Hi Arne, sorry for replying so late.

Below is the NAT client-ip patch fixing the messed up whitespaces.
The only difference from the previous patch, besides the whitespaces, is
that I'm considering both strings 'client-ip' and 'localhost' as valid
options.

Please, whatever problem let me know.

BR

Rafael

--------

>From cf9cf767df84ec5beb8c127d66bde4cd2d278b34 Mon Sep 17 00:00:00 2001
From: vntraol <rafael.olive...@venturus.org.br>
List-Post: openvpn-devel@lists.sourceforge.net
Date: Mon, 4 Jul 2016 17:20:38 -0300
Subject: [PATCH] Allow the user to use the string 'client-ip' on the
 client-nat network configuration as a convenient way to use
 the leased IP address received from the OpenVPN server.

Usage example:

client-nat snat client-ip 255.255.255.255 172.20.1.15 # replaces the
'client-ip' string with the leased IP address received from the OpenVPN
server

Signed-off-by: vntraol <rafael.olive...@venturus.org.br>
---
 src/openvpn/clinat.c  |   49
+++++++++++++++++++++++++++++++++++++++++++++----
 src/openvpn/clinat.h  |   10 ++++++++++
 src/openvpn/init.c    |    2 ++
 src/openvpn/options.c |    2 ++
 4 files changed, 59 insertions(+), 4 deletions(-)
 mode change 100644 => 100755 src/openvpn/clinat.c
 mode change 100644 => 100755 src/openvpn/clinat.h
 mode change 100644 => 100755 src/openvpn/init.c
 mode change 100644 => 100755 src/openvpn/options.c

diff --git a/src/openvpn/clinat.c b/src/openvpn/clinat.c
old mode 100644
new mode 100755
index ddefe12..713c821
--- a/src/openvpn/clinat.c
+++ b/src/openvpn/clinat.c
@@ -124,12 +124,21 @@ add_client_nat_to_option_list (struct
client_nat_option_list *dest,
       return;
     }

-  e.network = getaddr(0, network, 0, &ok, NULL);
-  if (!ok)
+  if (network && (!strcmp(network, "client-ip") || !strcmp(network,
"localhost")) )
     {
-      msg(msglevel, "client-nat: bad network: %s", network);
-      return;
+      // To be replaced later on with the leased IP Address received from
Openvpn Server.
+      e.network = CLIENT_IP_MARKER;
+ }
+  else
+    {
+      e.network = getaddr(0, network, 0, &ok, NULL);
+      if (!ok)
+        {
+          msg(msglevel, "client-nat: bad network: %s", network);
+          return;
+        }
     }
+
   e.netmask = getaddr(0, netmask, 0, &ok, NULL);
   if (!ok)
     {
@@ -263,3 +272,35 @@ client_nat_transform (const struct
client_nat_option_list *list,
  }
     }
 }
+
+/*
+* Replaces the CLIENT_IP_MARKER with the leased IP address received from
OpenVPN Server.
+*/
+bool
+update_client_ip_nat(struct client_nat_option_list *dest, in_addr_t
local_ip)
+{
+  int i;
+  bool ret = false;
+
+  if (!dest)
+    return ret;
+
+  for (i=0; i <= dest->n; i++)
+    {
+      struct client_nat_entry *nat_entry = &dest->entries[i];
+      if (nat_entry && nat_entry->network == CLIENT_IP_MARKER)
+        {
+          struct in_addr addr;
+
+          nat_entry->network = ntohl(local_ip);
+          addr.s_addr = nat_entry->network;
+          char *dot_ip = inet_ntoa(addr);
+
+          msg (D_CLIENT_NAT, "CNAT - Updating NAT table from
client-ip/localhost to: %s", dot_ip);
+          ret = true;
+        }
+    }
+
+  return ret;
+}
+
diff --git a/src/openvpn/clinat.h b/src/openvpn/clinat.h
old mode 100644
new mode 100755
index a5779e1..bcd3fee
--- a/src/openvpn/clinat.h
+++ b/src/openvpn/clinat.h
@@ -32,6 +32,11 @@
 #define CN_OUTGOING 0
 #define CN_INCOMING 1

+/*
+* Used as a marker to be replaced with the leased IP address received from
OpenVPN server.
+*/
+#define CLIENT_IP_MARKER 0xFFFFFFFF
+
 struct client_nat_entry {
 # define CN_SNAT 0
 # define CN_DNAT 1
@@ -62,4 +67,9 @@ void client_nat_transform (const struct
client_nat_option_list *list,
    struct buffer *ipbuf,
    const int direction);

+/*
+* Replaces the CLIENT_IP_MARKER with the leased IP address received from
OpenVPN Server.
+*/
+bool update_client_ip_nat(struct client_nat_option_list *dest, in_addr_t
local_ip);
+
 #endif
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
old mode 100644
new mode 100755
index 498d36f..e03d839
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1532,6 +1532,8 @@ do_open_tun (struct context *c)
        c->c1.tuntap->post_open_mtu,
        SET_MTU_TUN | SET_MTU_UPPER_BOUND);

+      update_client_ip_nat(c->options.client_nat, c->c1.tuntap->local);
+
       ret = true;
       static_context = c;
 #ifndef TARGET_ANDROID
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
old mode 100644
new mode 100755
index cf971a6..1c53c5f
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1,3 +1,4 @@
+
 /*
  *  OpenVPN -- An application to securely tunnel IP networks
  *             over a single UDP port, with support for SSL/TLS-based
@@ -220,6 +221,7 @@ static const char usage_message[] =
   "--redirect-private [flags]: Like --redirect-gateway, but omit actually
changing\n"
   "                  the default gateway.  Useful when pushing private
subnets.\n"
   "--client-nat snat|dnat network netmask alias : on client add 1-to-1 NAT
rule.\n"
+  "                  Set the network parameter to 'client-ip' or to
'localhost' to use the received ip from OpenVPN Server.\n"
 #ifdef ENABLE_PUSH_PEER_INFO
   "--push-peer-info : (client only) push client info to server.\n"
 #endif
-- 
1.7.9.5



On Thu, May 19, 2016 at 6:07 AM, Arne Schwabe <arne-open...@rfc2549.org>
wrote:

>
>
> Am 04.05.16 um 19:40 schrieb Rafael Gava:
> > Reapplying client-ip NAT patch fixing the following issues raised by
> > Arne Schwabe:
> >
> >     - Fixing TABs and whitespaces;
> It is now more messed up :( There are a lot of changes to whitespace in
> the new patch.
>
> Arne
>

Reply via email to