Re: [Openvpn-users] Defining custom routes for particular users

Sat, 26 Jun 2021 14:31:02 -0700 

Hi,

On Sat, Jun 26, 2021 at 06:11:07PM +0300, Nikolaos Milas wrote:
> For those users, the ccd file becomes like:
> 
>     ifconfig-push 10.201.32.200 255.255.252.0
>     ifconfig-ipv6-push 2001:648:iiii:jjjj::200/64 2001:648:iiii:jjjj::1
> 
>     push-remove "route <network_1> 255.255.255.224 10.201.32.1"
>     push-remove "route <network_2> 255.255.255.224 10.201.32.1"
>     push-remove "route <network_3> 255.255.255.224 10.201.32.1"
>     push-remove "route <network_4> 255.255.255.224 10.201.32.1"
>     ...
>     push-remove "route <network_N> 255.255.255.224 10.201.32.1"
>     push-remove "route-ipv6 2001:648:zzzz::/48 2001:648:aaaa:bbbb::1"
> 
>     push "route 10.201.80.200 255.255.255.255 10.201.32.1"
> 
> My question: Is there an easy way to avoid all these push-remove 
> statements and remove all pre-defined (in server config) routes? In this 
> case we would have to push Section 1 and Section 3 and any ad hoc routes.

You can just do

  push-remove "route"

and it will forget all "route ..." and "route-ipv6..." statements.

> Or: Is there a way to define {named_sets of push rules} in the server 
> config which we can call as such (i.e. {named_sets}) in the ccd files? 
> This would be very handy. For example, the ccd file would then become:
> 
>     ifconfig-push 10.201.32.200 255.255.252.0
>     ifconfig-ipv6-push 2001:648:iiii:jjjj::200/64 2001:648:iiii:jjjj::1
> 
>     push {named_set_1}
>     ...
>     push {named_set_N}
> 
> Any alternative/additional suggestion(s) would be appreciated!

I'm not sure our include mechanism works in ccd files - but you could
try.  It's done by specifying a config file in a config file, so

  ifconfig-push ...
  ifconfig-ipv6-push ...
  config my_standard_set.conf

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             g...@greenie.muc.de

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to