On Tue, 2015-11-17 at 10:19 +0700, Niels Peen wrote: > > I would prefer a more generic approach where missing variables > (routes+DNS) are made available to the connect/disconnect scripts. > > To support the specific scenario you describe you could include > sample connect/disconnect scripts. It would be a good idea to also add these variables to the connect/disconnect scripts, but these scripts are for the local administrator to modify. I was thinking of making the firewall rule application a standard option of ocserv, and that would have to be through a separate script which is not intended to be modified by the administrator. Which other use cases did you have in mind that couldn't be handled by the default rules that I described? regards, Nikos
