On Wed, 2015-02-11 at 10:22 +0100, Nikos Mavrogiannopoulos wrote: > On Tue, Feb 10, 2015 at 11:10 AM, Nikos Mavrogiannopoulos > <nmav at gnutls.org> wrote: > > That would have to require additional configuration options. Thus, > > I've now applied Kevin's patch, and if addresses that are not > managed > > by ocserv (i.e., explicit) are used, then only odd address will be > > accepted and the next even will be used as the local address. > > Thinking of it again, would we have any problem if we always use the > first address of the setup network as our local address? That is use > 192.168.1.0 (when our network is 192.168.1.0/255.255.255.0). I'm not entirely familiar with RADIUS but isn't the point that you are delegating IP assignment to the RADIUS server. You can't just *steal* IP addresses which might actually belong to someone else, can you? > That would simplify quite a lot the current assignment process and > free us from reserving two IPs per connection. Does it really have to be two IPs per connection? Can't you just assign *yourself* a single IP at startup, and use that as the local address? Or do IP assignments have to be attributed to a specific user... and in that case might the RADIUS server be configured to refuse to allocate more than one at a time? -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150211/b4d7e9da/attachment.bin>