|
|
On Tue, 10 Aug 2004, James Yonan wrote:
> I have a counterproposal on how to simplify the "mode server" config.
> (snip)
> The "server" option would operate like a macro, for example:
>
> server 10.8.0.0 255.255.255.0
>
> expands to the following set of directives:
>
> mode server
> tls-server
>
> if tun:
> ifconfig 10.8.0.1 10.8.0.2
> ifconfig-pool 10.8.0.4 10.8.0.255
This looks like a good idea. However, beware of 10.8.0.255. If
10.8.0.0/24 is a meaningful subnet on the server, that will be the
broadcast address for that subnet. When the server intends to broadcast,
are the packets hijacked by the more specific 10.8.0.252/30? Or vice
versa? Best not to tempt fate; do put in a special kludge to avoid
broadcast addresses that are already in use, or might be used in the future
:-)
Earlier you discussed inflexible hardwired setups... How about a *real*
macro capability? Here's an example:
macro <itsname> # The arguments are implicitly named %A %B...
(stuffing of macro)
endmacro
The %A thingies would have an extension: %<integer><letter> means add the
optionally signed integer to the last group of digits in the value. So to
implement the "server" thing above (which could be predefined for user
convenience, except for the four-way conditionalization which would be
really nice if it were more than an expository decoration):
macro server # Comment: %A = ifconfig-pool base, %B = its mask
mode server
tls-server
if tun:
ifconfig %+1A %+2A
ifconfig-pool %+4A %+251A
route %A %B
if client-to-client:
push "route %A %B"
else
push "route %+1A"
endmacro
For the ultimate in flexibility, multi-octet "integers" could be
considered. I can hear you groaning already, metaphors of worms in a can
ringing bells and blowing whistles... Anyway, it was a thought.
James F. Carter Voice 310 825 2897 FAX 310 206 6673
UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc@xxxxxxxxxxxxx http://www.math.ucla.edu/~jimc (q.v. for PGP key)
|