Project

General

Profile

Bug #7574

openvpn ifconfig using IP instead of subnet mask

Added by Jeremy C. Reed 4 months ago. Updated 4 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
05/20/2017
Due date:
% Done:

0%

Affected version:
Affected Architecture:

Description

/etc/inc/openvpn.inc

The openvpn manual says:
Note: Using - -topology subnet changes the interpretation of the
arguments of - -ifconfig to mean "address netmask", no longer "local
remote".

And also says:
TUN devices in - -topology subnet mode (which create virtual
"multipoint networks"), - -ifconfig is used to set an IP address
and subnet mask ...
(The manual example also shows it.)

But openvpn.inc when using tun still sets ifconfig (conf option)
using $ip1 for client and $ip2 for server instead of the $mask.
I didn't test this but doesn't follow the docs.
This may need fixed so second argument is the mask.

I did read
https://forum.pfsense.org/index.php?topic=103331.0

(I noticed this while working on my book.
My list of bugs is at http://reedmedia.net/books/pfsense/bugs.html )

History

#1 Updated by Jim Pingle 4 months ago

  • Category changed from VPN to OpenVPN
  • Status changed from New to Rejected

It's not that cut and dried.

Point-to-Point modes still use "IP1 IP2" style, which includes Shared Key, SSL/TLS with a /30 tunnel network, and topology net30 setups. Tap and topology subnet use "IP mask". For each of these different scenarios we use the appropriate configuration lines.

All of these modes work, so what is the actual bug here? If it was using the incorrect syntax, OpenVPN would be failing. Loudly.

Also available in: Atom PDF