Opened 3 months ago

Last modified 2 months ago

#1437 new Bug / Defect

Documentation for --client-nat is wrong

Reported by: flichtenheld Owned by:
Priority: major Milestone:
Component: Documentation Version: OpenVPN 2.5.0 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc: tct

Description

When the man page was converted to rst (commit f500c49c8e0a77ce665b11f6adbea4029cf3b85f) for some reason the documentation for --client-nat was changed and is now wrong.

Before:

.B \-\-client\-nat snat|dnat network netmask alias
This pushable client option sets up a stateless one\-to\-one NAT
rule on packet addresses (not ports), and is useful in cases
where routes or ifconfig settings pushed to the client would
create an IP numbering conflict.

.B network/netmask
(for example 192.168.0.0/255.255.0.0)
defines the local view of a resource from the client perspective, while
.B alias/netmask
(for example 10.64.0.0/255.255.0.0)
defines the remote view from the server perspective.

After:

--client-nat args

This pushable client option sets up a stateless one-to-one NAT rule on
packet addresses (not ports), and is useful in cases where routes or
ifconfig settings pushed to the client would create an IP numbering
conflict.

Examples:
::

client-nat snat 192.168.0.0/255.255.0.0
client-nat dnat 10.64.0.0/255.255.0.0

network/netmask (for example 192.168.0.0/255.255.0.0) defines
the local view of a resource from the client perspective, while
alias/netmask (for example 10.64.0.0/255.255.0.0) defines the
remote view from the server perspective.

Which is obviously not the same. And the examples just seem to be wrong.
Found while looking into https://github.com/OpenVPN/openvpn/pull/86

Change History (1)

comment:1 Changed 2 months ago by tct

Cc: tct added
Note: See TracTickets for help on using tickets.