Yes, now I get it. Fortunately, last night I finally found out how to add those individual client configuration files. It’s just what I was looking for, but finding information on how to do it turned out to be quite tricky.
For those who, like me, get what to do but not how to, here is how I did it.
First of all you have to add option client_config_dir '/etc/openvpn/ccd'
to your /etc/config/openvpn
file:
config openvpn 'server_turris'
option enabled '1'
option port '1194'
option proto 'udp'
option dev 'tun_turris'
option ca '/etc/ssl/ca/openvpn/ca.crt'
option crl_verify '/etc/ssl/ca/openvpn/ca.crl'
option cert '/etc/ssl/ca/openvpn/01.crt'
option key '/etc/ssl/ca/openvpn/01.key'
option dh '/etc/ssl/ca/openvpn/dhparam.pem'
option server '10.2.0.0 255.255.0.0'
option duplicate_cn '0'
option keepalive '10 120'
option persist_key '1'
option persist_tun '1'
option status '/tmp/openvpn-status.log'
option verb '3'
option mute '20'
option topology 'subnet'
option ifconfig_pool_persist '/tmp/ipp.txt'
===> option client_config_dir '/etc/openvpn/ccd' <===
list push 'route 10.0.0.0 255.255.0.0'
list push 'dhcp-option DNS 10.2.0.1
Once you have done this, you have to create the referenced directory (ccd stands for "Client Configuration Directory"):
mkdir /etc/openvpn/ccd
Now, inside this directory, you can create the configuration files for the individual clients. If your client certificate is named "Client-1" also the file itself has to be named "Client-1" without dot nor extension and respecting the capitalization.
E.g. /etc/openvpn/ccd/Client-1
Within these files you can define the specific configuration for each client. Below are some common examples.
Assign an IP configuration
ifconfig-push 10.2.2.2 255.255.0.0
Adding route to wan network (to connect to your ISP’s router if you have double nat)
push 'route 192.168.1.0 255.255.255.0'
Route all traffic via VPN just for this client
push 'redirect-gateway def1'
Combined example
* You can also comment lines if you don’t want to apply a command right now but you want to keep it in the file.
root@Turris:~# cat /etc/openvpn/ccd/Client-1
ifconfig-push 10.2.2.2 255.255.0.0
push 'route 192.168.1.0 255.255.255.0'
# push 'redirect-gateway def1'
I hope it will be a good help for those who, like me, are looking for how to do it and find a lot of half explanations and commands that do not really understand what they do.