On Thu, 2015-05-07 at 08:49 +0200, Horv?th Szabolcs wrote: > > Short feedback for anyone else who might have found this post: instead > of rebuilding Openconnect on Windows, we ended up changing the VPN > netmask to /27. > It works like a charm. > > Looks like Windows TAP driver from OpenVPN has issues with /32 netmask. Yes. This is a limitation of Windows really, since a network device driver needs to pretend to be Ethernet ? the TAP driver itself is *faking* ARP and Neighbour Discovery and pretending to be the 'router' on the faked Ethernet subnet. I'd like to test a /31 subnet, which isn't big enough to be real Ethernet ? it only gives you the network address and the broadcast address, without any actual stations. But if it works in Windows then that's probably what we should do. The client takes one address, and we use the other for the "router". It does mean that we are forced to route the second address to the VPN, while with a /32 netmask we *shouldn't* have been. But that's probably the best we can do. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150507/718ca090/attachment.bin>
