Allow the user to use the string 'client-ip' on the client-nat network
configuration as a convenient way to use the leased IP address received
from OpenVPN server. Usage Example:
client-nat snat client-ip 255.255.255.255 172.20.1.15 # replaces the
'client-ip' string with the leased IP address received from OpenVPN server
---
>From 2774d25c4c2947be7d1516f01cd520856e683db2 Mon Sep 17 00:00:00 2001
From: Rafael Gava <rafael.olive...@venturus.org.br>
List-Post: openvpn-devel@lists.sourceforge.net
Date: Mon, 26 Oct 2015 18:31:12 -0200
Subject: [PATCH] Allow the user to use the string 'client-ip' on the
client-nat network configuration as a convenient way to use
the leased IP address received from OpenVPN server. Usage
Example:
client-nat snat client-ip 255.255.255.255 172.20.1.15 # replaces the
'client-ip' string with the leased IP address received from OpenVPN server
Signed-off-by: Rafael Gava <rafael.olive...@venturus.org.br>
---
src/openvpn/clinat.c | 38 ++++++++++++++++++++++++++++++++++++++
src/openvpn/clinat.h | 2 ++
src/openvpn/init.c | 2 ++
src/openvpn/options.c | 1 +
4 files changed, 43 insertions(+)
mode change 100644 => 100755 src/openvpn/clinat.c
mode change 100644 => 100755 src/openvpn/clinat.h
mode change 100644 => 100755 src/openvpn/init.c
mode change 100644 => 100755 src/openvpn/options.c
diff --git a/src/openvpn/clinat.c b/src/openvpn/clinat.c
old mode 100644
new mode 100755
index ddefe12..2ff4166
--- a/src/openvpn/clinat.c
+++ b/src/openvpn/clinat.c
@@ -124,12 +124,19 @@ add_client_nat_to_option_list (struct
client_nat_option_list *dest,
return;
}
+ if (network && !strcmp(network, "client-ip"))
+ {
+ msg (M_INFO, "*** client-nat client-ip detected...");
+ e.network = 0xFFFFFFFF;
+ } else {
e.network = getaddr(0, network, 0, &ok, NULL);
if (!ok)
{
msg(msglevel, "client-nat: bad network: %s", network);
return;
}
+ }
+
e.netmask = getaddr(0, netmask, 0, &ok, NULL);
if (!ok)
{
@@ -263,3 +270,34 @@ client_nat_transform (const struct
client_nat_option_list *list,
}
}
}
+
+/*
+* Replaces the client_ip token with the IP received from OpenVPN
+*/
+bool
+update_client_ip_nat(struct client_nat_option_list *dest, in_addr_t
local_ip)
+{
+ int i;
+ bool ret = false;
+
+ if (!dest)
+ return ret;
+
+ for (i=0; i <= dest->n; i++)
+ {
+ struct client_nat_entry *nat_entry = &dest->entries[i];
+ if (nat_entry && nat_entry->network == 0xFFFFFFFF)
+ {
+ struct in_addr addr;
+
+ nat_entry->network = ntohl(local_ip);
+ addr.s_addr = nat_entry->network;
+ char *dot_ip = inet_ntoa(addr);
+
+ msg (M_INFO, "CNAT - Updating NAT table from client-ip to: %s",
dot_ip);
+ ret = true;
+ }
+ }
+
+ return ret;
+}
diff --git a/src/openvpn/clinat.h b/src/openvpn/clinat.h
old mode 100644
new mode 100755
index a5779e1..156e84c
--- a/src/openvpn/clinat.h
+++ b/src/openvpn/clinat.h
@@ -62,4 +62,6 @@ void client_nat_transform (const struct
client_nat_option_list *list,
struct buffer *ipbuf,
const int direction);
+bool update_client_ip_nat(struct client_nat_option_list *dest, in_addr_t
local_ip);
+
#endif
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
old mode 100644
new mode 100755
index c5c0ab6..f54bc14
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1481,6 +1481,8 @@ do_open_tun (struct context *c)
c->c1.tuntap->post_open_mtu,
SET_MTU_TUN | SET_MTU_UPPER_BOUND);
+ update_client_ip_nat(c->options.client_nat, c->c1.tuntap->local);
+
ret = true;
static_context = c;
#ifndef TARGET_ANDROID
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
old mode 100644
new mode 100755
index 2f8915d..c08e775
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -223,6 +223,7 @@ static const char usage_message[] =
"--redirect-private [flags]: Like --redirect-gateway, but omit actually
changing\n"
" the default gateway. Useful when pushing private
subnets.\n"
"--client-nat snat|dnat network netmask alias : on client add 1-to-1 NAT
rule.\n"
+ " Set the network parameter to 'client-ip' to use the
received ip from OpenVPN Server.\n"
#ifdef ENABLE_PUSH_PEER_INFO
"--push-peer-info : (client only) push client info to server.\n"
#endif
--
1.7.9.5
