[Vpn-help] Build that could use some testing ...

Peter Eisch peter at boku.net
Thu Sep 14 06:43:08 CDT 2006


On 9/14/06 12:15 AM, "Matthew Grooms" <mgrooms at shrew.net> wrote:

In:

> http://www.shrew.net/vpn/changelog.php?ver=1.1-beta-4

Notes:

> Add a workaround for gateways that support INTERNAL_IP4_ADDRESS but not
> INTERNAL_IP4_NETMASK modecfg attributes. If we are offered an address
> but not a netmask, cross our fingers and default to a class c subnet
> mask. 

Why assume a /24?  I'd suggest assuming a /32 -- especially if a mask isn't
provided.  If this were a server to server connection I could see a wider
mask.  Given that the typical usage is host to server I'd select as narrow
mask as possible.

peter




More information about the vpn-help mailing list