OpenVPN option "Address Pool" seems to do nothing



  • Hi

    I'm setting up a vpn server and while doing some tests, I found that the option "Address Pool" does nothing (the checkbox on the server configuration page). Does anyone know what it really does?

    I know what it is supposed to do, I understand that, but when I look at the generated config file, there is no difference when it's turned on or not. And the practical result is the same, it allways gives ip (like it's turned on, even when off).

    Thanks



  • I tried turning it on and off myself, with no difference to the OpenVPN servern.conf file. The setting is saved in config.xml as "pool_enable". I searched the source code on my system, and the only references to "pool_enable" are in the GUI setting and clearing. No code seems to actually use it for real.
    Does anyone know the history of this?



  • What it should do (i think) is issue or not issue the "ifconfig-pool net/mask" option in the config file (if you follow the logic). But, I found the following, from my observations:

    • if you try to use "ifconfig-pool" in the advanced options, you get an error (in the logs) saying that you cannot use ifconfig-pool and "server" at the same time, because "server" already creates a pool for you. Indeed there's a "server" option in the config.
    • the server option is not very flexible because it is kind of a ifconfig + ifconfig-pool in the same option, and the server takes the 1st address and all the rest of the entire range is reserved for the pool. I like to issue a ifconfig-pool where I use only a portion of the range, leaving another portion to static IPs in the client overrides.
    • from googling, it seems that in the old days there was a configuration text filed where you would indicate the range for dinamic assignation (just what I expected) and that would issue a separate ifconfig-pool config option (or not). I was then changed to, when on  (presumably) issue a server command taking all the range and (presumably) when off, switching that command back to a normal/simple ifconfig (which I would be happy with because it would allow me to issue a ifconfig-pool in the advanced options).

    In the current state it seems useless. But maybe I'm missing something.


Log in to reply