Browse code
Change default of "topology" to "subnet"
Change-Id: Iede3e7c028cbb715e28bc88c7e583f84dadc02c8
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Message-Id: <20231201112022.15337-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27627.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Frank Lichtenheld authored on 2023/12/01 20:20:22Showing 3 changed files
| ... | ... |
@@ -23,6 +23,15 @@ NTLMv1 authentication support for HTTP proxies has been removed. |
| 23 | 23 |
``persist-key`` option has been enabled by default. |
| 24 | 24 |
All the keys will be kept in memory across restart. |
| 25 | 25 |
|
| 26 |
+Default for ``--topology`` changed to ``subnet`` |
|
| 27 |
+ Previous releases used ``net30`` as default. This only affects |
|
| 28 |
+ configs with ``--dev tun`` and only IPv4. Note that this |
|
| 29 |
+ changes the semantics of ``--ifconfig``, so if you have manual |
|
| 30 |
+ settings for that in your config but not set ``--topology`` |
|
| 31 |
+ your config might fail to parse with the new version. Just adding |
|
| 32 |
+ ``--topology net30`` to the config should fix the problem. |
|
| 33 |
+ By default ``--topology`` is pushed from server to client. |
|
| 34 |
+ |
|
| 26 | 35 |
Overview of changes in 2.6 |
| 27 | 36 |
========================== |
| 28 | 37 |
|
| ... | ... |
@@ -495,11 +495,17 @@ routing. |
| 495 | 495 |
|
| 496 | 496 |
``mode`` can be one of: |
| 497 | 497 |
|
| 498 |
+ :code:`subnet` |
|
| 499 |
+ Use a subnet rather than a point-to-point topology by |
|
| 500 |
+ configuring the tun interface with a local IP address and subnet mask, |
|
| 501 |
+ similar to the topology used in ``--dev tap`` and ethernet bridging |
|
| 502 |
+ mode. This mode allocates a single IP address per connecting client and |
|
| 503 |
+ works on Windows as well. This is the default. |
|
| 504 |
+ |
|
| 498 | 505 |
:code:`net30` |
| 499 | 506 |
Use a point-to-point topology, by allocating one /30 subnet |
| 500 | 507 |
per client. This is designed to allow point-to-point semantics when some |
| 501 |
- or all of the connecting clients might be Windows systems. This is the |
|
| 502 |
- default. |
|
| 508 |
+ or all of the connecting clients might be Windows systems. |
|
| 503 | 509 |
|
| 504 | 510 |
:code:`p2p` |
| 505 | 511 |
Use a point-to-point topology where the remote endpoint of |
| ... | ... |
@@ -508,15 +514,8 @@ routing. |
| 508 | 508 |
connecting client. Only use when none of the connecting clients are |
| 509 | 509 |
Windows systems. |
| 510 | 510 |
|
| 511 |
- :code:`subnet` |
|
| 512 |
- Use a subnet rather than a point-to-point topology by |
|
| 513 |
- configuring the tun interface with a local IP address and subnet mask, |
|
| 514 |
- similar to the topology used in ``--dev tap`` and ethernet bridging |
|
| 515 |
- mode. This mode allocates a single IP address per connecting client and |
|
| 516 |
- works on Windows as well. |
|
| 517 |
- |
|
| 518 | 511 |
*Note:* Using ``--topology subnet`` changes the interpretation of the |
| 519 |
- arguments of ``--ifconfig`` to mean "address netmask", no longer "local |
|
| 512 |
+ arguments of ``--ifconfig`` to mean "address netmask", and not "local |
|
| 520 | 513 |
remote". |
| 521 | 514 |
|
| 522 | 515 |
--tun-mtu args |
| ... | ... |
@@ -796,7 +796,7 @@ init_options(struct options *o, const bool init_gc) |
| 796 | 796 |
o->gc_owned = true; |
| 797 | 797 |
} |
| 798 | 798 |
o->mode = MODE_POINT_TO_POINT; |
| 799 |
- o->topology = TOP_NET30; |
|
| 799 |
+ o->topology = TOP_SUBNET; |
|
| 800 | 800 |
o->ce.proto = PROTO_UDP; |
| 801 | 801 |
o->ce.af = AF_UNSPEC; |
| 802 | 802 |
o->ce.bind_ipv6_only = false; |