Client Specific Override iroute entry seems to have no effect

When configuring a site-to-site PKI OpenVPN setup, an iroute statement must be configured using the Remote Network fields on the Client Specific Overrides entry set for the common name of the client certificate.

First, ensure that the common name matches the certificate and that the internal route is being learned/added as it expected. The log verbosity in OpenVPN may need increased (i.e. verb 10 in the custom options) to see if this is working.

Also, for each network used in a Client Specific Override Remote Network entry (iroute), a Remote Network (route) is required in the server as well.   The Remote Network (route) definitions on the server settings are  for the firewall operating system to know that the networks will be routed to OpenVPN from everywhere else. The Remote Network (iroute) options on the Client Specific Override entry are internal to OpenVPN so it knows which networks are routed to a specific certificate.

© Copyright 2025 . All Rights Reserved. AZTCO-FW| Developed By AZTCO-FW. Powered by AZTCO.