Hi,
I have a working openvpn install. However, I am seeing multiple packet drops related to non-routable IP addresses. I understand that I can assign a route using ccd for clients sitting behind a router.
My problem is that the clients gateway / router can change. So, in a case where a client connects at a hotspot local to them, I have no control over what their actual ip is.
An example :
Code:
openVPN-GATEWWAY <--> HOTSPOT <--> ( some public facing ip ) <--> CLIENT --( private ip space / rfc1918 )
With the above I get random packet drops like those listed below :
Code:
gerp/66.123.200.100:28693 MULTI: bad source address from client [192.168.1.125], packet dropped
Now, if I can tell openVPN, using the user config dir ( ccd ) that the client is actually sitting on a private ip behind a router doing the following :
Code:
iroute 192.168.4.0 255.255.255.0
My understanding of the above : this would open up / route to all address on the 192.168.4.0 subnet. I dont want this for many reasons. What I would rather do is have it be like :
Code:
iroute 192.168.4.21 255.255.255.255
where 192.168.4.21 is the clients ip on the connecting lan
Can I not also add the route to the client_config-directory file? Or does that have to go in the servers config?
Since* this would be dynamic, not sure how openVPN would know about the added route if its not reloaded. Reloading the whole daemon for each client connect seems like a no.
Would appreciate any input.