Hi, OpenVPN history confuses me :-) - right now, I am wondering about the following:
- if we call ifconfig to set up the tun device, and that fails, we
consider it a hard error (openvpn_exec_check(..., S_FATAL, ...) and
terminate
- if we then proceed to set up routing, and *that* fails, we just ignore
the result (we do take notice that we couldn't add a route, so we don't
try to remove it later on - but we do not actually fail)
in some situations, this behaviour is causing problems...
Typical example is windows when not running the gui with admin privileges.
Interface config is done by ioctl()->DHCP (which we do have access rights
to...), route add silently fails, VPN is "incomplete". Another example is
trac #563, which after quite a bit of discussion seems to boil down to
"a previous instance of something left around a route to the /28 subnet
that should have pointed to tun1, but instead it pointed to lo0, causing
loops and non-working VPN"...
So, we have good reasons to *not* do it that way, but I'm missing a reason
why this is so...?
Shall we change it in 2.4 to make route add failures S_FATAL?
By default? Or add an option to turn it back into a soft-fail in case
someone knows what they ar doing?
(At least for the FreeBSD "TOP_SUBNET" local route, I'm definitely going
to make that connected route fatal as it will totally not work otherwise)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpJ6tn0SWff6.pgp
Description: PGP signature
