From 0481d9374f6aa940002ad71eaea8f98c057fc491 Mon Sep 17 00:00:00 2001 From: Ralf Lici Date: Mon, 9 Mar 2026 14:05:40 +0100 Subject: [PATCH] doc: fix client-nat syntax and examples The client-nat documentation uses an incorrect command form and incomplete examples. Document the actual syntax accepted by openvpn: client-nat snat|dnat network netmask alias Update examples to include all required arguments and rewrite the explanatory text to describe 'network', 'netmask', and 'alias' separately. Documentation-only change; no behavior change. Change-Id: I89f0aa9a23915c7783ae03793080ee989a437208 Signed-off-by: Ralf Lici Acked-by: Frank Lichtenheld Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1560 Message-Id: <20260309130546.7735-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35966.html Signed-off-by: Gert Doering (cherry picked from commit 60986ae5337f2501d088f3a9c919799f9fce7355) --- doc/man-sections/client-options.rst | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst index 8a625901..e2152750 100644 --- a/doc/man-sections/client-options.rst +++ b/doc/man-sections/client-options.rst @@ -132,16 +132,21 @@ configuration. ifconfig settings pushed to the client would create an IP numbering conflict. + Valid syntax: + :: + + client-nat snat|dnat network netmask alias + Examples: :: - client-nat snat 192.168.0.0/255.255.0.0 - client-nat dnat 10.64.0.0/255.255.0.0 + client-nat snat 192.168.0.0 255.255.0.0 10.64.0.0 + client-nat dnat 10.64.0.0 255.255.0.0 192.168.0.0 - ``network/netmask`` (for example :code:`192.168.0.0/255.255.0.0`) defines - the local view of a resource from the client perspective, while - ``alias/netmask`` (for example :code:`10.64.0.0/255.255.0.0`) defines the - remote view from the server perspective. + ``network`` and ``netmask`` (for example :code:`192.168.0.0 + 255.255.0.0`) define the local view of a resource from the client + perspective, while ``alias`` (for example :code:`10.64.0.0`) defines the + remote view from the server perspective using the same netmask. Use :code:`snat` (source NAT) for resources owned by the client and :code:`dnat` (destination NAT) for remote resources.