[Resolved] How do I make Client Overrides work?

  • How do I make Client Overrides work? I cannot make them work at all. The client is able to connect to the server but I cannot make traffic-through a client-specific. I added a client override with the same CN as the client and ticked the button "force all client generated traffic through the tunnel" and reconnected as a client.

    If I force it from the server settings it works but I don't want to force nor allow it for the other clients.

    Any hints?

  • @Dunno Make sure the common name is typed exactly as in the certificate. Including capitalisation. dots etc.

    What you are trying to do has been tested and works just as per your configuration

  • @netblues Huh. Thank you for confirming. You led me to try different things. The solution is that the OpenVPN disconnect is not enough. You have to close the OpenVPN client completely and start it again in order to get that configuration. Even state reset did not the trick if OpenVPN is kept open after disconnecting the existing connection. It seems that OpenVPN stores some cache or memory about the config.

  • @Dunno Actually is the client who makes the routing decisions, so the server just pushes settings to the client. If the connection is not fully renegotiated, client route settings wont be upgraded.
    Clearing states wouldn'n have any effect too.

    So, no caching, you just have to triger settings push. (by fully disconnecting, client side.)

  • @netblues If I right-click tray icon of OpenVPN doesn't that fully disconnect?

  • @Dunno If you select disconnect, yes, if you just select reconnect, its a different story.

  • @netblues I'm sure I pressed disconnect. Settings didn't apply. Only exiting helped.

  • In any case, its client side, pf can't do anything about it.

Log in to reply