From patchwork Fri Dec 1 11:20:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 3495 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7301:d588:b0:fb:b703:d903 with SMTP id ev8csp265259dyc; Fri, 1 Dec 2023 03:21:11 -0800 (PST) X-Google-Smtp-Source: AGHT+IEN6Qs2J3f7lVXnsOWvBMYQ7keq/pZq91j0BUml9uNAVLaCF2vaIkM2ezu3Xw4LWVnhG6zf X-Received: by 2002:a05:6a20:5482:b0:18d:4821:f785 with SMTP id i2-20020a056a20548200b0018d4821f785mr4217486pzk.4.1701429671416; Fri, 01 Dec 2023 03:21:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701429671; cv=none; d=google.com; s=arc-20160816; b=ZQtapvqOM3wds+w3rNyRbOexkU6gVA63HBXBzV237QKSlHbGOzLLVQy6qalXzSCxBO STSGgZChD3BB+HvAYdaSOjBEs07g0p77zNAajQ/8DNyHZExNlP/uFUjPJvKYgJHUxboD 6Rw/erSiCORQbWW4zhU0yVBQVSobHnWqotW08rlTpX9npW7bT2jYX989+CamUGARUV5W 6oufosHn8DiFl6x1/ICeYi3I77CZnkXwAZRS2s3yOyVRAKnx7i9M8RbBXfypHGSPJ5Yg lZNi6HR8BnAPi+iddbX+Ku/ZaYF5FOwObi9XBIj1Q4T7nGo2JUpyAwYDPdDjIx5Lvxrp jLVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=epBgnlvkQWnnu9qSBrOVLSYQf1FuVDgK2F7+ynhDjX0=; fh=CfxSpwd5kfiMJoL3kcov7PTxVKT7pGe/79idnx9XlBs=; b=f9Z/9oy67bDkvm8HelrpZUUJFHNuHqpX7Uty5ZW12QzrHYBHlMMrB/Fn8oZ9kzNapi LYnQVTwIobx4+4GhSIK6pAeRrVwqh0la0HDCTl+58oMduROVYLKVlgYe/9uQ61Nnpu2F cRIGheuq/+dKNfTF1ZQYUDJn804OvKgRBZpkPV59x6wZRGt05FN1fDYN97uaA4W8ixMn JpgREM1pC9TioUlqTMkGXT8KIT0CCLyeOd0k2kdDC2vYpLdnfzanZNTgsUCsO6ZQ4JUW kS6NK7PyVl1U05TTqlOuNj+j7BZ8eUao8oWZNkUVyWpyWiAW+6aBREq2LzhIL7wnmvno B1Gw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=lKgW7nX7; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=mw6DsbLA; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=wFxNV0hK; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id w66-20020a636245000000b005c606792120si3354779pgb.107.2023.12.01.03.21.11 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 01 Dec 2023 03:21:11 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=lKgW7nX7; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=mw6DsbLA; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=wFxNV0hK; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1r91ZX-0001Eq-Eu; Fri, 01 Dec 2023 11:20:39 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1r91ZW-0001Eb-5e for openvpn-devel@lists.sourceforge.net; Fri, 01 Dec 2023 11:20:38 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=MdFQHNJItKRQK5A7geIYXkFDBrb+Pq2NwNoy7KQiqNQ=; b=lKgW7nX7Bg22BiODjsUba5424z 0M2qKdmF4KyxolRIT0Mf2nUwSbBg7ncmuWHxSIA22kgNgobERh4MHM+xC6YLDSuMgQwOfjK2c4ndu TI7BisA7/UOPfffpIwyXOc0Uy7JxCPt9VXEfejE1VH2QHzvtgWkRYRF3YxzXwVLfEec4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=MdFQHNJItKRQK5A7geIYXkFDBrb+Pq2NwNoy7KQiqNQ=; b=mw6DsbLAEhKlVt6Rwx/QBBrtdj 1f16AVJULrloalxWincVCQUtjFrEgJQF0VoaWGZOGUzXKrx5te5rc1ur1ZomYgAHhWwYUsypi1Is8 e3JeXa0lsOw/wXDlYWEpAy1JgscCRJbewlhsWa8odb/CaSV0L9kDLUlZeoLhO4LOXqEg=; Received: from mout-p-201.mailbox.org ([80.241.56.171]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1r91ZV-0008Bu-7W for openvpn-devel@lists.sourceforge.net; Fri, 01 Dec 2023 11:20:38 +0000 Received: from smtp202.mailbox.org (smtp202.mailbox.org [IPv6:2001:67c:2050:b231:465::202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4ShVwR636pz9shV; Fri, 1 Dec 2023 12:20:23 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com; s=MBO0001; t=1701429623; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MdFQHNJItKRQK5A7geIYXkFDBrb+Pq2NwNoy7KQiqNQ=; b=wFxNV0hKeBUeji86lqfbacl4TPAW2RNI3kjwTNBCL75O+d81u/UQgpi50Y9gsURwH6HWBt oXFuIvVDcJCaR1YDaTHUyCriXZANs7VpGrey1t9OgXsVBqbsxJWrd5DSI2aP3VeuKY+kOh /pM999/FiP8chmWj3gPpvvWOYxY1KoMgfDNlJrJ7a3dzpXNNDMw+2q5JgfgN85xqN+yxQl uQ+kF1B1z+9WjZgdOrwMiucUszdu8fHq4m43cnukiHITBixLyHQWQ8xar7u4B1gRnzUKaz gx1+BxjMdZn8OBdXfTWggTjFHOUOgTcQV369ANtyNJTeToax+rPOvq0J7ferjw== From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Fri, 1 Dec 2023 12:20:22 +0100 Message-Id: <20231201112022.15337-1-frank@lichtenheld.com> In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Queue-Id: 4ShVwR636pz9shV X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Change-Id: Iede3e7c028cbb715e28bc88c7e583f84dadc02c8 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openvpn.net] -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.56.171 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 RCVD_IN_MSPIKE_H5 RBL: Excellent reputation (+5) [80.241.56.171 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 T_SCC_BODY_TEXT_LINE No description available. 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-Headers-End: 1r91ZV-0008Bu-7W Subject: [Openvpn-devel] [PATCH v2] Change default of "topology" to "subnet" X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Arne Schwabe Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1784078319130910655?= X-GMAIL-MSGID: =?utf-8?q?1784078319130910655?= Change-Id: Iede3e7c028cbb715e28bc88c7e583f84dadc02c8 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/421 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe diff --git a/Changes.rst b/Changes.rst index 3676dce..3132c84 100644 --- a/Changes.rst +++ b/Changes.rst @@ -10,6 +10,15 @@ ``--allow-deprecated-insecure-static-crypto`` but will be removed in OpenVPN 2.8. +Default for ``--topology`` changed to ``subnet`` + Previous releases used ``net30`` as default. This only affects + configs with ``--dev tun`` and only IPv4. Note that this + changes the semantics of ``--ifconfig``, so if you have manual + settings for that in your config but not set ``--topology`` + your config might fail to parse with the new version. Just adding + ``--topology net30`` to the config should fix the problem. + By default ``--topology`` is pushed from server to client. + Overview of changes in 2.6 ========================== diff --git a/doc/man-sections/vpn-network-options.rst b/doc/man-sections/vpn-network-options.rst index 3fa3ccf..251529f 100644 --- a/doc/man-sections/vpn-network-options.rst +++ b/doc/man-sections/vpn-network-options.rst @@ -495,11 +495,17 @@ ``mode`` can be one of: + :code:`subnet` + Use a subnet rather than a point-to-point topology by + configuring the tun interface with a local IP address and subnet mask, + similar to the topology used in ``--dev tap`` and ethernet bridging + mode. This mode allocates a single IP address per connecting client and + works on Windows as well. This is the default. + :code:`net30` Use a point-to-point topology, by allocating one /30 subnet per client. This is designed to allow point-to-point semantics when some - or all of the connecting clients might be Windows systems. This is the - default. + or all of the connecting clients might be Windows systems. :code:`p2p` Use a point-to-point topology where the remote endpoint of @@ -508,15 +514,8 @@ connecting client. Only use when none of the connecting clients are Windows systems. - :code:`subnet` - Use a subnet rather than a point-to-point topology by - configuring the tun interface with a local IP address and subnet mask, - similar to the topology used in ``--dev tap`` and ethernet bridging - mode. This mode allocates a single IP address per connecting client and - works on Windows as well. - *Note:* Using ``--topology subnet`` changes the interpretation of the - arguments of ``--ifconfig`` to mean "address netmask", no longer "local + arguments of ``--ifconfig`` to mean "address netmask", and not "local remote". --tun-mtu args diff --git a/src/openvpn/options.c b/src/openvpn/options.c index d238269..764ca7b 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -800,7 +800,7 @@ o->gc_owned = true; } o->mode = MODE_POINT_TO_POINT; - o->topology = TOP_NET30; + o->topology = TOP_SUBNET; o->ce.proto = PROTO_UDP; o->ce.af = AF_UNSPEC; o->ce.bind_ipv6_only = false;