Hello, There's a hardcoded size limit in pool.h when assigning the netmask to your VPN. It only allows you to have /16 networks or smaller, and I think this should be increased to /8 so that you can use the whole 10.0.0.0/8 subnet as described by RFC 1918 concerning dedicated private subnets. Naturally, there's no reason anyone would have a network that size (that's a lot of hosts!) on a VPN because it's completely asinine to think that your hardware could support a network like that running on a single daemon. However, if you are assigning static IP addresses per host and you have a good reason to want to put specific hosts on their own smaller /24 subnets, those might add up if you don't want more than a handful of machines on each /24 net.
I acknowledge the fact that a large network like this is not actually possible in implementation, but I'm not aware of a good reason why this hardcoded limit is in place. I've attached a patch created against version 2.1_rc7, but it should also apply against all versions in subversion as of today. If someone knows why this hardcoded limit is in place, I'd like to know if it's unsafe to run OpenVPN with my patch applied. Thanks, and great product! -- rm / 0xCD29EB54
openvpn-2.1_rc7-bigpool.patch
Description: Binary data
