[PATCH -ocserv 4/5] Use distinct remote and local IPs when explicit_ipv[46] is specified

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2015-02-11 at 10:22 +0100, Nikos Mavrogiannopoulos wrote:
> On Tue, Feb 10, 2015 at 11:10 AM, Nikos Mavrogiannopoulos
> <nmav at gnutls.org> wrote:
> > That would have to require additional configuration options. Thus,
> > I've now applied Kevin's patch, and if addresses that are not
> managed
> > by ocserv (i.e., explicit) are used, then only odd address will be
> > accepted and the next even will be used as the local address.
> 
> Thinking of it again, would we have any problem if we always use the
> first address of the setup network as our local address? That is use
> 192.168.1.0 (when our network is 192.168.1.0/255.255.255.0). 

I'm not entirely familiar with RADIUS but isn't the point that you are
delegating IP assignment to the RADIUS server. You can't just *steal* IP
addresses which might actually belong to someone else, can you?

> That would simplify quite a lot the current assignment process and
> free us from reserving two IPs per connection.

Does it really have to be two IPs per connection? Can't you just assign
*yourself* a single IP at startup, and use that as the local address? Or
do IP assignments have to be attributed to a specific user... and in
that case might the RADIUS server be configured to refuse to allocate
more than one at a time?

-- 
dwmw2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150211/b4d7e9da/attachment.bin>


[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux