Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Client Specific Overrides routing for a single user

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 3 Posters 952 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      juniper
      last edited by

      Hi,

      is it possible using Client Specific Overrides ignore global IPv4 Local network(s) and push a specific route for a single user?

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by viragomann

        Yes, Client Specific Override overrides any option you can state there.

        However, keep in mind that you have to control access by firewall rules, not by "IPv4 Local network(s)" in OpenVPN. That only pushes routes to the clients. But the client may also set their own routes in their OpenVPN settings.

        J 1 Reply Last reply Reply Quote 0
        • J
          juniper @viragomann
          last edited by

          @viragomann said in OpenVPN Client Specific Overrides routing for a single user:

          Yes, Client Specific Override overrides any option you can state there.

          However, keep in mind that you have to control access by firewall rules, not by "IPv4 Local network(s)" in OpenVPN. That only pushes routes to the clients. But the client may also set their own rules in their OpenVPN settings.

          Ok... I tried but I can only add specific route to a single user "not" ignore IPv4 Local network, all route defined are pushed to client. I have to push only a specific route for a single openvpn user

          1 Reply Last reply Reply Quote 0
          • PippinP
            Pippin
            last edited by

            You could also use the --pull-filter option to ignore the global IPv4 Local network(s), see manual 2.4:
            https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

            And in any case:
            @viragomann said in OpenVPN Client Specific Overrides routing for a single user:

            However, keep in mind that you have to control access by firewall rules, .....
            .....
            the client may also set their own rules in their OpenVPN settings.

            PS
            I think he meant routes instead of rules...

            I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
            Halton Arp

            V J 2 Replies Last reply Reply Quote 0
            • V
              viragomann @Pippin
              last edited by

              @Pippin said in OpenVPN Client Specific Overrides routing for a single user:

              I think he meant routes instead of rules...

              Thanks. I corrected it above to avoid confusion.

              1 Reply Last reply Reply Quote 0
              • J
                juniper @Pippin
                last edited by

                @Pippin ok but --pull-filter is a client option;

                I need some hints about configuring server with a specific routing for each defined user "ignoring" general openvpn IPv4 routing. Is it possible?

                1 Reply Last reply Reply Quote 0
                • PippinP
                  Pippin
                  last edited by

                  So you have two groups of users?
                  Then just create a second OpenVPN server.

                  I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
                  Halton Arp

                  J 1 Reply Last reply Reply Quote 0
                  • J
                    juniper @Pippin
                    last edited by

                    @Pippin no I have several (12) user each one with a specific routing...

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.