Fixed some ifconfig-pool issues that precluded

it from being combined with --server directive.

Now, for example, we can configure thusly:

  server 10.8.0.0 255.255.255.0 nopool
  ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0

to have ifconfig-pool manage only a subset
of the VPN subnet.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3471 e7ae566f-a301-0410-adde-c780ea21d3b5

diff --git a/helper.c b/helper.c
index 7195e216372a127fe685cd10a754d86e9c47488a..2abb417e7a0895a7157e51778947cb826f8a619a 100644 (file)
--- a/helper.c
+++ b/helper.c
@@ -158,7 +158,6 @@ helper_client_server (struct options *o)
    *
    * if tap OR (tun AND topology == subnet):
    *   ifconfig 10.8.0.1 255.255.255.0
-   *   ifconfig-pool-constraint 10.8.0.0 255.255.255.0
    *   if !nopool: 
    *     ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0
    *   push "route-gateway 10.8.0.1"
@@ -184,7 +183,7 @@ helper_client_server (struct options *o)
       if (o->shared_secret_file)
        msg (M_USAGE, "--server and --secret cannot be used together (you must use SSL/TLS keys)");
 
-      if (o->ifconfig_pool_defined)
+      if (!(o->server_flags & SF_NOPOOL) && o->ifconfig_pool_defined)
        msg (M_USAGE, "--server already defines an ifconfig-pool, so you can't also specify --ifconfig-pool explicitly");
 
       if (!(dev == DEV_TYPE_TAP || dev == DEV_TYPE_TUN))
@@ -245,9 +244,9 @@ helper_client_server (struct options *o)
                  o->ifconfig_pool_start = o->server_network + 2;
                  o->ifconfig_pool_end = (o->server_network | ~o->server_netmask) - 2;
                  ifconfig_pool_verify_range (M_USAGE, o->ifconfig_pool_start, o->ifconfig_pool_end);
-                 o->ifconfig_pool_netmask = o->server_netmask;
                }
-
+             o->ifconfig_pool_netmask = o->server_netmask;
+                 
              push_option (o, print_opt_route_gateway (o->server_network + 1, &o->gc), M_USAGE);
            }
          else
@@ -272,8 +271,8 @@ helper_client_server (struct options *o)
              o->ifconfig_pool_start = o->server_network + 2;
              o->ifconfig_pool_end = (o->server_network | ~o->server_netmask) - 1;
              ifconfig_pool_verify_range (M_USAGE, o->ifconfig_pool_start, o->ifconfig_pool_end);
-             o->ifconfig_pool_netmask = o->server_netmask;
            }
+         o->ifconfig_pool_netmask = o->server_netmask;
 
          push_option (o, print_opt_route_gateway (o->server_network + 1, &o->gc), M_USAGE);
        }
@@ -320,7 +319,7 @@ helper_client_server (struct options *o)
       if (o->client)
        msg (M_USAGE, "--server-bridge and --client cannot be used together");
 
-      if (o->ifconfig_pool_defined)
+      if (!(o->server_flags & SF_NOPOOL) && o->ifconfig_pool_defined)
        msg (M_USAGE, "--server-bridge already defines an ifconfig-pool, so you can't also specify --ifconfig-pool explicitly");
 
       if (o->shared_secret_file)

diff --git a/openvpn.8 b/openvpn.8
index b0cb3b014eb41aa97d5355e06ff270baf22bb377..0e85983a29d60430af923b76e85a9f32029bfb07 100644 (file)
--- a/openvpn.8
+++ b/openvpn.8
@@ -2629,8 +2629,9 @@ expands as follows:
  push "topology [topology]"
 
  if dev tun AND (topology == net30 OR topology == p2p):
-   ifconfig 10.8.0.1 10.8.0.2 
-   ifconfig-pool 10.8.0.4 10.8.0.251
+   ifconfig 10.8.0.1 10.8.0.2
+   if !nopool:
+     ifconfig-pool 10.8.0.4 10.8.0.251
    route 10.8.0.0 255.255.255.0
    if client-to-client:
      push "route 10.8.0.0 255.255.255.0"
@@ -2639,7 +2640,8 @@ expands as follows:
 
  if dev tap OR (dev tun AND topology == subnet):
    ifconfig 10.8.0.1 255.255.255.0
-   ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0
+   if !nopool:
+     ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0
    push "route-gateway 10.8.0.1"
 .ft
 .LP

diff --git a/options.c b/options.c
index e84e03c63179b78155e2611e41022f178033fb41..95d81a06a038e508286cc1e52ab21fdda577b2b6 100644 (file)
--- a/options.c
+++ b/options.c
@@ -4499,7 +4499,8 @@ add_option (struct options *options,
       options->ifconfig_pool_defined = true;
       options->ifconfig_pool_start = start;
       options->ifconfig_pool_end = end;
-      options->ifconfig_pool_netmask = netmask;
+      if (netmask)
+       options->ifconfig_pool_netmask = netmask;
     }
   else if (streq (p[0], "ifconfig-pool-persist") && p[1])
     {