Hello,
OS: Ubuntu 18.04
openvpn-as:2.7.4-777bcfe6-Ubuntu18
with the opensource openvpn i used ccd to push routes to my clients like:
/etc/openvpn/ccd/username
push "route x.x.x.x x.x.x.x"
/etc/openvpn/server.conf
username-as-common-name
client-config-dir ccd
Did anyone know how i can do the same with openvpn-as ?
It was very cool if i can do that with a post-auth script
Please Help
mobios
Access Server push-route with openvpn-as
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Jun 12, 2019 6:45 am
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Access Server push-route with openvpn-as
You are supposed to use the web interface to give each user access to specific subnets using the access control functions there. Is there a particular reason you are not using those?
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Jun 12, 2019 6:45 am
Re: Access Server push-route with openvpn-as
Hello novaflash,
thanks for your reply. I found out openvpn_as search ccd directory under /run/openvpn_as/ccd if i set:
client-config-dir ccd
The problem is after reboot the ccd directory will be deleted
I think i will do like you suggests novaflash with access control function in the web interface.
thanks for your reply. I found out openvpn_as search ccd directory under /run/openvpn_as/ccd if i set:
client-config-dir ccd
The problem is after reboot the ccd directory will be deleted
I think i will do like you suggests novaflash with access control function in the web interface.
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Access Server push-route with openvpn-as
Alright, it makes sense to use the recommended methods to give your users access. Also because of the fact that Access Server enforces these rules with iptables rules, so even if you force a route into the client side, and Access Server is not aware it needs to give access to resources, it would most likely end up being blocked in Access Server anyways. So try to use the recommended method, please.
If there is a convincing reason it needs to be done differently we'll take a look at this again.
If there is a convincing reason it needs to be done differently we'll take a look at this again.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.