Hi, On Thu, Jun 03, 2010 at 04:48:35PM +0200, chantra wrote: > Please find below a patch to correct the behaviour. > > I have also opened a trac ticket : > https://community.openvpn.net/openvpn/ticket/14
The patch itself looks good. It's a bit of a philosophical issue what to do with network specifications given like this - one approach would be to *reject* as a config error ("a /28 network cannot start at .8"), the other approach is what you have done, to silently mask out the host bits, changing the .8/28 to .0/28. Both have merits, your fix is somewhat less code then adding an extra input validation check if ((network.s_addr & netmask) != network.s_addr ) { complain; } - so: ACK from me. (Since OpenVPN likes to print warnings, we *could* add code to print a warning in this case - "warning: subnet address changed to match /%d, new value is %s/%d"). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de