Using a Client Configuration Directory with Per-Client Configurations
Another striking feature of OpenVPN is the fact that we can have client configurations pushed through the tunnel on creation and use client-specific configurations, which are simply set by the subject line of the client's certificate. An appropriate server configuration file may look like the following:
port 443 dev tun0FIT ca /etc/openvpn/certs/ca.crt cert /etc/openvpn/certs/firewall.crt key /etc/openvpn/certs/firewall.key dh /etc/openvpn/certs/dh2048.pem tls-auth /etc/openvpn/certs/ta.key 0 auth SHA1 cipher AES-256-CBC tls-cipher DHE-RSA-AES256-SHA server 10.179.0.0 255.255.0.0 ifconfig-pool-persist /etc/openvpn/ipp.txt client-config-dir clients keepalive 10 120 resolv-retry 86400 comp-lzo status /var/log/openvpn/status.log log /var/log/openvpn/main.log tls-server verb 3
There are three lines that are relevant in this context:
1.
server10.179.0.0255.255.0.0: This tells OpenVPN on this machine to act as a server and...
