Access Server push-route with openvpn-as

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
mobios
OpenVpn Newbie
Posts: 3
Joined: Wed Jun 12, 2019 6:45 am

Access Server push-route with openvpn-as

Post by mobios » Wed Jun 12, 2019 9:50 am

Hello,

OS: Ubuntu 18.04
openvpn-as:2.7.4-777bcfe6-Ubuntu18


with the opensource openvpn i used ccd to push routes to my clients like:

/etc/openvpn/ccd/username
push "route x.x.x.x x.x.x.x"

/etc/openvpn/server.conf
username-as-common-name
client-config-dir ccd


Did anyone know how i can do the same with openvpn-as ?
It was very cool if i can do that with a post-auth script

Please Help
mobios

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: Access Server push-route with openvpn-as

Post by novaflash » Wed Jun 12, 2019 3:08 pm

You are supposed to use the web interface to give each user access to specific subnets using the access control functions there. Is there a particular reason you are not using those?
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

mobios
OpenVpn Newbie
Posts: 3
Joined: Wed Jun 12, 2019 6:45 am

Re: Access Server push-route with openvpn-as

Post by mobios » Thu Jun 13, 2019 8:22 am

Hello novaflash,
thanks for your reply. I found out openvpn_as search ccd directory under /run/openvpn_as/ccd if i set:
client-config-dir ccd

The problem is after reboot the ccd directory will be deleted :(

I think i will do like you suggests novaflash with access control function in the web interface.

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: Access Server push-route with openvpn-as

Post by novaflash » Thu Jun 13, 2019 9:09 am

Alright, it makes sense to use the recommended methods to give your users access. Also because of the fact that Access Server enforces these rules with iptables rules, so even if you force a route into the client side, and Access Server is not aware it needs to give access to resources, it would most likely end up being blocked in Access Server anyways. So try to use the recommended method, please.

If there is a convincing reason it needs to be done differently we'll take a look at this again.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

Post Reply