[PATCH -ocserv 4/5] Use distinct remote and local IPs when explicit_ipv[46] is specified
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Feb 9 08:02:43 PST 2015
On Mon, Feb 9, 2015 at 3:38 PM, Kevin Cernekee <cernekee at gmail.com> wrote:
>>> So instead we'll set LIP = RIP + 1. This isn't terribly intuitive (an
>>> administrator might try to number consecutive users 192.168.1.1, 192.168.1.2,
>>> 192.168.1.3, ...) but it's better than the current situation. Maybe at some
>>> point, fixed IPs should also make use of the hash table.
>> The original approach is nasty, but setting LIP=RIP+1 is pretty much
>> nastier. The single IP approach was used mainly for radius where the
>> server will certainly will not know about the LIP=RIP+1 convention,
>> and there will be very hard to track bugs. I think that leaving it
>> like that is better than the alternative...
> When LIP=RIP I am not able to pass any traffic at all.
> Is this actually working correctly for RADIUS users? Maybe I am
> missing something obvious...
To be honest I haven't tried it. I knew however, that openconnect does
use the same IP as well on the tun device for both the local and the
P-t-P one. I'll have to check it further, but that will not be very
soon. If there are any nice ideas to overcome that they are welcome.
regards,
Nikos
More information about the openconnect-devel
mailing list