per-user device name and local server's ip pin
David Woodhouse
dwmw2 at infradead.org
Wed Apr 26 01:51:07 PDT 2023
On Wed, 2023-04-26 at 06:26 +0300, Andrei Sergeev wrote:
> Hello.
>
> Could you please help me, I'm struggling with two problems:
> 1. Is there any possibility to pin local device name on per-user basis?
> For now it says "skipping unknown option 'device' " if i place it in
> user config file.
The options have the same name as the command line options, and that
one is --interface. So "interface" in the config file.
> 2. And the second question: is there any ability to set fixed server's
> local side IP address for the tunnel interface?
> Even if I, for example, will set up an ipv4-network = 192.168.0.1,
> ipv4-netmask = 255.255.255.255 and explicit-ipv4 = 192.168.0.50 for user
> - the ocserv instance gets an address 192.168.0.3 for his side, which
> couldn't be predicted...
That's not something the client can control, is it? The server actually
has to *respond* to that address, surely? If you care at all; why does
anyone care about the IP address that the server has on its end of the
tunnel link anyway? If you want to communicate with the server itself,
doesn't it have a canonical IP address on one of its physical networks?
and if you want route through the server to anything beyond, nobody
cares what the IP address of the server is...
Knowing what you're trying to achieve with this would help to answer
it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5965 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20230426/0447f847/attachment.p7s>
More information about the openconnect-devel
mailing list