It's a long-standing and well-known problem that --push-reset removes "critical" options from the push list (like "topology subnet") which will then lead to non-working client configs. This can not be reasonably fixed, because the list of "critical" options depends on overall server config.
So just document the fact, and point people towards --push-remove as a more selective tool. Trac: #29 Signed-off-by: Gert Doering <g...@greenie.muc.de> --- doc/man-sections/server-options.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index f1f0667a..2009953c 100644 --- a/doc/man-sections/server-options.rst +++ b/doc/man-sections/server-options.rst @@ -530,6 +530,14 @@ fast hardware. SSL/TLS authentication must be used in this mode. ``--client-config-dir`` configuration file. This option will ignore ``--push`` options at the global config file level. + *NOTE*: ``--push-reset`` is very thorough: it will remove almost + all options from the list of to-be-pushed options. In many cases, + some of these options will need to be re-configured afterwards - + specifically, ``--topology subnet`` and ``--route-gateway`` will get + lost and this will break client configs in many cases. Thus, for most + purposes, ``--push-remove`` is better suited to selectively remove + push options for individual clients. + --server args A helper directive designed to simplify the configuration of OpenVPN's server mode. This directive will set up an OpenVPN server which will -- 2.26.2 _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel