Hi, On Thu, Apr 30, 2020 at 01:53:29PM -0400, Joe Patterson wrote: > So, I've got a back-burner project that does parts of this. It's a > daemon that connects to the management console and handles things like > client auth and such. The way I did it was that the daemon keeps an > internal copy of basically the iroute table, and then advertises it > via RIPv2 on localhost. I can then set up quagga to listen for RIP on > localhost and redistribute RIP-learned routes via OSPF. At some point > I will probably share it to the world, as it does some other handy > things as well, and also because I am not a master coder, so I'm sure > it could be improved upon by smarter folks than me.
Nice.
It's the easier part of the whole thing, though... (You can do the
"learn about iroute and put into kernel routing" part in client-connect
scripts as well, and radiusplugin is also doing something along those
lines to get radius-provided routes installed).
The part that is - as far as I am aware - totally impossible today is
"while a client is connected, tell OpenVPN that a new iroute is needed
for this client" (which would be needed if OSPF decides "hey, I want
to route <network> to <this client>").
We have a trac ticket for this, somewhere, and all progress we've
made so far was "uh, this is hard, and there be dragons" :-)
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
