[PATCH -ocserv 4/5] Use distinct remote and local IPs when explicit_ipv[46] is specified

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Feb 11 02:04:17 PST 2015


On Wed, Feb 11, 2015 at 10:41 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
>> > That would have to require additional configuration options. Thus,
>> > I've now applied Kevin's patch, and if addresses that are not
>> managed
>> > by ocserv (i.e., explicit) are used, then only odd address will be
>> > accepted and the next even will be used as the local address.
>>
>> Thinking of it again, would we have any problem if we always use the
>> first address of the setup network as our local address? That is use
>> 192.168.1.0 (when our network is 192.168.1.0/255.255.255.0).
> I'm not entirely familiar with RADIUS but isn't the point that you are
> delegating IP assignment to the RADIUS server. You can't just *steal* IP
> addresses which might actually belong to someone else, can you?
>> That would simplify quite a lot the current assignment process and
>> free us from reserving two IPs per connection.
> Does it really have to be two IPs per connection? Can't you just assign
> *yourself* a single IP at startup, and use that as the local address?

That's what I'm proposing. To take the first address from the
configured network and assign it as our address for tun purposes.
Indeed there could be someone somewhere using it, but in the end we
need an address to use.

regards,
Nikos



More information about the openconnect-devel mailing list