Mysterious "if" directive

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
slavatykva
OpenVpn Newbie
Posts: 1
Joined: Fri Aug 26, 2022 6:38 pm

Mysterious "if" directive

Post by slavatykva » Fri Aug 26, 2022 7:02 pm

In the manual for openvpn(8), section “Server Options”, the `server` directive is explained as working à la this snippet:

Code: Select all

mode server
tls-server
push "topology [topology]"

if dev tun AND (topology == net30 OR topology == p2p):
  ifconfig 10.8.0.1 10.8.0.2
    if !nopool:
      ifconfig-pool 10.8.0.4 10.8.0.251
    route 10.8.0.0 255.255.255.0
    if client-to-client:
      push "route 10.8.0.0 255.255.255.0"
    else if topology == net30:
      push "route 10.8.0.1"

if dev tap OR (dev tun AND topology == subnet):
  ifconfig 10.8.0.1 255.255.255.0
  if !nopool:
    ifconfig-pool 10.8.0.2 10.8.0.253 255.255.255.0
  push "route-gateway 10.8.0.1"
  if route-gateway unset:
    route-gateway 10.8.0.2
What caught me (and `oconf`, it doesn’t do indentation, so sorry) off-guard is the `if` keyword; nesting and conditional evalution in OpenVPN are the sort of things I’m not much surprised with, given the complexity of the software, but I soon found out that… I couldn’t exactly find much info on such powerful scripting capabilities of the config-files language. I looked through all the places in the source code I could, trying to even take a lot at past commits, until a hit a wall in the face of the supposedly dead SVN archive repo? (http://svn.openvpn.net/projects/openvpn)
My question is: is the code snippet from the manual partially pseudocode, or flow control is an actual supported feature with a documentation I can read somewhere?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Mysterious "if" directive

Post by TinCanTech » Fri Aug 26, 2022 8:31 pm

The configuration file does not support any scripting language.

That pseudo code is simply to explain how the C code behind Openvpn interprets the --server directive.

Post Reply