diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-11-03 13:07:33 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-11-03 13:07:33 +0000 |
commit | 223b2c513b3470bd97f868a4acab62b1f471e495 (patch) | |
tree | 037a453a695b9ef215a349ef7a2020c76c86c845 | |
parent | Updated docs to reflect the addition of (diff) | |
download | openvpn-223b2c513b3470bd97f868a4acab62b1f471e495.tar.xz |
Fixed some ifconfig-pool issues that precluded
it from being combined with --server directive.
Now, for example, we can configure thusly:
server 10.8.0.0 255.255.255.0 nopool
ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0
to have ifconfig-pool manage only a subset
of the VPN subnet.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3471 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r-- | helper.c | 11 | ||||
-rw-r--r-- | openvpn.8 | 8 | ||||
-rw-r--r-- | options.c | 3 |
3 files changed, 12 insertions, 10 deletions
@@ -158,7 +158,6 @@ helper_client_server (struct options *o) * * if tap OR (tun AND topology == subnet): * ifconfig 10.8.0.1 255.255.255.0 - * ifconfig-pool-constraint 10.8.0.0 255.255.255.0 * if !nopool: * ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0 * push "route-gateway 10.8.0.1" @@ -184,7 +183,7 @@ helper_client_server (struct options *o) if (o->shared_secret_file) msg (M_USAGE, "--server and --secret cannot be used together (you must use SSL/TLS keys)"); - if (o->ifconfig_pool_defined) + if (!(o->server_flags & SF_NOPOOL) && o->ifconfig_pool_defined) msg (M_USAGE, "--server already defines an ifconfig-pool, so you can't also specify --ifconfig-pool explicitly"); if (!(dev == DEV_TYPE_TAP || dev == DEV_TYPE_TUN)) @@ -245,9 +244,9 @@ helper_client_server (struct options *o) o->ifconfig_pool_start = o->server_network + 2; o->ifconfig_pool_end = (o->server_network | ~o->server_netmask) - 2; ifconfig_pool_verify_range (M_USAGE, o->ifconfig_pool_start, o->ifconfig_pool_end); - o->ifconfig_pool_netmask = o->server_netmask; } - + o->ifconfig_pool_netmask = o->server_netmask; + push_option (o, print_opt_route_gateway (o->server_network + 1, &o->gc), M_USAGE); } else @@ -272,8 +271,8 @@ helper_client_server (struct options *o) o->ifconfig_pool_start = o->server_network + 2; o->ifconfig_pool_end = (o->server_network | ~o->server_netmask) - 1; ifconfig_pool_verify_range (M_USAGE, o->ifconfig_pool_start, o->ifconfig_pool_end); - o->ifconfig_pool_netmask = o->server_netmask; } + o->ifconfig_pool_netmask = o->server_netmask; push_option (o, print_opt_route_gateway (o->server_network + 1, &o->gc), M_USAGE); } @@ -320,7 +319,7 @@ helper_client_server (struct options *o) if (o->client) msg (M_USAGE, "--server-bridge and --client cannot be used together"); - if (o->ifconfig_pool_defined) + if (!(o->server_flags & SF_NOPOOL) && o->ifconfig_pool_defined) msg (M_USAGE, "--server-bridge already defines an ifconfig-pool, so you can't also specify --ifconfig-pool explicitly"); if (o->shared_secret_file) @@ -2629,8 +2629,9 @@ expands as follows: push "topology [topology]" if dev tun AND (topology == net30 OR topology == p2p): - ifconfig 10.8.0.1 10.8.0.2 - ifconfig-pool 10.8.0.4 10.8.0.251 + ifconfig 10.8.0.1 10.8.0.2 + if !nopool: + ifconfig-pool 10.8.0.4 10.8.0.251 route 10.8.0.0 255.255.255.0 if client-to-client: push "route 10.8.0.0 255.255.255.0" @@ -2639,7 +2640,8 @@ expands as follows: if dev tap OR (dev tun AND topology == subnet): ifconfig 10.8.0.1 255.255.255.0 - ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0 + if !nopool: + ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0 push "route-gateway 10.8.0.1" .ft .LP @@ -4499,7 +4499,8 @@ add_option (struct options *options, options->ifconfig_pool_defined = true; options->ifconfig_pool_start = start; options->ifconfig_pool_end = end; - options->ifconfig_pool_netmask = netmask; + if (netmask) + options->ifconfig_pool_netmask = netmask; } else if (streq (p[0], "ifconfig-pool-persist") && p[1]) { |