-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/09/12 17:24, Andrea Bonomi wrote: > There no difference, it's exactly the same feature. The next time I > promise to check better before implementing something that already > exist. Sorry,
No worries, I'm just sorry for you spending time on implementing this feature too. But good to know we know have the feature you need :) Feel free to come back with other improvements whenever you have something up your sleeve. But to avoid such issues in the future, you may also try to get in touch with us on #openvpn-devel on FreeNode (IRC). There are often people there having enough overview to give a good recommendation to further progress. kind regards, David Sommerseth > On 10/set/2012, at 16:49, David Sommerseth wrote: > > On 10/09/12 15:38, Andrea Bonomi wrote: >>>> Dear Developers, I developed a patch for implementing 1:1 >>>> NAT (something similar to the iptables NETMAP target). This >>>> is useful in situations when you have the same (private) >>>> network address behind clients. For example, consider the >>>> following scenario: >>>> >>>> -lan1--192.168.0.0/24-- -lan2--192.168.0.0/24-- | | gw1 >>>> 192.168.0.1 gw2 192.168.0.1 | | >>>> [tunnel]-----OpenVPN server---[tunnel] | [tunnel] | clients… >>>> >>>> The clients have to access to both the machines in lan1 and >>>> lan2, This patch allow to map all the address of a network, >>>> e.g. [to g1] push "netmap 172.16.1.0/24 192.168.0.0/24" [to >>>> g2] push "netmap 172.16.2.0/24 192.168.0.0/24" The clients >>>> can access to, e.g. 192.168.0.79 on lan1 using the IP >>>> 172.16.1.79. > > Hi Andrea, > > First of all, thanks a lot for your efforts here! I just have one > question ... how does this differ from the --client-nat feature in > the code base for OpenVPN v2.3? (git master or alpha releases) > > - From the man page: > > --client-nat snat|dnat network netmask alias This pushable client > option sets up a stateless one-to-one NAT rule on packet > addresses (not ports), and is useful in cases where routes or > ifconfig settings pushed to the client would cre? ate an IP > numbering conflict. > > network/netmask (for example > 192.168.0.0/255.255.0.0) defines the local view of a resource > from the client perspective, while alias/netmask (for example > 10.64.0.0/255.255.0.0) defines the remote view from the server > perspec? tive. > > Use snat (source NAT) for resources owned by the client and dnat > (destination NAT) for remote resources. > > Set --verb 6 for debugging info showing the transformation of > src/dest addresses in packets. > > > kind regards, > > David Sommerseth > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlBOCQAACgkQDC186MBRfrrlkACfQVEFhJLJk4w6LSLGfDSjk+Pn OSAAnAq1VVMM5Fj6mm1C40clBFEvRRIT =8Gqh -----END PGP SIGNATURE-----
