Re: [Openvpn-devel] [RFC] - (ticket #29) - Fix for --push-reset resetting --topology and --route-gateway

[chantra <ch...@de...>]

> >> 3) Add a flag to the PUSH_REPLY list indicating if it is immutable

I cooked up a patch that would do that:
https://community.openvpn.net/openvpn/attachment/ticket/29/0001-Make-some-push-options-not-resetable-by-ccd-config.patch


        Make some push options not resetable by ccd config
        
        Fixes bug ticket 29
        <https://community.openvpn.net/openvpn/ticket/29>
        
        When client configuration has a 'push-reset' option,
        non-immutable global options will not be pushed to client.
        
        Only options added after the *last* push-reset will be set
        immutable.
        
        This way, if push-reset is given in ccd files and plugin
        returned list, only the configuration options from the plugin
        will be set immutable.


I tried the following scenarios (in topology subnet):
client with no ccd file and no options returned by connect_v2 plugin
call -> OK
client with push-reset in ccd file and push reset in connect_v2 plugin
call -> OK (only connect_v2 options are pushed to client)
client with push-reset in ccd file and no push-reset in connect_v2
plugin call -> OK (only got options from ccd file and connect_v2)
client with ccd file and options returned by connect_v2 plugin call (no
push-reset in either case) -> OK (got global config + ccd file config +
connect_v2 config)

I am not really happy with all those 
last_option = mi->context.options.push_list.tail;
...
if (mi->context.options.push_reset){}

But this is the only way I can think off in order to make sure that the
latest push-reset will take precedence.

Any comments are welcome.

Tks

chantra

-- 
http://www.debuntu.org