Content #
client-config-dir: 为不同客户端配置不同的选项,比如:
- 为特定的客户端指定的IP.
- 为特定的客户端推送DNS.
- 暂时关闭某个客户端.
如果要实现同一个OpenVPN服务器下某些客户端之间的路由,client-config-dir 是必不可少的配置。
A client-config-dir or CCD file can contain the following options:
- push: This is useful for pushing DNS and WINS servers, routes, and so on
- push-reset: This is useful to overrule global push options
- iroute: This is useful for routing IPv4 client subnets to the server
- iroute-ipv6: This is useful for routing IPv6 client subnets to the server
- ifconfig-push: This is useful for assigning a specific IPv4 address to a client
- ifconfig-ipv6-push: This is useful for assigning a specific IPv6 address to a client
- disable: This is useful for temporarily disabling a client altogether
- config: This is useful for including another CCD configuration file
In order to use CCD files, we add a line to configuration file:
client-config-dir /etc/openvpn/movpn/clients
Next, create the CCD directory and create a CCD file in it for the client with certificate client1.crt:
[root@server]# mkdir -p /etc/openvpn/movpn/clients
[root@server]# echo “ifconfig-push 10.200.0.99 255.255.255.0” \
> /etc/openvpn/movpn/clients/client1
[root@server]# chmod 755 /etc/openvpn/movpn/clients
[root@server]# chmod 644 /etc/openvpn/movpn/clients/client1
The name of the CCD file is based on the certificate subject’s common name (the “/CN=” part), as found in the client1.crt file:
$ openssl x509 -subject -noout -in client1.crt
subject= /C=ZA/ST=Enlightenment/O=Mastering OpenVPN/CN=client1/emailAddress=root@example.org
From #
Mastering OpenVPN