[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] client-config-dir not working


  • Subject: Re: [Openvpn-users] client-config-dir not working
  • From: Peter Barwich <pbarwich@xxxxxxxxxxx>
  • Date: Wed, 04 Jul 2007 15:08:38 +0100

Hi
I'm still in trouble.
I did as you noted:
ifconfig-push 10.1.1.5 10.1.1.6
ifconfig-push 10.1.1.9 10.1.1.10
ifconfig-push 10.1.1.13 10.1.1.14

I would expect my client to get 5,9 and 13.
...I still get them with 6,10,14 in a fifo logic.
I suspect openvpn is not considering my ccd files at all...

About your mail, I cannot use tap, because my server OS is Solaris 10, and we still don't have tap there...
Thanx for any help.
Gabriele
I just tried a tun connection on my home machines and it works fine with the pairings [5,6], [9,10] etc, etc. I tried several with the first being assigned to the client, and the second acting as a sort of dummy IP for the server. This was done as you have tried to do with the following in a ccd directory: - ifconfig-push 10.3.0.5 10.3.0.6 for example, this being my choice of subnet.The client sees the dummy IP as its DHCP server, but the server is pinged on 10.3.0.1. In my system I pushed DNS too (as I run my own DNS server) and that came through as being on the server's pingable address, and worked correctly.

First thing is I'd double and triple check that the name of your files in /ccd is the same as the common name in the certificates presented by your clients and NOT the name of the certificate files or key files themselves. The certificate and key file names can be anything you want as long as your openvpn config files at the client end point at them, and they are valid key and certificate files. I have tried this out; renaming the certificate and key files at the client and then changing the config file to point at the new names, and everything works fine. In my case the files and common names are the same, for simplicity, but they don't have to be.

Having said that, you said in an earlier mail: -

"place the file as for the Subject CN (client crt for the generated key is [ Subject: C=IT, ST=MI, O=MacDue, CN = cassa1.macdue.eu / emailAddress =info@xxxxxxxxxx ] , so ccd file is cassa1.macdue.eu )"

so you appear to understand this. Could there be some problems with the 'dots'? Grasping at straws here. The files in ccd should be just text. No tabs or formatting, but that's more likely to go wrong on Windows, not Solaris.

Final thought. I don't think you ever provided your client config files. Do they have a 'client' directive? Or pull (which is implied by client)? Post a config it may help someone smarter than me to a solution.