Hi Arne, sorry for replying so late. Below is the NAT client-ip patch fixing the messed up whitespaces. The only difference from the previous patch, besides the whitespaces, is that I'm considering both strings 'client-ip' and 'localhost' as valid options.
Please, whatever problem let me know. BR Rafael -------- >From cf9cf767df84ec5beb8c127d66bde4cd2d278b34 Mon Sep 17 00:00:00 2001 From: vntraol <rafael.olive...@venturus.org.br> List-Post: openvpn-devel@lists.sourceforge.net Date: Mon, 4 Jul 2016 17:20:38 -0300 Subject: [PATCH] Allow the user to use the string 'client-ip' on the client-nat network configuration as a convenient way to use the leased IP address received from the OpenVPN server. Usage example: client-nat snat client-ip 255.255.255.255 172.20.1.15 # replaces the 'client-ip' string with the leased IP address received from the OpenVPN server Signed-off-by: vntraol <rafael.olive...@venturus.org.br> --- src/openvpn/clinat.c | 49 +++++++++++++++++++++++++++++++++++++++++++++---- src/openvpn/clinat.h | 10 ++++++++++ src/openvpn/init.c | 2 ++ src/openvpn/options.c | 2 ++ 4 files changed, 59 insertions(+), 4 deletions(-) mode change 100644 => 100755 src/openvpn/clinat.c mode change 100644 => 100755 src/openvpn/clinat.h mode change 100644 => 100755 src/openvpn/init.c mode change 100644 => 100755 src/openvpn/options.c diff --git a/src/openvpn/clinat.c b/src/openvpn/clinat.c old mode 100644 new mode 100755 index ddefe12..713c821 --- a/src/openvpn/clinat.c +++ b/src/openvpn/clinat.c @@ -124,12 +124,21 @@ add_client_nat_to_option_list (struct client_nat_option_list *dest, return; } - e.network = getaddr(0, network, 0, &ok, NULL); - if (!ok) + if (network && (!strcmp(network, "client-ip") || !strcmp(network, "localhost")) ) { - msg(msglevel, "client-nat: bad network: %s", network); - return; + // To be replaced later on with the leased IP Address received from Openvpn Server. + e.network = CLIENT_IP_MARKER; + } + else + { + e.network = getaddr(0, network, 0, &ok, NULL); + if (!ok) + { + msg(msglevel, "client-nat: bad network: %s", network); + return; + } } + e.netmask = getaddr(0, netmask, 0, &ok, NULL); if (!ok) { @@ -263,3 +272,35 @@ client_nat_transform (const struct client_nat_option_list *list, } } } + +/* +* Replaces the CLIENT_IP_MARKER with the leased IP address received from OpenVPN Server. +*/ +bool +update_client_ip_nat(struct client_nat_option_list *dest, in_addr_t local_ip) +{ + int i; + bool ret = false; + + if (!dest) + return ret; + + for (i=0; i <= dest->n; i++) + { + struct client_nat_entry *nat_entry = &dest->entries[i]; + if (nat_entry && nat_entry->network == CLIENT_IP_MARKER) + { + struct in_addr addr; + + nat_entry->network = ntohl(local_ip); + addr.s_addr = nat_entry->network; + char *dot_ip = inet_ntoa(addr); + + msg (D_CLIENT_NAT, "CNAT - Updating NAT table from client-ip/localhost to: %s", dot_ip); + ret = true; + } + } + + return ret; +} + diff --git a/src/openvpn/clinat.h b/src/openvpn/clinat.h old mode 100644 new mode 100755 index a5779e1..bcd3fee --- a/src/openvpn/clinat.h +++ b/src/openvpn/clinat.h @@ -32,6 +32,11 @@ #define CN_OUTGOING 0 #define CN_INCOMING 1 +/* +* Used as a marker to be replaced with the leased IP address received from OpenVPN server. +*/ +#define CLIENT_IP_MARKER 0xFFFFFFFF + struct client_nat_entry { # define CN_SNAT 0 # define CN_DNAT 1 @@ -62,4 +67,9 @@ void client_nat_transform (const struct client_nat_option_list *list, struct buffer *ipbuf, const int direction); +/* +* Replaces the CLIENT_IP_MARKER with the leased IP address received from OpenVPN Server. +*/ +bool update_client_ip_nat(struct client_nat_option_list *dest, in_addr_t local_ip); + #endif diff --git a/src/openvpn/init.c b/src/openvpn/init.c old mode 100644 new mode 100755 index 498d36f..e03d839 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1532,6 +1532,8 @@ do_open_tun (struct context *c) c->c1.tuntap->post_open_mtu, SET_MTU_TUN | SET_MTU_UPPER_BOUND); + update_client_ip_nat(c->options.client_nat, c->c1.tuntap->local); + ret = true; static_context = c; #ifndef TARGET_ANDROID diff --git a/src/openvpn/options.c b/src/openvpn/options.c old mode 100644 new mode 100755 index cf971a6..1c53c5f --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1,3 +1,4 @@ + /* * OpenVPN -- An application to securely tunnel IP networks * over a single UDP port, with support for SSL/TLS-based @@ -220,6 +221,7 @@ static const char usage_message[] = "--redirect-private [flags]: Like --redirect-gateway, but omit actually changing\n" " the default gateway. Useful when pushing private subnets.\n" "--client-nat snat|dnat network netmask alias : on client add 1-to-1 NAT rule.\n" + " Set the network parameter to 'client-ip' or to 'localhost' to use the received ip from OpenVPN Server.\n" #ifdef ENABLE_PUSH_PEER_INFO "--push-peer-info : (client only) push client info to server.\n" #endif -- 1.7.9.5 On Thu, May 19, 2016 at 6:07 AM, Arne Schwabe <arne-open...@rfc2549.org> wrote: > > > Am 04.05.16 um 19:40 schrieb Rafael Gava: > > Reapplying client-ip NAT patch fixing the following issues raised by > > Arne Schwabe: > > > > - Fixing TABs and whitespaces; > It is now more messed up :( There are a lot of changes to whitespace in > the new patch. > > Arne >