Why the redundant route and iroute statements, you might ask. The reason is that route controls the routing from the kernel to the OpenVPN server (via the TUN interface) while iroute controls the routing from the OpenVPN server to the remote clients.

If you would like a client-specific configuration file change to take immediate effect on a currently connected client (or one which has disconnected, but where the server has not timed-out its instance object), kill the client instance object by using the management interface (described below). Note that changes in this directory will only take effect for new connections, not existing connections. This will cause the client to reconnect and use the new client-config-dir file. Files in this directory can be updated on-the-fly, without restarting the server. Client-config-dir — This directive sets a client configuration directory, which the OpenVPN server will scan on every incoming connection, searching for a client-specific configuration file (see the the manual page for more information).

This can be accomplished by pushing a DNS server address to connecting clients which will replace their normal DNS server settings during the time that the VPN is active. When redirect-gateway is used, OpenVPN clients will route DNS queries through the VPN, and the VPN server will need handle them.

In the following example, we will be using the built-in OpenVPN daemon that comes installed with Vyatta. The following is a step-by-step guide on how to utilize your SoftLayer Vyatta gateway device as your own personal VPN to access any server behind the Vyatta device with even more freedom than the SoftLayer VPN. This means you can upload large files to your servers that are behind the Vyatta device using the speed of your public interface, rather than trying to depend on the SoftLayer VPN’s speeds—which are throttled for management, not file transfer. You will also have more control over how your VPN behaves, which subnets your users can access, how you manage your VMware environment, and more.

