On Mon, Feb 9, 2015 at 3:38 PM, Kevin Cernekee <cernekee at gmail.com> wrote: >>> So instead we'll set LIP = RIP + 1. This isn't terribly intuitive (an >>> administrator might try to number consecutive users 192.168.1.1, 192.168.1.2, >>> 192.168.1.3, ...) but it's better than the current situation. Maybe at some >>> point, fixed IPs should also make use of the hash table. >> The original approach is nasty, but setting LIP=RIP+1 is pretty much >> nastier. The single IP approach was used mainly for radius where the >> server will certainly will not know about the LIP=RIP+1 convention, >> and there will be very hard to track bugs. I think that leaving it >> like that is better than the alternative... > When LIP=RIP I am not able to pass any traffic at all. > Is this actually working correctly for RADIUS users? Maybe I am > missing something obvious... To be honest I haven't tried it. I knew however, that openconnect does use the same IP as well on the tun device for both the local and the P-t-P one. I'll have to check it further, but that will not be very soon. If there are any nice ideas to overcome that they are welcome. regards, Nikos
