Hi, On Wed, Oct 20, 2010 at 02:58:47PM -0700, Ansis Atteka wrote: > 1. Is it by design that OpenVPN still adds routes automatically with > topology p2p and route-noexec set? I guess that openvpn has limited > visibility over what ifconfig command does, so maybe this is the reason...
This depends on platform used. On a number of systems, "ifconfig" alone
will not produce a working tun interface, you need to explicitely add
the interface route to make it work.
This happens pretty far "under the hood", and doesn't go through the normal
"setup a list of routes, then decide what to do with it" mechanics
(which would honour route-noexec).
> 2. Should one use topology Subnet instead of P2P in such cases, to get pure
> control over what routes are being added?
On some platforms, this will also need an explicit route command (MacOS,
for example). So you'll always have some routes directly executed.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpj6aIw891bb.pgp
Description: PGP signature
