"--version : Show copyright and version information.\n"
"\n"
"Tunnel Options:\n"
- "--local host : Local host name or ip address. Implies --bind.\n"
+ "--local host|* [port]: Local host name or IP address and port for bind.\n"
+ " If specified, OpenVPN will bindto this address. If unspecified,\n"
+ " OpenVPN will bind to all interfaces. '*' can be used as hostname\n"
+ " and means 'any host' (OpenVPN will listen on what is returned by the OS).\n"
+ " On a client, or in point-to-point mode, this can only be specified once (1 socket).\n"
+ " On an OpenVPN setup running as ``--server``, this can be specified multiple times\n"
+ " to open multiple listening sockets on different addresses and/or different ports.\n"
+ " In order to specify multiple listen ports without specifying an address, use '*'\n"
+ " to signal 'use what the operating system gives you as default', for\n"
+ " 'all IPv4 addresses' use '0.0.0.0', for 'all IPv6 addresses' use '::'.\n"
+ " ``--local`` implies ``--bind``.\n"
"--remote host [port] : Remote host name or ip address.\n"
"--remote-random : If multiple --remote options specified, choose one randomly.\n"
"--remote-random-hostname : Add a random string to remote DNS name.\n"
const int i)
{
setenv_str_i(es, "proto", proto2ascii(e->proto, e->af, false), i);
- setenv_str_i(es, "local", e->local, i);
- setenv_str_i(es, "local_port", e->local_port, i);
+ /* expected to be for single socket contexts only */
+ setenv_str_i(es, "local", e->local_list->array[0]->local, i);
+ setenv_str_i(es, "local_port", e->local_list->array[0]->port, i);
setenv_str_i(es, "remote", e->remote, i);
setenv_str_i(es, "remote_port", e->remote_port, i);
show_connection_entry(const struct connection_entry *o)
{
msg(D_SHOW_PARMS, " proto = %s", proto2ascii(o->proto, o->af, false));
- SHOW_STR(local);
- SHOW_STR(local_port);
+ msg(D_SHOW_PARMS, " Local Sockets:");
+ for (int i = 0; i < o->local_list->len; i++)
+ {
+ msg(D_SHOW_PARMS, " [%s]:%s", o->local_list->array[i]->local,
+ o->local_list->array[i]->port);
+ }
SHOW_STR(remote);
SHOW_STR(remote_port);
SHOW_BOOL(remote_float);
#endif /* ifdef ENABLE_MANAGEMENT */
+static struct local_list *
+alloc_local_list_if_undef(struct connection_entry *ce, struct gc_arena *gc)
+{
+ if (!ce->local_list)
+ {
+ ALLOC_OBJ_CLEAR_GC(ce->local_list, struct local_list, gc);
+ }
+ return ce->local_list;
+}
+
+static struct local_entry *
+alloc_local_entry(struct connection_entry *ce, const int msglevel,
+ struct gc_arena *gc)
+{
+ struct local_list *l = alloc_local_list_if_undef(ce, gc);
+ struct local_entry *e;
+
+ if (l->len >= CONNECTION_LIST_SIZE)
+ {
+ msg(msglevel, "Maximum number of 'local' options (%d) exceeded",
+ CONNECTION_LIST_SIZE);
+
+ return NULL;
+ }
+
+ ALLOC_OBJ_CLEAR_GC(e, struct local_entry, gc);
+ l->array[l->len++] = e;
+
+ return e;
+}
+
static struct connection_list *
alloc_connection_list_if_undef(struct options *options)
{
"--proto tcp-server or --proto tcp-client");
}
+ /*
+ * Sanity check on Client mode
+ */
+
+ if (options->mode != MODE_SERVER && ce->local_list->len > 1)
+ {
+ msg(M_USAGE, "multiple --local statements only allowed in --server mode");
+ }
+
if (options->lladdr && dev != DEV_TYPE_TAP)
{
msg(M_USAGE, "--lladdr can only be used in --dev tap mode");
* Sanity check on --local, --remote, and --ifconfig
*/
- if (proto_is_net(ce->proto)
- && string_defined_equal(ce->local, ce->remote)
- && string_defined_equal(ce->local_port, ce->remote_port))
- {
- msg(M_USAGE, "--remote and --local addresses are the same");
- }
-
