[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] client-config-dir not working

  • Subject: Re: [Openvpn-users] client-config-dir not working
  • From: Gabriele Bulfon <gbulfon@xxxxxxxxxxx>
  • Date: Wed, 27 Jun 2007 08:48:15 +0200 (CEST)

Maybe you can point me some other tip.
As you say, I use the tun interface, specify a client-config-dir, place the file as for the Subject CN (client crt for the generated key is [ Subject: C=IT, ST=MI, O=MacDue, CN = cassa1.macdue.eu / emailAddress =info@xxxxxxxxxx ] , so ccd file is cassa1.macdue.eu )  containing "ifconfig-push", but I still get the IPs in random order. Meaning that if cassa2 comes first, it gets the ifconfig of cassa1.
Where can I investigate more?

Gabriele Bulfon - Sonicle S.r.l.
Tel +39 028246016 Int. 30 - Fax +39 028243880
Via Felice Cavallotti 16 - 20089, Rozzano - Milano - ITALY

Da: Peter Barwich <pbarwich@xxxxxxxxxxx>
A: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Data: 23 giugno 2007 17.03.15 CEST
Oggetto: Re: [Openvpn-users] client-config-dir not working


It may just be worth pointing to you and other readers out that Erich's response applies ONLY to the dev tun interface (that you specified in your original config file). For dev tap interfaces the second parameter should be something like; the normal netmask for the address you are trying to push. ifconfig-push takes the same parameters as the ifconfig directive you are trying to implement on the client, so see --ifconfig l rn in the man page for openvpn (about 1/6 the way down). It took me a while to figure this out so maybe it'll save someone else time.

Re: [Openvpn-users] client-config-dir not working
Erich Titl <erich.titl@xxxxxxxx>
Fri, 22 Jun 2007 00:49:06 +0200
Gabriele Bulfon <gbulfon@xxxxxxxxxxx>
Gabriele Bulfon <gbulfon@xxxxxxxxxxx>

Gabriele Bulfon schrieb:
Thanks for the reply.
What is the meaning of ifconfig-push ?
Wich of the IP is the assigned IP?

One is assignet to the client end the other is the gateway on the server
end. IIRC the first is assigned to the client.

I remember trying this, but I got some kind of debug on the client
saying that the format was not fine, and that I should place the subnet
mask after the IP...

Not with 2.0, I am not familiar with 2.1.

Where do I place the default subnet other than /30?

You don't.....

from the howto I suggested to read:

Each pair of ifconfig-push addresses represent the virtual client and
server IP endpoints. They must be taken from successive /30 subnets in
order to be compatible with Windows clients and the TAP-Win32 driver.
Specifically, the last octet in the IP address of each endpoint pair
must be taken from this set:


Openvpn-users mailing list