Thanks, I did attempt to create a logon on the dev.vyos site (as it doesn’t appear to use SSO with the forum) but waiting on my account to be “approved”.
Incidentally @marc_s , you can’t set custom routes via the openvpn-option as openvpn-option is only for options on the openvpn binary when it starts up and the routing is not part of that. (I think).
I had a look at the source code and the file that triggers this behavior seems to be;
/usr/share/vyos/templates/openvpn/server.conf.j2
So to create a usable patch file;
# cp /usr/share/vyos/templates/openvpn/server.conf.j2 /usr/share/vyos/templates/openvpn/server.conf.j2.new
# vi /usr/share/vyos/templates/openvpn/server.conf.j2.new
modify line 82;
push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }} {{ subnet | first_host_address ~ ' ' ~ route_config.metric if route_config.metric is vyos_defined }}"
to
push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }} {{ 'vpn_gateway' ~ ' ' ~ route_config.metric if route_config.metric is vyos_defined }}"
then generate a patch file;
# diff -u /usr/share/vyos/templates/openvpn/server.conf.j2 /usr/share/vyos/templates/openvpn/server.conf.j2.new > /config/RoutePatchFile
so now when you want to apply that patch file (say after each VyOS update - until this gets incorporated into the build);
patch /usr/share/vyos/templates/openvpn/server.conf.j2 </config/RoutePatchFile
and the thing works as expected now for both the community edition and the Connect v3 client.
When my dev account is approved, I’ll open up a ticket and suggest the patch file.
Hope this helps others who might not be familiar with linux patch/diff commands (I had to Google!)