[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-devel] [PATCH] Stick routes to interfaces for Linux


  • Subject: Re: [Openvpn-devel] [PATCH] Stick routes to interfaces for Linux
  • From: Petre Rodan <kaiowas@xxxxxxxxxx>
  • Date: Mon, 17 Apr 2006 20:22:28 +0300

hi,

On Thu, Apr 13, 2006 at 11:40:07PM +0100, Roy Marples wrote:
> On Thursday 13 April 2006 22:01, Roy Marples wrote:
> > On Thursday 13 April 2006 21:33, James Yonan wrote:
> > > Roy Marples wrote:
> > > > In some instances, Linux requires routes being stuck to interfaces
> > > > instead of floating. Mainly in virtual environments like Xen and Qemu.
> > > >
> > > > Attached is a patch that addresses this issue.
> > >
> > > What about the case where you don't want to associate a route with the
> > > tun/tap interface, such as when you're doing the routing dance to make
> > > --redirect-gateway work?
> >
> > Not too sure to be truthfull as I don't use that option. I prefer to have
> > both default routes separated by a metric instead. This works very well
> > when you have 3 interfaces, wired, wireless and vpn and they all provide
> > default routes. In this instance we need to give them metrics and tie them
> > to an interface using Linux.
> 
> Initial testing shows that it has no adverse effects. Of course, it's my patch 
> and I'm biased :P

I have the following on the server's setup:

push "route 10.0.0.0 255.255.255.0"
push "route 0.0.0.0 0.0.0.0"
push "redirect-gateway local"

this is intended so that the client would change his default gateway (even if one is not present at the time openvpn is started). it works with the unpatched beta14:

Apr 17 19:56:02 [openvpn] PUSH: Received control message: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,route 0.0.0.0 0.0.0.0,redirect-gateway local,route 10.0.2.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10
Apr 17 19:56:02 [openvpn] /sbin/ifconfig tun0 10.0.2.6 pointopoint 10.0.2.5 mtu 1500
Apr 17 19:56:02 [openvpn] NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Apr 17 19:56:02 [openvpn] /sbin/route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.2.5
Apr 17 19:56:02 [openvpn] /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.0.2.5
Apr 17 19:56:02 [openvpn] /sbin/route add -net 10.0.2.0 netmask 255.255.255.0 gw 10.0.2.5

# route -n
[..]
0.0.0.0         10.0.2.5        0.0.0.0         UG    0      0        0 tun0

but with a patched beta14 version, I end up having 2 default gateways:

Apr 17 20:02:10 [openvpn] PUSH: Received control message: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,route 0.0.0.0 0.0.0.0,redirect-gateway local,route 10.0.2.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.0.2.6 10.0.2.5'
Apr 17 20:02:10 [openvpn] /sbin/ifconfig tun0 10.0.2.6 pointopoint 10.0.2.5 mtu 1500
Apr 17 20:02:10 [openvpn] /sbin/route del -net 0.0.0.0 netmask 0.0.0.0 dev tun0
Apr 17 20:02:10 [openvpn] ERROR: Linux route delete command failed: shell command exited with error status: 7
Apr 17 20:02:10 [openvpn] /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.0.2.5 dev tun0
Apr 17 20:02:10 [openvpn] /sbin/route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.2.5 dev tun0
Apr 17 20:02:10 [openvpn] /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.0.2.5 dev tun0
Apr 17 20:02:10 [openvpn] ERROR: Linux route add command failed: shell command exited with error status: 7
Apr 17 20:02:10 [openvpn] /sbin/route add -net 10.0.2.0 netmask 255.255.255.0 gw 10.0.2.5 dev tun0

# route -n
[..]
0.0.0.0         10.0.2.5        0.0.0.0         UG    0      0        0 tun0
0.0.0.0         10.0.1.1        0.0.0.0         UG    0      0        0 wlan0

it basically fails to remove my old default gateway.

should I use a different push mechanism?

> Maybe someone else could test and chip in? Or enable it by default in the next 
> beta and see what breaks if anything. The patch is trivial and could easily 
> be removed in any case.
> 
> Thanks
> 
> -- 
> Roy Marples <uberlord@xxxxxxxxxx>
> Gentoo Linux Developer
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
=121642
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
> 

cheers,
peter

-- 
petre rodan
<kaiowas@xxxxxxxxxx>
Developer,
Hardened Gentoo Linux 

Attachment: pgpGriRI3Bb00.pgp
Description: PGP signature