| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
James Yonan wrote: |
| 5 |
|
| 6 |
| Which netmask are you referring to? The TUN/TAP device? The |
| 7 |
| internet-connected public interface? OpenVPN actually knows nothing of |
| 8 |
| netmasks, except for 255.255.255.255 which is used by the --ifconfig |
| 9 |
option to |
| 10 |
| configure a virtual tun adapter, so it's not clear what should be passed. |
| 11 |
I mean "the destination network ip and netmask", which cannot be |
| 12 |
extracted from |
| 13 |
tunnel information because it depends on the other side's local network. |
| 14 |
|
| 15 |
| There's also the fact that --up can pass user-specified parameters to the |
| 16 |
| script, which might be a way of generalizing the route script, so that |
| 17 |
only |
| 18 |
| one would be necessary for a set of tunnels. |
| 19 |
| |
| 20 |
| Every openvpn option can be expressed on either the command line or a |
| 21 |
config |
| 22 |
| file. The idea is that there is no reason to create yet another |
| 23 |
config file |
| 24 |
| metalanguage for openvpn, when you can do arbitrarily complex run-time |
| 25 |
| derivations of options by invoking openvpn from a shell script, and |
| 26 |
putting |
| 27 |
| options on the command line. For that reason, openvpn config files |
| 28 |
are simple |
| 29 |
| and flat (with the exception that multiple config files can be placed |
| 30 |
on the |
| 31 |
| command line, and config files can include other config files). |
| 32 |
Having said |
| 33 |
| that, any command line smarts would need to go in the init.d file. |
| 34 |
Perhaps |
| 35 |
| the /etc/conf.d/openvpn file just has global command line options. |
| 36 |
|
| 37 |
if you can pass arbitrary arguments to the --up script the problem is |
| 38 |
solved. |
| 39 |
I didn't find it in the man page. |
| 40 |
|
| 41 |
I see that the idea of the config file is good, the problem is that it |
| 42 |
would be nice to have also |
| 43 |
a --route option and not only an --ifconfig. But here we come the the |
| 44 |
same old problem |
| 45 |
monolithic vs. modular. openvpn is very monolithic (which is good |
| 46 |
because it is simple to use) |
| 47 |
but then is natural that the authors doesn't want to bloat it with too |
| 48 |
many options. |
| 49 |
In fact, routing is not strictly an issue of openvpn, since users may |
| 50 |
prefer various techniques, |
| 51 |
and hard coding one perhaps is not good. |
| 52 |
|
| 53 |
Marko |
| 54 |
-----BEGIN PGP SIGNATURE----- |
| 55 |
Version: GnuPG v1.2.2 (GNU/Linux) |
| 56 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 57 |
|
| 58 |
iD8DBQE+/jWHj0pLiOk7oZoRAjvmAJ9QLL1g2JJCrzLOK2MQyFF/xPDxagCgkOfo |
| 59 |
ksCy8Q7HXx5dQOCMCnIYUjk= |
| 60 |
=Y4B6 |
| 61 |
-----END PGP SIGNATURE----- |
| 62 |
|
| 63 |
|
| 64 |
-- |
| 65 |
gentoo-dev@g.o mailing list |
Archives