if (string_defined_equal(ce->remote, options->ifconfig_local)
|| string_defined_equal(ce->remote, options->ifconfig_remote_netmask))
{
"addresses");
}
- if (string_defined_equal(ce->local, options->ifconfig_local)
- || string_defined_equal(ce->local, options->ifconfig_remote_netmask))
- {
- msg(M_USAGE,
- "--local addresses must be distinct from --ifconfig addresses");
- }
-
if (string_defined_equal(options->ifconfig_local,
options->ifconfig_remote_netmask))
{
msg(M_USAGE, "--bind and --nobind can't be used together");
}
- if (ce->local && !ce->bind_local)
- {
- msg(M_USAGE,
- "--local and --nobind don't make sense when used together");
- }
-
if (ce->local_port_defined && !ce->bind_local)
{
msg(M_USAGE,
msg(M_USAGE, "--nobind doesn't make sense unless used with --remote");
}
+ for (int i = 0; i < ce->local_list->len; i++)
+ {
+ struct local_entry *le = ce->local_list->array[i];
+
+ if (proto_is_net(ce->proto)
+ && string_defined_equal(le->local, ce->remote)
+ && string_defined_equal(le->port, ce->remote_port))
+ {
+ msg(M_USAGE, "--remote and one of the --local addresses are the same");
+ }
+
+ if (string_defined_equal(le->local, options->ifconfig_local)
+ || string_defined_equal(le->local, options->ifconfig_remote_netmask))
+ {
+ msg(M_USAGE, "--local addresses must be distinct from --ifconfig addresses");
+ }
+
+ if (le->local && !ce->bind_local)
+ {
+ msg(M_USAGE, "--local and --nobind don't make sense when used together");
+ }
+ }
+
/*
* Check for consistency of management options
*/
}
/* an option is present that requires local bind to enabled */
- bool need_bind = ce->local || ce->local_port_defined || ce->bind_defined;
+ bool need_bind = ce->local_port_defined || ce->bind_defined || ce->local_list;
/* socks proxy is enabled */
bool uses_socks = ce->proto == PROTO_UDP && ce->socks_proxy_server;
}
}
+static void
+options_postprocess_mutate_le(struct connection_entry ce, struct local_entry *le)
+{
+ /* use the global port if none is specified */
+ if (!le->port)
+ {
+ le->port = ce.local_port;
+ }
+}
+
#ifdef _WIN32
/* If iservice is in use, we need def1 method for redirect-gateway */
static void
options_postprocess_mutate_ce(o, o->connection_list->array[i]);
}
+ if (o->ce.local_list)
+ {
+ for (i = 0; i < o->ce.local_list->len; i++)
+ {
+ options_postprocess_mutate_le(o->ce, o->ce.local_list->array[i]);
+ }
+ }
+ else
+ {
+ /* if no 'local' directive was specified, convert the global port
+ * setting to a listen entry */
+ struct local_entry *e = alloc_local_entry(&o->ce, M_USAGE, &o->gc);
+ ASSERT(e);
+ e->port = o->ce.local_port;
+ }
+
+ /* use the same listen list for every outgoing connection */
+ for (i = 0; i < o->connection_list->len; ++i)
+ {
+ o->connection_list->array[i]->local_list = o->ce.local_list;
+ }
+
if (o->tls_server)
{
/* Check that DH file is specified, or explicitly disabled */
VERIFY_PERMISSION(OPT_P_UP);
options->ifconfig_nowarn = true;
}
- else if (streq(p[0], "local") && p[1] && !p[2])
+ else if (streq(p[0], "local") && p[1] && !p[3])
{
+ struct local_entry *e;
+
VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_CONNECTION);
- options->ce.local = p[1];
+
+ e = alloc_local_entry(&options->ce, M_USAGE, &options->gc);
+ ASSERT(e);
+
+ /* '*' is treated as 'ask the system to get some socket',
+ * therefore force binding on a particular address only when
+ * actually specified. */
+ if (strcmp(p[1], "*") != 0)
+ {
+ e->local = p[1];
+ }
+
+ if (p[2])
+ {
+ e->port = p[2];
+ }
}
else if (streq(p[0], "remote-random") && !p[1])
{
projects / thirdparty / openvpn.git / commitdiff
