Author: Rafael Gava de Oliveira <rafael.olive...@venturus.org.br> I wanted to give an ACK to both of Gava’s patches 1) client-nat localhost/client-ip patch and 2) active ftp patch.
We had asked Gava to develop these patches so that we could use OpenVPN in our remote service network. We currently have OpenVPN 2.3.5 with this patch applied in deployed to about 3000 devices both in the US and EU. Some of the devices we have to connect to are over 15 years old and active ftp is unavoidable, so his active ftp patch is a must. Additionally, without his client-nat localhost/client-ip patch using OpenVPN would be prohibitively complex. We have been running 3000 devices since Feb 2015 with no issues. Please also consider this a pre-testing report. Marvin Signed-off-by: Rafael Gava de Oliveira <rafael.olive...@venturus.org.br> Acked by: Marvin Adeff <marvin.ad...@toshiba.com> >Hi JJK, > >"client-ip" instead of "localhost" sounds good to me. > >BR > >Gava > >On Wed, Aug 26, 2015 at 10:01 AM, Jan Just Keijser <janjust@...> >wrote: > >> Hi, >> >> Rafael Gava wrote: >> >>> >>> this is my first submission to the list and I hope that I'm doing in the >>> right way. :-) >>> >>> >>> Well, the features added to Network Address Translator are: >>> >>> 1) Allow the user to use the string "localhost" on the client-nat network >>> configuration in a way that is not necessary to inform the IP address >>> beforehand. Openvpn will set the dynamic received IP from DHCP. Example: >>> >>> client-nat snat localhost 255.255.255.255 172.20.1.15 # replaces the >>> 'localhost' string with the DHCP address received from openvpn server. >>> >>> I understand the idea behind it but it would be a NACK from me on the >> string "localhost" - to me, localhost is 127.0.0.1 or ::1, not the DHCP-IP >> ; perhaps use something like "client-ip" ? >> >> >> 2) Allow the user to enable the FTP NAT support through the >>> --enable-nat-ftp-support option. This is useful for systems that don't have >>> conntrack-tools support, for example on Windows systems. On windows this >>> feature is enabled by default. >>> >>> enable-nat-ftp-support (yes | no) >>> >>> sounds like a useful feature to me. >> >> >> JJK
