Notes on ocserv (0.11.3) compatibility with FreeBSD 10.2/10.3

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Thu Jun 30 02:10:14 PDT 2016


On Wed, Jun 29, 2016 at 10:14 PM, jvi <v8kjvi0j6 at gmail.com> wrote:
> 2) Routes
> ocserv accepts only the most crude and basic route definitions (route
> = "") from the configuration file. Any more details and complicated
> syntax is either ignored or ends up as an error. Perhaps ocserv could
> simply set whatever is defined through route = "" option instead of
> trying to process and check its syntax? That would do it. Leave making
> sure route definitions are correct to the user.
>
> Workaround: Custom/advanced routes can be set through a connect script
> (connect-script = "")

Could you elaborate on that? What syntax is missing? Note that ocserv
cannot allow free-form syntax as it has to send valid data to the
clients.

> 3) Support for multiple routing tables
> There is none. At the core of FreeBSD routing lays multi-fib
> management, especially if there are several jails involved. Preparing
> ocserv for it should be fairly simple. Hence ocserv could get its on
> routing table(s) separated from the system default/any other routing
> table, perhaps even one for each user; for convenience, safety and
> foolproofing, which would be a brilliant feature.

It is unclear to me what do you mean here. Is it about providing
different routes to different users? That is already allowed.

regards,
Nikos



More information about the openconnect-devel mailing list