OpenVPN Client Specific Overrides routing for a single user
-
Hi,
is it possible using Client Specific Overrides ignore global IPv4 Local network(s) and push a specific route for a single user?
Thanks in advance
-
Yes, Client Specific Override overrides any option you can state there.
However, keep in mind that you have to control access by firewall rules, not by "IPv4 Local network(s)" in OpenVPN. That only pushes routes to the clients. But the client may also set their own routes in their OpenVPN settings.
-
@viragomann said in OpenVPN Client Specific Overrides routing for a single user:
Yes, Client Specific Override overrides any option you can state there.
However, keep in mind that you have to control access by firewall rules, not by "IPv4 Local network(s)" in OpenVPN. That only pushes routes to the clients. But the client may also set their own rules in their OpenVPN settings.
Ok... I tried but I can only add specific route to a single user "not" ignore IPv4 Local network, all route defined are pushed to client. I have to push only a specific route for a single openvpn user
-
You could also use the --pull-filter option to ignore the global IPv4 Local network(s), see manual 2.4:
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPageAnd in any case:
@viragomann said in OpenVPN Client Specific Overrides routing for a single user:However, keep in mind that you have to control access by firewall rules, .....
.....
the client may also set their own rules in their OpenVPN settings.PS
I think he meant routes instead of rules... -
@Pippin said in OpenVPN Client Specific Overrides routing for a single user:
I think he meant routes instead of rules...
Thanks. I corrected it above to avoid confusion.
-
@Pippin ok but --pull-filter is a client option;
I need some hints about configuring server with a specific routing for each defined user "ignoring" general openvpn IPv4 routing. Is it possible?
-
So you have two groups of users?
Then just create a second OpenVPN server. -
@Pippin no I have several (12) user each one with a specific routing...