Last correction to the send_redirects patch.

Also added a note on the new init.d script behaviour regarding all.send_redirects.
author: Alberto Gonzalez Iniesta <agi@inittab.org> 2012-02-24 11:40:25 +0100
committer: Alberto Gonzalez Iniesta <agi@inittab.org> 2012-02-24 11:40:25 +0100
commit: b48955cc85b998e387c5de75ed60ce432993f2bb (patch)
tree: 7742641a545641a8df6c8feb2399b767528e3d29 /debian/README.Debian
parent: 2de855eb717babbd24adbe5ddf9781a8a91ee9cc (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/debian/README.Debian b/debian/README.Debian
index 1523586..592cdf9 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -10,6 +10,7 @@ In this file:
 - Out of memory issues
 - LDAP+TLS authentication runs into file exhaustion
 - Possible consequences of the 'chroot' option
+- Disabling all.send_redirects on tun + topology subnet setups
 
 
 openvpn for Debian
@@ -216,4 +217,14 @@ Create an additional "dev/log" socket in the jail by "-a" option to sysklogd or
 
 Kudos to him, for finding out and proposing a solution.
 
- -- Alberto Gonzalez Iniesta <agi@inittab.org>  Fri, 09 Jul 2010 12:46:30 +0200
+
+Disabling all.send_redirects on tun + topology subnet setups
+------------------------------------------------------------
+
+If any of your VPNs uses "dev tun" and "topology subnet" but does not use
+"client-to-client", OpenVPN's init.d script will disable all.send_redirects
+(set it to 0) to avoid sending ICMP redirects trough the tun interfaces (and
+confusing clients).
+
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org>  Fri, 24 Feb 2012 11:03:50 +0100
author	Alberto Gonzalez Iniesta <agi@inittab.org>	2012-02-24 11:40:25 +0100
committer	Alberto Gonzalez Iniesta <agi@inittab.org>	2012-02-24 11:40:25 +0100
commit	b48955cc85b998e387c5de75ed60ce432993f2bb (patch)
tree	7742641a545641a8df6c8feb2399b767528e3d29 /debian/README.Debian
parent	2de855eb717babbd24adbe5ddf9781a8a91ee9cc (diff)