1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
James Yonan wrote: |
5 |
|
6 |
| Which netmask are you referring to? The TUN/TAP device? The |
7 |
| internet-connected public interface? OpenVPN actually knows nothing of |
8 |
| netmasks, except for 255.255.255.255 which is used by the --ifconfig |
9 |
option to |
10 |
| configure a virtual tun adapter, so it's not clear what should be passed. |
11 |
I mean "the destination network ip and netmask", which cannot be |
12 |
extracted from |
13 |
tunnel information because it depends on the other side's local network. |
14 |
|
15 |
| There's also the fact that --up can pass user-specified parameters to the |
16 |
| script, which might be a way of generalizing the route script, so that |
17 |
only |
18 |
| one would be necessary for a set of tunnels. |
19 |
| |
20 |
| Every openvpn option can be expressed on either the command line or a |
21 |
config |
22 |
| file. The idea is that there is no reason to create yet another |
23 |
config file |
24 |
| metalanguage for openvpn, when you can do arbitrarily complex run-time |
25 |
| derivations of options by invoking openvpn from a shell script, and |
26 |
putting |
27 |
| options on the command line. For that reason, openvpn config files |
28 |
are simple |
29 |
| and flat (with the exception that multiple config files can be placed |
30 |
on the |
31 |
| command line, and config files can include other config files). |
32 |
Having said |
33 |
| that, any command line smarts would need to go in the init.d file. |
34 |
Perhaps |
35 |
| the /etc/conf.d/openvpn file just has global command line options. |
36 |
|
37 |
if you can pass arbitrary arguments to the --up script the problem is |
38 |
solved. |
39 |
I didn't find it in the man page. |
40 |
|
41 |
I see that the idea of the config file is good, the problem is that it |
42 |
would be nice to have also |
43 |
a --route option and not only an --ifconfig. But here we come the the |
44 |
same old problem |
45 |
monolithic vs. modular. openvpn is very monolithic (which is good |
46 |
because it is simple to use) |
47 |
but then is natural that the authors doesn't want to bloat it with too |
48 |
many options. |
49 |
In fact, routing is not strictly an issue of openvpn, since users may |
50 |
prefer various techniques, |
51 |
and hard coding one perhaps is not good. |
52 |
|
53 |
Marko |
54 |
-----BEGIN PGP SIGNATURE----- |
55 |
Version: GnuPG v1.2.2 (GNU/Linux) |
56 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
57 |
|
58 |
iD8DBQE+/jWHj0pLiOk7oZoRAjvmAJ9QLL1g2JJCrzLOK2MQyFF/xPDxagCgkOfo |
59 |
ksCy8Q7HXx5dQOCMCnIYUjk= |
60 |
=Y4B6 |
61 |
-----END PGP SIGNATURE----- |
62 |
|
63 |
|
64 |
-- |
65 |
gentoo-dev@g.o mailing list |