Hi,
On Thu, Dec 01, 2016 at 01:31:31PM +0100, Arne Schwabe wrote:
> Am 30.11.16 um 23:41 schrieb David Sommerseth:
> > This adds a warning to the log file if --topology is configured to use
> > subnet or net30 and the 'subnet mask' argument of an --ifconfig-push option
> > is not an subnet mask. The check done is to ensure the first octet is 0xff
> > (255)
>
> But way you actually want to test is
>
> if topology == subnet or net30:
> if gateway not in net(ip, mask):
> print ("Your gw and ip and netmask disagree!)
>
> right? And isn't there code that gets executed for the client side that
> can be disabled by ifconfig-nowarn. Can we reuse that code?
That is certainly something we should test as well, but the particular
case I had in mind was
- someone uses --topology p2p
- they have ccd/ files with "ifconfig-push 10.4.0.14 10.4.0.13"
(for some clients that need to get a static address)
- they change their server.conf to --topology subnet
- everything works for "dynamic clients", but the static client now
receives "10.4.0.13" and interprets it as a "netmask", which will
cause the most interesting things, depending on platform code
so the idea was to help this case by looking at only the "netmask" thing,
and see if it makes sense (simplified sense: starts with 255.) - and if
not, log this on the server side right when reading the ccd/ file so
the admin in question can see "oh, I overlooked *that* special client".
(Since that happened to a friend of mine based on my advice, I know that
this is not a purely theoretical possibility :-) )
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
