OpenVPN Support Forum

I'm using the access server, and I'm having a bit of trouble understanding some of the documentation. In the web interface for the setting "Should client Internet traffic be routed through the VPN?" I've chosen 'NO', which is how I want it to work for everybody except 1 person.

I've created a folder "/usr/local/openvpn_as/ccd/" and within that folder put a file called "jsmith", and in that file I have: push "redirect-gateway def1"

Most directions say I need to add "--client-config-dir dir" to the server.conf file, except I don't have a server.conf file, so I assume this is done in the "Server Config Directives" field under "Advanced VPN Settings" in the web interface. In the "Server Config Directives" I have "client-config-dir ccd".

Clearly I've either done something wrong or missed some steps because it doesn't appear to be sending all my traffic over the vpn. It appears to still be treating me as it does everybody else and only sending relevant traffic over the VPN instead of all my traffic.

The problem is there's no syntax or information about what goes into the "Server Config Directives" field. The man page says I use "--client-config-dir dir" but that's for a CLI, and the example above says if I start with a hyphen then it removes the directive.

If I use no hyphens I get an error in the log that says "WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want'", so I assume that's the wrong syntax, even though I'm not using the --duplicate-cn argument because I have NOT checked "Allow multiple concurrent VPN connections for a user".

So I put two hyphens "--client-config-dir /full/path/dir/" and don't get the warning from above, so I believe this is the more correct syntax. But I can't tell if it's even reading from the file I made for my account, I tried doing the 'push' command from above and it doesn't get listed out in the 'SENT CONTROL' line in the log, and if I just put random junk in the user file it doesn't seem to make a difference either. At least if I could break it I'd know I was doing something, but right now I can't even get it to give me an error.