From 32e6586687a548174b88b64fe54bfae6c74d4c19 Mon Sep 17 00:00:00 2001 From: Frank Lichtenheld Date: Fri, 1 Dec 2023 12:20:22 +0100 Subject: Change default of "topology" to "subnet" Change-Id: Iede3e7c028cbb715e28bc88c7e583f84dadc02c8 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Message-Id: <20231201112022.15337-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27627.html Signed-off-by: Gert Doering --- Changes.rst | 9 +++++++++ doc/man-sections/vpn-network-options.rst | 19 +++++++++---------- src/openvpn/options.c | 2 +- 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/Changes.rst b/Changes.rst index 54e5980..b2278ab 100644 --- a/Changes.rst +++ b/Changes.rst @@ -23,6 +23,15 @@ NTLMv1 authentication support for HTTP proxies has been removed. ``persist-key`` option has been enabled by default. All the keys will be kept in memory across restart. +Default for ``--topology`` changed to ``subnet`` + Previous releases used ``net30`` as default. This only affects + configs with ``--dev tun`` and only IPv4. Note that this + changes the semantics of ``--ifconfig``, so if you have manual + settings for that in your config but not set ``--topology`` + your config might fail to parse with the new version. Just adding + ``--topology net30`` to the config should fix the problem. + By default ``--topology`` is pushed from server to client. + Overview of changes in 2.6 ========================== diff --git a/doc/man-sections/vpn-network-options.rst b/doc/man-sections/vpn-network-options.rst index abe474f..98b4971 100644 --- a/doc/man-sections/vpn-network-options.rst +++ b/doc/man-sections/vpn-network-options.rst @@ -495,11 +495,17 @@ routing. ``mode`` can be one of: + :code:`subnet` + Use a subnet rather than a point-to-point topology by + configuring the tun interface with a local IP address and subnet mask, + similar to the topology used in ``--dev tap`` and ethernet bridging + mode. This mode allocates a single IP address per connecting client and + works on Windows as well. This is the default. + :code:`net30` Use a point-to-point topology, by allocating one /30 subnet per client. This is designed to allow point-to-point semantics when some - or all of the connecting clients might be Windows systems. This is the - default. + or all of the connecting clients might be Windows systems. :code:`p2p` Use a point-to-point topology where the remote endpoint of @@ -508,15 +514,8 @@ routing. connecting client. Only use when none of the connecting clients are Windows systems. - :code:`subnet` - Use a subnet rather than a point-to-point topology by - configuring the tun interface with a local IP address and subnet mask, - similar to the topology used in ``--dev tap`` and ethernet bridging - mode. This mode allocates a single IP address per connecting client and - works on Windows as well. - *Note:* Using ``--topology subnet`` changes the interpretation of the - arguments of ``--ifconfig`` to mean "address netmask", no longer "local + arguments of ``--ifconfig`` to mean "address netmask", and not "local remote". --tun-mtu args diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 768332d..e2bfe0e 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -796,7 +796,7 @@ init_options(struct options *o, const bool init_gc) o->gc_owned = true; } o->mode = MODE_POINT_TO_POINT; - o->topology = TOP_NET30; + o->topology = TOP_SUBNET; o->ce.proto = PROTO_UDP; o->ce.af = AF_UNSPEC; o->ce.bind_ipv6_only = false; -- cgit v1.1