hi, On Thu, Apr 13, 2006 at 11:40:07PM +0100, Roy Marples wrote: > On Thursday 13 April 2006 22:01, Roy Marples wrote: > > On Thursday 13 April 2006 21:33, James Yonan wrote: > > > Roy Marples wrote: > > > > In some instances, Linux requires routes being stuck to interfaces > > > > instead of floating. Mainly in virtual environments like Xen and Qemu. > > > > > > > > Attached is a patch that addresses this issue. > > > > > > What about the case where you don't want to associate a route with the > > > tun/tap interface, such as when you're doing the routing dance to make > > > --redirect-gateway work? > > > > Not too sure to be truthfull as I don't use that option. I prefer to have > > both default routes separated by a metric instead. This works very well > > when you have 3 interfaces, wired, wireless and vpn and they all provide > > default routes. In this instance we need to give them metrics and tie them > > to an interface using Linux. > > Initial testing shows that it has no adverse effects. Of course, it's my > patch > and I'm biased :P
I have the following on the server's setup: push "route 10.0.0.0 255.255.255.0" push "route 0.0.0.0 0.0.0.0" push "redirect-gateway local" this is intended so that the client would change his default gateway (even if one is not present at the time openvpn is started). it works with the unpatched beta14: Apr 17 19:56:02 [openvpn] PUSH: Received control message: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,route 0.0.0.0 0.0.0.0,redirect-gateway local,route 10.0.2.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10 Apr 17 19:56:02 [openvpn] /sbin/ifconfig tun0 10.0.2.6 pointopoint 10.0.2.5 mtu 1500 Apr 17 19:56:02 [openvpn] NOTE: unable to redirect default gateway -- Cannot read current default gateway from system Apr 17 19:56:02 [openvpn] /sbin/route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.2.5 Apr 17 19:56:02 [openvpn] /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.0.2.5 Apr 17 19:56:02 [openvpn] /sbin/route add -net 10.0.2.0 netmask 255.255.255.0 gw 10.0.2.5 # route -n [..] 0.0.0.0 10.0.2.5 0.0.0.0 UG 0 0 0 tun0 but with a patched beta14 version, I end up having 2 default gateways: Apr 17 20:02:10 [openvpn] PUSH: Received control message: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,route 0.0.0.0 0.0.0.0,redirect-gateway local,route 10.0.2.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.0.2.6 10.0.2.5' Apr 17 20:02:10 [openvpn] /sbin/ifconfig tun0 10.0.2.6 pointopoint 10.0.2.5 mtu 1500 Apr 17 20:02:10 [openvpn] /sbin/route del -net 0.0.0.0 netmask 0.0.0.0 dev tun0 Apr 17 20:02:10 [openvpn] ERROR: Linux route delete command failed: shell command exited with error status: 7 Apr 17 20:02:10 [openvpn] /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.0.2.5 dev tun0 Apr 17 20:02:10 [openvpn] /sbin/route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.2.5 dev tun0 Apr 17 20:02:10 [openvpn] /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.0.2.5 dev tun0 Apr 17 20:02:10 [openvpn] ERROR: Linux route add command failed: shell command exited with error status: 7 Apr 17 20:02:10 [openvpn] /sbin/route add -net 10.0.2.0 netmask 255.255.255.0 gw 10.0.2.5 dev tun0 # route -n [..] 0.0.0.0 10.0.2.5 0.0.0.0 UG 0 0 0 tun0 0.0.0.0 10.0.1.1 0.0.0.0 UG 0 0 0 wlan0 it basically fails to remove my old default gateway. should I use a different push mechanism? > Maybe someone else could test and chip in? Or enable it by default in the > next > beta and see what breaks if anything. The patch is trivial and could easily > be removed in any case. > > Thanks > > -- > Roy Marples <uberl...@gentoo.org> > Gentoo Linux Developer > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live webcast > and join the prime developer group breaking into this new coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > cheers, peter -- petre rodan <kaio...@gentoo.org> Developer, Hardened Gentoo Linux
pgpxdRTynhDB_.pgp
Description: PGP signature
