Hi, On Sun, Feb 09, 2014 at 02:10:56AM +0000, Dash Four wrote: > Currently, openvpn only accepts "bind" if both "lport" and "local" > options are specified. Why? > > Why can't I specify "local" to instruct openvpn to bind to a specific IP > address or interface and leave it to decide a (random) port it binds to > in the same way in which the "nobind" option currently functions? What > is the reason for this unnecessary restriction?
If I'm not mistaken, "the C API" - bind() always takes an address *and*
a port number, so you can't just bind to an address alone. (You can bind
to a port alone because there's INADDR_ANY for "take any address on the
system", but there's no specific "ANY_PORT"). Arne, correct me if I'm wrong.
I think OpenVPN *could* make use of the --multihome mechanism to specify
a source address (--local) without binding - but the multitude of open
issues in trac regarding --multihome suggests there's good reasons why
this is not done today.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpWYFJPuUnMy.pgp
Description: PGP signature
