| | 1 | --route and --route-ipv6 can not currently be used in ccd/ (--client-config-dir) config files. |
| | 2 | |
| | 3 | There is no fundamental reason this is so, it's just that it is not easy to implement, and the normal use case can be handled more flexibly using a --learn-address script that will be called on client-connect / client-disconnect with the information from --iroute/--iroute-ipv6 so it can setup routing. |
| | 4 | |
| | 5 | A very basic script could look like this: |
| | 6 | |
| | 7 | {{{ |
| | 8 | #!/bin/bash |
| | 9 | |
| | 10 | add_del="$1" |
| | 11 | route="$2" |
| | 12 | cname="$3" |
| | 13 | |
| | 14 | case "$route" in |
| | 15 | *:*) six=-6 ;; |
| | 16 | *) six="" ;; |
| | 17 | esac |
| | 18 | |
| | 19 | if [ -n "$dev" ] |
| | 20 | then |
| | 21 | device="dev $dev" |
| | 22 | else |
| | 23 | device="" |
| | 24 | fi |
| | 25 | |
| | 26 | ip $six route "$add_del" "$route" $device |
| | 27 | }}} |
| | 28 | |
| | 29 | (taken from Samuel Thibault's posting to the openvpn-devel list about this question, [http://article.gmane.org/gmane.network.openvpn.devel/11129]) |
| | 30 | |
| | 31 | If connecting over UDP, it's recommended to add --explicit-exit-notification to the client config so disconnect notice is quicker. |
| | 32 | |
| | 33 | |
| | 34 | If you're asking what the typical use case is: think of a client subnet that needs to be routed to a given client, and there are multiple OpenVPN servers that the client can connect to (multiple ports, or even multiple machines for failover). So the "route this network to my tun interface" logic needs to be dynamic on client connect... |
