The mechanism of client overrides utilises OpenVPN :code:`client-config-dir` option, which offer the ability to use
specific client configurations based on the client's X509 common name.
It is possible to specify the contents of these configurations in the gui under :menuselection:`VPN -> OpenVPN -> Client Specific Overrides`.
Apart from that, an authentication server (:menuselection:`System -> Access -> Servers`) can also provide client details in special cases when returning
:code:`Framed-IP-Address`, :code:`Framed-IP-Netmask` and :code:`Framed-Route` properties.
..Tip::
Radius can be used to provisioning tunnel and local networks.
A selection of the most relevant settings can be found in the table below.
..csv-table:: Client Specific Overrides
:header:"Parameter", "Purpose"
:widths:30, 40
"Disabled", "Set this option to disable this client-specific override without removing it from the list"
"Servers", "Select the OpenVPN servers where this override applies to, leave empty for all"
"Common name", "The client's X.509 common name, which is where this override matches on"
"IPv[4|6] Tunnel Network", "The tunnel network to use for this client per protocol family, when empty the servers will be used"
"IPv[4|6] Local Network", "The networks that will be accessible from this particular client per protocol family."
"IPv[4|6] Remote Network", "These are the networks that will be routed to this client specifically using iroute, so that a site-to-site VPN can be established."
"Redirect Gateway", "Force the clients default gateway to this tunnel"
--------------------------
Plugin VPN options
--------------------------
Via plugins additional VPN technologies are offered, including:
***OpenConnect** - SSL VPN client, initially build to connect to commercial vendor appliances like Cisco ASA or Juniper.
***Stunnel** - Provides an easy to setup universal TLS/SSL tunneling service, often used to secure unencrypted protocols.
***Tinc** - Automatic Full Mesh Routing
***WireGuard** - Simple and fast VPN protocol working with public and private keys.
***Zerotier** - seamlessly connect everything, requires account from zerotier.com, free for up to 100 devices.