Hi,
Attached the latest version of the MAC table patch. This patch allowes
OpenVPN to learn (and importantly forget!) MAC addresses like ethernet
switches. Also (like ethernet switches), OpenVPN now broadcasts packets
with unknown MAC addresses (without the patch these packets are dropped).
The command line has two new options:
--mac-ttl n : Time To Live for MAC entries (default: 300)
--mac-table-size n : The number of MAC entries that can be stored
(default: 1024)
The Admin interface command now shows the TTL (Time To Live) of each
learnt packet, this is for debugging purposes. It may however conflict
with adminfrontends!
This patch is work in progess, so testing is needed. I've tested it with
UDP and TCP using certificates. I'm using it now in our production
situation. Special testing however is needed for shared keys, as I
received a report which suggests this may not work.
For those who are interrested, the patch can be downloaded here:
http://adsl-dc-4dd05.adsl.wanadoo.nl/dinges/openvpn-2.0.2-fks-mac7.patch
Rolf
