Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN Client Specific Overrides routing for a single user

    OpenVPN
    3
    8
    98
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      juniper last edited by

      Hi,

      is it possible using Client Specific Overrides ignore global IPv4 Local network(s) and push a specific route for a single user?

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by viragomann

        Yes, Client Specific Override overrides any option you can state there.

        However, keep in mind that you have to control access by firewall rules, not by "IPv4 Local network(s)" in OpenVPN. That only pushes routes to the clients. But the client may also set their own routes in their OpenVPN settings.

        J 1 Reply Last reply Reply Quote 0
        • J
          juniper @viragomann last edited by

          @viragomann said in OpenVPN Client Specific Overrides routing for a single user:

          Yes, Client Specific Override overrides any option you can state there.

          However, keep in mind that you have to control access by firewall rules, not by "IPv4 Local network(s)" in OpenVPN. That only pushes routes to the clients. But the client may also set their own rules in their OpenVPN settings.

          Ok... I tried but I can only add specific route to a single user "not" ignore IPv4 Local network, all route defined are pushed to client. I have to push only a specific route for a single openvpn user

          1 Reply Last reply Reply Quote 0
          • Pippin
            Pippin last edited by

            You could also use the --pull-filter option to ignore the global IPv4 Local network(s), see manual 2.4:
            https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

            And in any case:
            @viragomann said in OpenVPN Client Specific Overrides routing for a single user:

            However, keep in mind that you have to control access by firewall rules, .....
            .....
            the client may also set their own rules in their OpenVPN settings.

            PS
            I think he meant routes instead of rules...

            V J 2 Replies Last reply Reply Quote 0
            • V
              viragomann @Pippin last edited by

              @Pippin said in OpenVPN Client Specific Overrides routing for a single user:

              I think he meant routes instead of rules...

              Thanks. I corrected it above to avoid confusion.

              1 Reply Last reply Reply Quote 0
              • J
                juniper @Pippin last edited by

                @Pippin ok but --pull-filter is a client option;

                I need some hints about configuring server with a specific routing for each defined user "ignoring" general openvpn IPv4 routing. Is it possible?

                1 Reply Last reply Reply Quote 0
                • Pippin
                  Pippin last edited by

                  So you have two groups of users?
                  Then just create a second OpenVPN server.

                  J 1 Reply Last reply Reply Quote 0
                  • J
                    juniper @Pippin last edited by

                    @Pippin no I have several (12) user each one with a specific routing...

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense Plus
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy