Fwd: openconnect v7.06 for Windows issue
David Woodhouse
dwmw2 at infradead.org
Thu May 7 00:21:34 PDT 2015
On Thu, 2015-05-07 at 08:49 +0200, Horváth Szabolcs wrote:
>
> Short feedback for anyone else who might have found this post: instead
> of rebuilding Openconnect on Windows, we ended up changing the VPN
> netmask to /27.
> It works like a charm.
>
> Looks like Windows TAP driver from OpenVPN has issues with /32 netmask.
Yes. This is a limitation of Windows really, since a network device
driver needs to pretend to be Ethernet — the TAP driver itself is
*faking* ARP and Neighbour Discovery and pretending to be the 'router'
on the faked Ethernet subnet.
I'd like to test a /31 subnet, which isn't big enough to be real
Ethernet — it only gives you the network address and the broadcast
address, without any actual stations. But if it works in Windows then
that's probably what we should do. The client takes one address, and
we use the other for the "router".
It does mean that we are forced to route the second address to the
VPN, while with a /32 netmask we *shouldn't* have been. But that's
probably the best we can do.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150507/718ca090/attachment.bin>
More information about the openconnect-devel
mailing list