This adds a warning to the log file if --topology is configured to use
subnet or net30 and the 'subnet mask' argument of an --ifconfig-push option
is not an subnet mask.

v2 - Make use of ifconfig_sanity_check() in tun.c instead of doing the exact
     same check and warning in prepare_push_reply().  Also improve documentation
     of ifconfig_sanity_check() while at it.

v3 - Adopted to the new ifconfig_sanity_check() API

Trac: #755
Signed-off-by: David Sommerseth <>
 src/openvpn/push.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 9953079..5292b06 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -333,6 +333,14 @@ prepare_push_reply (struct context *c, struct gc_arena *gc,
                       print_in_addr_t (ifconfig_local, 0, gc),
                       print_in_addr_t (c->c2.push_ifconfig_remote_netmask,
                                        0, gc));
+      /* Warn if ifconfig_remote_netmask contains an unexpected value
+       * when checking configuration up against TUN/TAP device and
+       * network topology
+       */
+      ifconfig_sanity_check(c->c1.tuntap->type == DEV_TYPE_TUN,
+                            c->c2.push_ifconfig_remote_netmask,
+                            c->options.topology, true);
   /* Send peer-id if client supports it */

Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.
Openvpn-devel mailing list

Reply via email to