Package: openvpn
Version: 2.1~rc15-1
Severity: normal
Tags: upstream
(Copied from http://openvpn.net/archive/openvpn-users/2007-08/msg00145.html)
With the default mode (the implicit topology net30) I used to do this to
assign static routes towards a given client:
$ cat /etc/openvpn/ccd/some-client
iroute 10.20.1.0 255.255.255.0
iroute 10.250.0.0 255.255.255.0
$ cat /etc/openvpn/server.conf
[...]
route 10.20.1.0 255.255.255.0
route 10.250.0.0 255.255.255.0
[...]
When the tunnel was established, the static routes were set towards that
particular client. Everything worked fine.
With topology subnet it doesn't seem to work, as 'route' now needs
a gateway argument. However, the IP of the connecting client is not
known, and neither 'route' nor 'client-connect' can be used in the
client-config-dir file (where iroute is used).
Subnet topology is a great step forward, but it's currently not
usable in situations where clients connect subnets to the server.
The best solution would be to allow 'route' directives in the
per-client config files in client-config-dir.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.30-1-686 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openvpn depends on:
ii debconf [debconf-2.0] 1.5.26 Debian configuration management sy
ii libc6 2.9-18 GNU C Library: Shared libraries
ii liblzo2-2 2.03-1 data compression library
ii libpam0g 1.0.1-9Pluggable Authentication Modules l
ii libpkcs11-helper1 1.07-1 library that simplifies the intera
ii libssl0.9.8 0.9.8k-3 SSL shared libraries
ii openssl-blacklist 0.5-2 list of blacklisted OpenSSL RSA ke
ii openvpn-blacklist 0.4list of blacklisted OpenVPN RSA sh
Versions of packages openvpn recommends:
ii net-tools 1.60-23The NET-3 networking toolkit
Versions of packages openvpn suggests:
ii openssl 0.9.8k-3 Secure Socket Layer (SSL) binary a
ii resolvconf1.44 name server information handler
-- debconf information excluded
--
.''`. martin f. krafft madd...@d.o Related projects:
: :' : proud Debian developer http://debiansystem.info
`. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org
`- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)