Sorry for being so slow in merging this. I had to adjust my testbeds
to "not explode" and shied away from doing so :-) (all the server test
instances without "topology" defaulted to net30, and just applying this
patch would recreate the ip-pool-persist files, breaking t_client
EXPECT_IFCONFIG4_... settings).
So.
Whoever reads this - *THIS CAN BE DISRUPTIVE*. But it's the right
way forward, given that DCO (on the server) will only work with
"--topology subnet", and it also saves on IPv4 address usage for
the pools... and clients have been compatible with "subnet" across
all platforms since at least OpenVPN 2.2, so no excuses.
NOTE: for --server setups, this will still work, just changing the way
the pool is split, thus assigning new IP addresses to clients, and
invalidating the --ip-pool-persist file.
NOTE2: For p2p setups (no --server, just --tls-server/--tls-client or
even --secret) it will break the setup hard, as those usually use
"--ifconfig ip1 ip2" and "ip2" will now be parsed as a netmask, with
surprising consequences. See GH #529.
Your patch has been applied to the master branch.
commit 32e6586687a548174b88b64fe54bfae6c74d4c19
Author: Frank Lichtenheld
Date: Fri Dec 1 12:20:22 2023 +0100
Change default of topology to subnet
Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com>
Acked-by: Arne Schwabe <arne-open...@rfc2549.org>
Message-Id: <20231201112022.15337-1-fr...@lichtenheld.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27627.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
