diff --git a/Changes.rst b/Changes.rst index 54e59809..b2278aba 100644 --- a/Changes.rst +++ b/Changes.rst @@ -23,6 +23,15 @@ NTLMv1 authentication support for HTTP proxies has been removed. ``persist-key`` option has been enabled by default. All the keys will be kept in memory across restart. +Default for ``--topology`` changed to ``subnet`` + Previous releases used ``net30`` as default. This only affects + configs with ``--dev tun`` and only IPv4. Note that this + changes the semantics of ``--ifconfig``, so if you have manual + settings for that in your config but not set ``--topology`` + your config might fail to parse with the new version. Just adding + ``--topology net30`` to the config should fix the problem. + By default ``--topology`` is pushed from server to client. + Overview of changes in 2.6 ========================== diff --git a/doc/man-sections/vpn-network-options.rst b/doc/man-sections/vpn-network-options.rst index abe474f7..98b4971f 100644 --- a/doc/man-sections/vpn-network-options.rst +++ b/doc/man-sections/vpn-network-options.rst @@ -495,11 +495,17 @@ routing. ``mode`` can be one of: + :code:`subnet` + Use a subnet rather than a point-to-point topology by + configuring the tun interface with a local IP address and subnet mask, + similar to the topology used in ``--dev tap`` and ethernet bridging + mode. This mode allocates a single IP address per connecting client and + works on Windows as well. This is the default. + :code:`net30` Use a point-to-point topology, by allocating one /30 subnet per client. This is designed to allow point-to-point semantics when some - or all of the connecting clients might be Windows systems. This is the - default. + or all of the connecting clients might be Windows systems. :code:`p2p` Use a point-to-point topology where the remote endpoint of @@ -508,15 +514,8 @@ routing. connecting client. Only use when none of the connecting clients are Windows systems. - :code:`subnet` - Use a subnet rather than a point-to-point topology by - configuring the tun interface with a local IP address and subnet mask, - similar to the topology used in ``--dev tap`` and ethernet bridging - mode. This mode allocates a single IP address per connecting client and - works on Windows as well. - *Note:* Using ``--topology subnet`` changes the interpretation of the - arguments of ``--ifconfig`` to mean "address netmask", no longer "local + arguments of ``--ifconfig`` to mean "address netmask", and not "local remote". --tun-mtu args diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 768332d1..e2bfe0ea 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -796,7 +796,7 @@ init_options(struct options *o, const bool init_gc) o->gc_owned = true; } o->mode = MODE_POINT_TO_POINT; - o->topology = TOP_NET30; + o->topology = TOP_SUBNET; o->ce.proto = PROTO_UDP; o->ce.af = AF_UNSPEC; o->ce.bind_ipv6_only = false;