Hi,
This fix breaks the following setup:
1) Server A provides openvpn connectivity to clients
2) Servers X Y and Z are configured as VPN clients and provide some http
services both to the outside internet and to any VPN clients.
3) The http services are configured in a way that mandates password
authentication via an SSL channel, except when communicating with other
VPN clients.
4) Server A supplies 'push "route hostname.of.[X|Y|Z].server"', because
the servers in question are development machines, which can (and do)
change their IP addresses rather frequently.
With the current "fix" point 4 becomes impractical, and now besides
updates to the dns (which are automatic) I have to update the server
config every time something changes (which unfortunately is manual).
It would be desirable that the code attached below can be disabled with
some sort of configuration switch (i.e. --route-fqdn-pull).
Thank you
Peter
options.c
---------------------------------------
else if (streq (p[0], "route") && p[1])
{
VERIFY_PERMISSION (OPT_P_ROUTE);
rol_check_alloc (options);
if (pull_mode)
{
if (!ip_addr_dotted_quad_safe (p[1]) && !is_special_addr (p[1]))
{
msg (msglevel, "route parameter network/IP '%s' is not an IP
address", p[1]);
goto err;
}
if (p[2] && !ip_addr_dotted_quad_safe (p[2]))
{
msg (msglevel, "route parameter netmask '%s' is not an IP
address", p[2]);
goto err;
}
if (p[3] && !ip_addr_dotted_quad_safe (p[3]) && !is_special_addr
(p[3]))
{
msg (msglevel, "route parameter gateway '%s' is not an IP
address", p[3]);
goto err;
}
}
add_route_to_option_list (options->routes, p[1], p[2], p[3], p[4]);
}
---------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
