[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Is it possible? -- client delete/remove pushed route from server

  • Subject: Re: [Openvpn-users] Is it possible? -- client delete/remove pushed route from server
  • From: Andrew Guenther <andrew@xxxxxxxxxxxxxxxx>
  • Date: Sat, 29 Sep 2007 22:04:38 -0400

Andrew Guenther
ACE Technology Group
610 640 4223 x2

On Sep 29, 2007, at 6:16 PM, Matthew Haas <wedge@xxxxxxxxxxxxx> wrote:

> Good afternoon,
>  I have a functioning OpenVPN setup that I've been utilizing to  
> connect
> a few remote locations together. I am using routing, NOT bridging.
> OpenVPN 2.0.9 on Debian Etch systems.
>  My question arises from the connection of one of these locations-- I
> can get on the VPN ok, but the problem is that I am experiencing a
> problem with a duplicate subnet (ie a location on the VPN uses this
> subnet, but the real network at one of the locations also uses it).
>  Due to the circumstances surrounding this, I can actually get by
> without that duplicated route, so I am interested in seeing if there  
> is
> a way I might be able to delete a pushed route from the server.
>  In the logs I see the route pushed.. it is pushed to all connecting
> clients.. and 99% of the time this is exactly the behavior I want.  
> But..
> is there a way that, upon connecting to the VPN, a specific route can
> then be dropped?
>  I don't mind if I have to put it in an "up" script.. but I've  
> searched
> google, the OpenVPN FAQ, and nowhere have I found any clues that would
> lead me in the general direction of what I am seeking.
>  Any pointers/advice would be helpful.
>  Thanks.
> -Matthew
> --- 
> ----------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users

Couple options to try:

A: On your special client, remove the 'pull' directive from the conf,  
then manually add every 'push' server entry you want. In the future,  
every server conf change involving push lines would need to be  
manually added to your special client conf.

B: Research and learn the client-config-dir option in the server conf.  
Create a new dir that this points to, and create a strait text file  
which is named exactly like their certificate name. Any command in  
this file is effectivly appended to the server conf ONLY when this  
client connects.

There are a few ways to use this. One is to make client-config-dir  
entries for every user except your special case. Give all your normal  
users the route.

I'm sure there must be a way to push "route delete" for just your  
special case. If so, you could just make a special config for your  
special case.

Either way, hopefully one of these options will get you in the right  
direction. Let us know how it goes.

OpenVPN mailing lists