On Mon, 05 Sep 2022 21:07:34 +0000, tincantech via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote:
>On Monday, September 5th, 2022 at 21:02, Bo Berglund <bo.bergl...@gmail.com> >wrote: > >> So now I have a client which is set to use persist-tun (I have no idea what >> this >> does) and the forum thread indicates that commenting it out solves the >> reconnect >> issue. >> >> QUESTION: >> --------- >> Is it possible to send a command from the server to the client via the ccd >> system on connect to NOT use persist-tun? >> >> The reason is that it is impossible for me to access the router and deal with >> its config since it is VERY remote now (1700 km). >> If I could send this to the client on connect then it could hopefully solve >> the >> problem. >> But how would that be formulated in the ccd file for the client? > >Hi Bo, > >your best bet is to get the remote office admin to email you the router log, >after setting --verb 4 in the config. > >Unless you prefer the _wild stab in the dark_ approach. Well, the "remote office" is populated by *one* non-technical person, who can only manage the power switching of the router... My options are AFAICT: 1. Do nothing and let him power cycle whenever the connection drops, but tell him to bring the router along when he travels to Sweden the next time. 2. Find a way to push the blocking of persist-tun via a ccd command for this client only. But it might not be possible if the persisted tun is in operation already when the client reaches the server? I have successfully changed this client's tunnel IP address to one that I could block LAN access for via iptables. Thanks again for pointing out my IP range miscalculation for this! Now working. PS: His router is an older ASUS RT-AC51U and I do not know the openvpn version it uses, but my current RT-AC86U routers in Sweden use this: admin@RT-AC86U:/tmp/home/root# openvpn --version OpenVPN 2.3.2 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Sep 11 2018 which is also not the most recent one... But the ASUS firmware is fully updated. -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
