From: chantra <ch...@de...> - 2010-07-30 09:43:21
|
> >> 3) Add a flag to the PUSH_REPLY list indicating if it is immutable I cooked up a patch that would do that: https://community.openvpn.net/openvpn/attachment/ticket/29/0001-Make-some-push-options-not-resetable-by-ccd-config.patch Make some push options not resetable by ccd config Fixes bug ticket 29 <https://community.openvpn.net/openvpn/ticket/29> When client configuration has a 'push-reset' option, non-immutable global options will not be pushed to client. Only options added after the *last* push-reset will be set immutable. This way, if push-reset is given in ccd files and plugin returned list, only the configuration options from the plugin will be set immutable. I tried the following scenarios (in topology subnet): client with no ccd file and no options returned by connect_v2 plugin call -> OK client with push-reset in ccd file and push reset in connect_v2 plugin call -> OK (only connect_v2 options are pushed to client) client with push-reset in ccd file and no push-reset in connect_v2 plugin call -> OK (only got options from ccd file and connect_v2) client with ccd file and options returned by connect_v2 plugin call (no push-reset in either case) -> OK (got global config + ccd file config + connect_v2 config) I am not really happy with all those last_option = mi->context.options.push_list.tail; ... if (mi->context.options.push_reset){} But this is the only way I can think off in order to make sure that the latest push-reset will take precedence. Any comments are welcome. Tks chantra -- http://www.debuntu.org |