diff options
author | Frank Lichtenheld | 2023-12-01 12:20:22 +0100 |
---|---|---|
committer | Gert Doering | 2024-04-03 17:28:46 +0200 |
commit | 32e6586687a548174b88b64fe54bfae6c74d4c19 (patch) | |
tree | db758005ecbfb532e075b3ac4169bbe467360c4c | |
parent | e2ff9161e1b1b3e8c83bf01e3c488e0601834c0c (diff) | |
download | openvpn-32e6586687a548174b88b64fe54bfae6c74d4c19.zip openvpn-32e6586687a548174b88b64fe54bfae6c74d4c19.tar.gz |
Change-Id: Iede3e7c028cbb715e28bc88c7e583f84dadc02c8
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Message-Id: <20231201112022.15337-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27627.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
-rw-r--r-- | Changes.rst | 9 | ||||
-rw-r--r-- | doc/man-sections/vpn-network-options.rst | 19 | ||||
-rw-r--r-- | src/openvpn/options.c | 2 |
3 files changed, 19 insertions, 11 deletions
diff --git a/Changes.rst b/Changes.rst index 54e5980..b2278ab 100644 --- a/Changes.rst +++ b/Changes.rst @@ -23,6 +23,15 @@ NTLMv1 authentication support for HTTP proxies has been removed. ``persist-key`` option has been enabled by default. All the keys will be kept in memory across restart. +Default for ``--topology`` changed to ``subnet`` + Previous releases used ``net30`` as default. This only affects + configs with ``--dev tun`` and only IPv4. Note that this + changes the semantics of ``--ifconfig``, so if you have manual + settings for that in your config but not set ``--topology`` + your config might fail to parse with the new version. Just adding + ``--topology net30`` to the config should fix the problem. + By default ``--topology`` is pushed from server to client. + Overview of changes in 2.6 ========================== diff --git a/doc/man-sections/vpn-network-options.rst b/doc/man-sections/vpn-network-options.rst index abe474f..98b4971 100644 --- a/doc/man-sections/vpn-network-options.rst +++ b/doc/man-sections/vpn-network-options.rst @@ -495,11 +495,17 @@ routing. ``mode`` can be one of: + :code:`subnet` + Use a subnet rather than a point-to-point topology by + configuring the tun interface with a local IP address and subnet mask, + similar to the topology used in ``--dev tap`` and ethernet bridging + mode. This mode allocates a single IP address per connecting client and + works on Windows as well. This is the default. + :code:`net30` Use a point-to-point topology, by allocating one /30 subnet per client. This is designed to allow point-to-point semantics when some - or all of the connecting clients might be Windows systems. This is the - default. + or all of the connecting clients might be Windows systems. :code:`p2p` Use a point-to-point topology where the remote endpoint of @@ -508,15 +514,8 @@ routing. connecting client. Only use when none of the connecting clients are Windows systems. - :code:`subnet` - Use a subnet rather than a point-to-point topology by - configuring the tun interface with a local IP address and subnet mask, - similar to the topology used in ``--dev tap`` and ethernet bridging - mode. This mode allocates a single IP address per connecting client and - works on Windows as well. - *Note:* Using ``--topology subnet`` changes the interpretation of the - arguments of ``--ifconfig`` to mean "address netmask", no longer "local + arguments of ``--ifconfig`` to mean "address netmask", and not "local remote". --tun-mtu args diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 768332d..e2bfe0e 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -796,7 +796,7 @@ init_options(struct options *o, const bool init_gc) o->gc_owned = true; } o->mode = MODE_POINT_TO_POINT; - o->topology = TOP_NET30; + o->topology = TOP_SUBNET; o->ce.proto = PROTO_UDP; o->ce.af = AF_UNSPEC; o->ce.bind_ipv6_only = false; |