From 223b2c513b3470bd97f868a4acab62b1f471e495 Mon Sep 17 00:00:00 2001 From: james Date: Mon, 3 Nov 2008 13:07:33 +0000 Subject: Fixed some ifconfig-pool issues that precluded it from being combined with --server directive. Now, for example, we can configure thusly: server 10.8.0.0 255.255.255.0 nopool ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0 to have ifconfig-pool manage only a subset of the VPN subnet. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3471 e7ae566f-a301-0410-adde-c780ea21d3b5 --- helper.c | 11 +++++------ openvpn.8 | 8 +++++--- options.c | 3 ++- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/helper.c b/helper.c index 7195e21..2abb417 100644 --- a/helper.c +++ b/helper.c @@ -158,7 +158,6 @@ helper_client_server (struct options *o) * * if tap OR (tun AND topology == subnet): * ifconfig 10.8.0.1 255.255.255.0 - * ifconfig-pool-constraint 10.8.0.0 255.255.255.0 * if !nopool: * ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0 * push "route-gateway 10.8.0.1" @@ -184,7 +183,7 @@ helper_client_server (struct options *o) if (o->shared_secret_file) msg (M_USAGE, "--server and --secret cannot be used together (you must use SSL/TLS keys)"); - if (o->ifconfig_pool_defined) + if (!(o->server_flags & SF_NOPOOL) && o->ifconfig_pool_defined) msg (M_USAGE, "--server already defines an ifconfig-pool, so you can't also specify --ifconfig-pool explicitly"); if (!(dev == DEV_TYPE_TAP || dev == DEV_TYPE_TUN)) @@ -245,9 +244,9 @@ helper_client_server (struct options *o) o->ifconfig_pool_start = o->server_network + 2; o->ifconfig_pool_end = (o->server_network | ~o->server_netmask) - 2; ifconfig_pool_verify_range (M_USAGE, o->ifconfig_pool_start, o->ifconfig_pool_end); - o->ifconfig_pool_netmask = o->server_netmask; } - + o->ifconfig_pool_netmask = o->server_netmask; + push_option (o, print_opt_route_gateway (o->server_network + 1, &o->gc), M_USAGE); } else @@ -272,8 +271,8 @@ helper_client_server (struct options *o) o->ifconfig_pool_start = o->server_network + 2; o->ifconfig_pool_end = (o->server_network | ~o->server_netmask) - 1; ifconfig_pool_verify_range (M_USAGE, o->ifconfig_pool_start, o->ifconfig_pool_end); - o->ifconfig_pool_netmask = o->server_netmask; } + o->ifconfig_pool_netmask = o->server_netmask; push_option (o, print_opt_route_gateway (o->server_network + 1, &o->gc), M_USAGE); } @@ -320,7 +319,7 @@ helper_client_server (struct options *o) if (o->client) msg (M_USAGE, "--server-bridge and --client cannot be used together"); - if (o->ifconfig_pool_defined) + if (!(o->server_flags & SF_NOPOOL) && o->ifconfig_pool_defined) msg (M_USAGE, "--server-bridge already defines an ifconfig-pool, so you can't also specify --ifconfig-pool explicitly"); if (o->shared_secret_file) diff --git a/openvpn.8 b/openvpn.8 index b0cb3b0..0e85983 100644 --- a/openvpn.8 +++ b/openvpn.8 @@ -2629,8 +2629,9 @@ expands as follows: push "topology [topology]" if dev tun AND (topology == net30 OR topology == p2p): - ifconfig 10.8.0.1 10.8.0.2 - ifconfig-pool 10.8.0.4 10.8.0.251 + ifconfig 10.8.0.1 10.8.0.2 + if !nopool: + ifconfig-pool 10.8.0.4 10.8.0.251 route 10.8.0.0 255.255.255.0 if client-to-client: push "route 10.8.0.0 255.255.255.0" @@ -2639,7 +2640,8 @@ expands as follows: if dev tap OR (dev tun AND topology == subnet): ifconfig 10.8.0.1 255.255.255.0 - ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0 + if !nopool: + ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0 push "route-gateway 10.8.0.1" .ft .LP diff --git a/options.c b/options.c index e84e03c..95d81a0 100644 --- a/options.c +++ b/options.c @@ -4499,7 +4499,8 @@ add_option (struct options *options, options->ifconfig_pool_defined = true; options->ifconfig_pool_start = start; options->ifconfig_pool_end = end; - options->ifconfig_pool_netmask = netmask; + if (netmask) + options->ifconfig_pool_netmask = netmask; } else if (streq (p[0], "ifconfig-pool-persist") && p[1]) { -- cgit v1.2.3