, 2022 9:06 pm

Probably gremlins ..

If you are using cipher Blowfish in CBC mode (BF-CBC) then you have probably been hacked.

petrocelli1966
OpenVPN User
Posts: 22
Joined: Wed Dec 23, 2020 10:12 pm

Re: Per Client ccd config

Post by petrocelli1966 » Fri Jun 17, 2022 1:30 pm

No. I am using these settings: CIPHER SUITES TLS_AES_256_GCM :TLS CHACHA20_POLY1305_SHA256

and tls-version-min 1.2

Data Ciphers AES-256-GCM

Post Reply