However, I'd like to have another client, which needs to access only certain networks.
So what I did was:
Move away the default push options in ccd/DEFAULT:
Code: Select all
push "redirect-gateway def1"
push "dhcp-option DNS y.y.y.y"
push "dhcp-option DNS z.z.z.z"
However, it appears that the OpenVPN daemon doesn't want to read files in ccd.
As for the purpose of testing, I renamed the ccd/DEFAULT file to ccd/username (where username = clients name as per CN), so that the default routes would be pushed to that client on connecting. This does not happen.
When I run the daemon with the --ccd-exclusive option, I get the following:
Code: Select all
Jul 3 13:13:35 DeathStar openvpn[4989]: x.x.x.x:42367 TLS: Initial packet from x.x.x.x:42367, sid=bb027acd ef31e767
Jul 3 13:13:37 DeathStar openvpn[4989]: x.x.x.x:42367 VERIFY OK: depth=1, /C=BG/ST=SF/L=Sofia/O=Techn0.eu/CN=DeathStar.Techn0.eu/emailAddress=xxx@xxx
Jul 3 13:13:37 DeathStar openvpn[4989]: x.x.x.x:42367 VERIFY OK: depth=0, /C=BG/ST=SF/L=Sofia/O=Techn0.eu/CN=xTz/emailAddress=xxx@xxx
Jul 3 13:13:37 DeathStar openvpn[4989]: x.x.x.x:42367 TLS Auth Error: --client-config-dir authentication failed for common name 'xTz' file='/etc/openvpn/ccd/xTz'
Jul 3 13:13:37 DeathStar openvpn[4989]: x.x.x.x:42367 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Jul 3 13:13:37 DeathStar openvpn[4989]: x.x.x.x:42367 [xTz] Peer Connection Initiated with x.x.x.x:42367
Jul 3 13:13:38 DeathStar openvpn[4989]: x.x.x.x:42367 PUSH: Received control message: 'PUSH_REQUEST'
Or why doesn't it parse the files in ccd/ when not run with --ccd-exclusive?