Tag: patch
Here is an improved patch that only touches the proc files associated
with the tun device after the daemon was launched as the tun can be
dynamically created.
--- openvpn.orig 2012-01-30 11:13:09.993833020 -0500
+++ openvpn 2012-01-30 11:13:22.017832758 -0500
@@ -70,6 +70,19 @@
$DAEMONARG $STATUSARG --cd $CONFIG_DIR \
--config $CONFIG_DIR/$NAME.conf $script_security < /dev/null || STATUS=1
fi
+
+ # tun using the "subnet" topology confuses the routing code that wrongly
+ # emits ICMP redirects for client to client communications
+ TUN_DEVNAME=$(sed -n 's/^[[:space:]]*dev[[:space:]]*\(tun.*\)$/\1/p' $CONFIG_DIR/$NAME.conf)
+ if test -n "$TUN_DEVNAME" && grep -q '^[[:space:]]*topology[[:space:]]*subnet' $CONFIG_DIR/$NAME.conf; then
+ # When using "client-to-client", OpenVPN routes the traffic itself without
+ # involving the TUN/TAP interface so no ICMP redirects are sent
+ if ! grep -q '^[[:space:]]*client-to-client' $CONFIG_DIR/$NAME.conf ; then
+ echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
+ echo 0 > /proc/sys/net/ipv4/conf/$TUN_DEVNAME/send_redirects
+ fi
+ fi
+
log_end_msg $STATUS
}
stop_vpn () {
