By default, OpenVPN expects each remote client to connect using a unique certificate for identification and encryption purposes. The common name (CN), is used to generate configuration options, identify a persistent IP (--ifconfig-pool-persist
), and CCD (--client-config-dir
) entries. In addition, startup scripts may use the CN to generate dynamic routes, firewall rules, and other access policies.
For the majority of general road-warriors, special routing, and firewall rules are not the norm. In this scenario, the user connects to the VPN, is given an IP address from the server, and they will then have access to the resources of the corporate network. More advanced configurations may provide differing pushed routes or IP assignments in varying subnets.