Bug#534911: subnet topology requires static client subnet routes

Sun, 28 Jun 2009 01:30:44 -0700 

Package: openvpn
Version: 2.1~rc15-1
Severity: normal
Tags: upstream

(Copied from http://openvpn.net/archive/openvpn-users/2007-08/msg00145.html)

With the default mode (the implicit "topology net30") I used to do this to
assign static routes towards a given client:

$ cat /etc/openvpn/ccd/some-client
iroute 10.20.1.0 255.255.255.0
iroute 10.250.0.0 255.255.255.0
$ cat /etc/openvpn/server.conf
[...]
route 10.20.1.0 255.255.255.0
route 10.250.0.0 255.255.255.0
[...]

When the tunnel was established, the static routes were set towards that
particular client. Everything worked fine.

With "topology subnet" it doesn't seem to work, as 'route' now needs
a gateway argument. However, the IP of the connecting client is not
known, and neither 'route' nor 'client-connect' can be used in the
client-config-dir file (where iroute is used).

Subnet topology is a great step forward, but it's currently not
usable in situations where clients connect subnets to the server.

The best solution would be to allow 'route' directives in the
per-client config files in client-config-dir.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-1-686 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]         1.5.26     Debian configuration management sy
ii  libc6                         2.9-18     GNU C Library: Shared libraries
ii  liblzo2-2                     2.03-1     data compression library
ii  libpam0g                      1.0.1-9    Pluggable Authentication Modules l
ii  libpkcs11-helper1             1.07-1     library that simplifies the intera
ii  libssl0.9.8                   0.9.8k-3   SSL shared libraries
ii  openssl-blacklist             0.5-2      list of blacklisted OpenSSL RSA ke
ii  openvpn-blacklist             0.4        list of blacklisted OpenVPN RSA sh

Versions of packages openvpn recommends:
ii  net-tools                     1.60-23    The NET-3 networking toolkit

Versions of packages openvpn suggests:
ii  openssl                       0.9.8k-3   Secure Socket Layer (SSL) binary a
ii  resolvconf                    1.44       name server information handler

-- debconf information excluded


-- 
 .''`.   martin f. krafft <madd...@d.o>      Related projects:
: :'  :  proud Debian developer               http://debiansystem.info
`. `'`   http://people.debian.org/~madduck    http://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems

Attachment: digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Reply via email to