|
|
Farkas Levente wrote: > Charles Duffy wrote: >> Farkas Levente wrote: >>> - why not accept among the server.conf's push the following options: >>> - persist-remote-ip >>> - keepalive >>> this has a good reason or just forget to include. imho it'd useful. >>> "Options error: option 'persist-remote-ip' cannot be used in this context >>> Options error: option 'keepalive' cannot be used in this context" >> keepalive is a macro which pushes *other* values; it doesn't make sense >> to push it. > > why? wouldn't it be cleaner? Why? Doesn't it work well (and cleanly) as it is? >>> - if i set the above server network then i've got in the log file: >>> "IFCONFIG POOL: base=192.168.254.2 size=252 >>> IFCONFIG POOL LIST" >>> in this case i still can use in the ccd/* files eg. the following: >>> ifconfig-push 192.168.254.2 255.255.255.0 >>> or i should have to use different network for the fixed ip? or? >> You can still use ifconfig-push in cases where a pool is in use. I don't >> know the semantics regarding how these work together; you might need to >> push IPs which are outside of the pool to get correct operation. > > that was my questions since it's not documented. Right -- and my answer was that the safest thing to do is issue static IPs outside of the pool. >>> wouldn't it be much better, cleaner and easier if the client-to-client >>> defined and an iroute in the ccd/* files also 'generate' the above >>> route command and push command for all clients except the ones who >>> owns the network? >> This would make it necessary to read and evaluate *all* ccd files before >> deciding what any of them did, and this would mean that the OpenVPN >> daemon would need to watch all such files for modification (rather than >> just reading the relevant single file at connect time). I'm not sure I >> like it much. > > not relay. if a client is not connected then the network behind it is > not impotant since it's unreachable. if it's connect then the daemon can > add the route and puch it to the other connected clients. That leads to inconsistent behavior: If Client A connects before Client B, then Client B gets a route; if Client B connects first, it doesn't have a route even if Client A connects five seconds later. This is particularly relevant if you have your VPN server go down, such that all the clients are reconnecting within a short period. _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |