aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-11-03 13:07:33 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-11-03 13:07:33 +0000
commit223b2c513b3470bd97f868a4acab62b1f471e495 (patch)
tree037a453a695b9ef215a349ef7a2020c76c86c845
parentUpdated docs to reflect the addition of (diff)
downloadopenvpn-223b2c513b3470bd97f868a4acab62b1f471e495.tar.xz
Fixed some ifconfig-pool issues that precluded
it from being combined with --server directive. Now, for example, we can configure thusly: server 10.8.0.0 255.255.255.0 nopool ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0 to have ifconfig-pool manage only a subset of the VPN subnet. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3471 e7ae566f-a301-0410-adde-c780ea21d3b5
-rw-r--r--helper.c11
-rw-r--r--openvpn.88
-rw-r--r--options.c3
3 files changed, 12 insertions, 10 deletions
diff --git a/helper.c b/helper.c
index 7195e21..2abb417 100644
--- a/helper.c
+++ b/helper.c
@@ -158,7 +158,6 @@ helper_client_server (struct options *o)
*
* if tap OR (tun AND topology == subnet):
* ifconfig 10.8.0.1 255.255.255.0
- * ifconfig-pool-constraint 10.8.0.0 255.255.255.0
* if !nopool:
* ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0
* push "route-gateway 10.8.0.1"
@@ -184,7 +183,7 @@ helper_client_server (struct options *o)
if (o->shared_secret_file)
msg (M_USAGE, "--server and --secret cannot be used together (you must use SSL/TLS keys)");
- if (o->ifconfig_pool_defined)
+ if (!(o->server_flags & SF_NOPOOL) && o->ifconfig_pool_defined)
msg (M_USAGE, "--server already defines an ifconfig-pool, so you can't also specify --ifconfig-pool explicitly");
if (!(dev == DEV_TYPE_TAP || dev == DEV_TYPE_TUN))
@@ -245,9 +244,9 @@ helper_client_server (struct options *o)
o->ifconfig_pool_start = o->server_network + 2;
o->ifconfig_pool_end = (o->server_network | ~o->server_netmask) - 2;
ifconfig_pool_verify_range (M_USAGE, o->ifconfig_pool_start, o->ifconfig_pool_end);
- o->ifconfig_pool_netmask = o->server_netmask;
}
-
+ o->ifconfig_pool_netmask = o->server_netmask;
+
push_option (o, print_opt_route_gateway (o->server_network + 1, &o->gc), M_USAGE);
}
else
@@ -272,8 +271,8 @@ helper_client_server (struct options *o)
o->ifconfig_pool_start = o->server_network + 2;
o->ifconfig_pool_end = (o->server_network | ~o->server_netmask) - 1;
ifconfig_pool_verify_range (M_USAGE, o->ifconfig_pool_start, o->ifconfig_pool_end);
- o->ifconfig_pool_netmask = o->server_netmask;
}
+ o->ifconfig_pool_netmask = o->server_netmask;
push_option (o, print_opt_route_gateway (o->server_network + 1, &o->gc), M_USAGE);
}
@@ -320,7 +319,7 @@ helper_client_server (struct options *o)
if (o->client)
msg (M_USAGE, "--server-bridge and --client cannot be used together");
- if (o->ifconfig_pool_defined)
+ if (!(o->server_flags & SF_NOPOOL) && o->ifconfig_pool_defined)
msg (M_USAGE, "--server-bridge already defines an ifconfig-pool, so you can't also specify --ifconfig-pool explicitly");
if (o->shared_secret_file)
diff --git a/openvpn.8 b/openvpn.8
index b0cb3b0..0e85983 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -2629,8 +2629,9 @@ expands as follows:
push "topology [topology]"
if dev tun AND (topology == net30 OR topology == p2p):
- ifconfig 10.8.0.1 10.8.0.2
- ifconfig-pool 10.8.0.4 10.8.0.251
+ ifconfig 10.8.0.1 10.8.0.2
+ if !nopool:
+ ifconfig-pool 10.8.0.4 10.8.0.251
route 10.8.0.0 255.255.255.0
if client-to-client:
push "route 10.8.0.0 255.255.255.0"
@@ -2639,7 +2640,8 @@ expands as follows:
if dev tap OR (dev tun AND topology == subnet):
ifconfig 10.8.0.1 255.255.255.0
- ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0
+ if !nopool:
+ ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0
push "route-gateway 10.8.0.1"
.ft
.LP
diff --git a/options.c b/options.c
index e84e03c..95d81a0 100644
--- a/options.c
+++ b/options.c
@@ -4499,7 +4499,8 @@ add_option (struct options *options,
options->ifconfig_pool_defined = true;
options->ifconfig_pool_start = start;
options->ifconfig_pool_end = end;
- options->ifconfig_pool_netmask = netmask;
+ if (netmask)
+ options->ifconfig_pool_netmask = netmask;
}
else if (streq (p[0], "ifconfig-pool-persist") && p[1])
{