[PATCH -ocserv 4/5] Use distinct remote and local IPs when explicit_ipv[46] is specified
David Woodhouse
dwmw2 at infradead.org
Mon Feb 9 08:36:41 PST 2015
On Mon, 2015-02-09 at 17:25 +0100, Nikos Mavrogiannopoulos wrote:
>
> Correct. That still does leave the problem of what to put there. Maybe
> it would make sense to restrict all explicit IPs to only even values,
> and use the odd value as the local one. That at least would prevent
> major surprises.
You only need *one* internal IP address, and you can use that as the
local IP address on all the tunnels.
Perhaps you could use the external IP address of the server, but maybe
it's best to use something that the clients can route to *through* the
VPN.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150209/bd0448d1/attachment-0001.bin>
More information about the openconnect-devel
mailing list