[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] [RFC] 2.0-beta10 enhancement: redefine the way "ifconfig-pool" works

  • Subject: Re: [Openvpn-users] [RFC] 2.0-beta10 enhancement: redefine the way "ifconfig-pool" works
  • From: Jim Carter <jimc@xxxxxxxxxxxxx>
  • Date: Wed, 11 Aug 2004 10:05:01 -0700 (PDT)

On Tue, 10 Aug 2004, James Yonan wrote:

> I have a counterproposal on how to simplify the "mode server" config.
> (snip) 
> The "server" option would operate like a macro, for example:
>   server
> expands to the following set of directives:
> mode server
> tls-server
> if tun:
>   ifconfig 
>   ifconfig-pool

This looks like a good idea.  However, beware of  If is a meaningful subnet on the server, that will be the 
broadcast address for that subnet.  When the server intends to broadcast, 
are the packets hijacked by the more specific  Or vice 
versa?  Best not to tempt fate; do put in a special kludge to avoid 
broadcast addresses that are already in use, or might be used in the future 

Earlier you discussed inflexible hardwired setups...  How about a *real* 
macro capability?  Here's an example:

macro <itsname> 		# The arguments are implicitly named %A %B...
(stuffing of macro)

The %A thingies would have an extension: %<integer><letter> means add the 
optionally signed integer to the last group of digits in the value.  So to 
implement the "server" thing above (which could be predefined for user 
convenience, except for the four-way conditionalization which would be 
really nice if it were more than an expository decoration):

macro server		# Comment: %A = ifconfig-pool base, %B = its mask
mode server
if tun:
    ifconfig %+1A %+2A
    ifconfig-pool %+4A %+251A
    route %A %B
    if client-to-client:
      push "route %A %B"
      push "route %+1A"

For the ultimate in flexibility, multi-octet "integers" could be 
considered.  I can hear you groaning already, metaphors of worms in a can 
ringing bells and blowing whistles...  Anyway, it was a thought.

James F. Carter          Voice 310 825 2897    FAX 310 206 6673
UCLA-Mathnet;  6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA  90095-1555
Email: jimc@xxxxxxxxxxxxx    http://www.math.ucla.edu/~jimc (q.v. for PGP key)