Hi, As far as i know -netmask doesn't work anymore. We need to add the netbits tot the network adres like openvpn is doing with ipv6.
Best regards, Sander van Kranenburg -----Oorspronkelijk bericht----- Van: Stuart Henderson [mailto:s...@spacehopper.org] Verzonden: dinsdag 13 september 2016 21:22 Aan: Sander van Kranenburg <san...@vkranenburg.nl> CC: ports@openbsd.org Onderwerp: Re: openvpn broken caused by a change in route add and delete On 2016/09/13 19:19, Sander van Kranenburg wrote: > Hi, > > I'm sorry the logs are the old ones with the problem. Yes, I understood that. But they don't have "delete ... -netmask" which makes it look like it's not even using the codepath you modified for the delete case? > This is from my current log with the patch applied. > > Sun Sep 11 23:07:18 2016 /sbin/route add -host 109.201.137.162 > 192.168.2.1 add host 109.201.137.162: gateway 192.168.2.1 Sun Sep 11 > 23:07:18 2016 /sbin/route delete -net 0.0.0.0/0 192.168.2.1 delete net > 0.0.0.0/0: gateway 192.168.2.1 Sun Sep 11 23:07:18 2016 /sbin/route > add -net 0.0.0.0/0 10.10.10.157 add net 0.0.0.0/0: gateway > 10.10.10.157 Sun Sep 11 23:07:18 2016 /sbin/route add -host 10.10.10.1 > 10.10.10.157 add host 10.10.10.1: gateway 10.10.10.157 > > Best regards, > > Sander van Kranenburg > > -----Oorspronkelijk bericht----- > Van: Stuart Henderson [mailto:s...@spacehopper.org] > Verzonden: dinsdag 13 september 2016 21:13 > Aan: Sander van Kranenburg <san...@vkranenburg.nl> > CC: ports@openbsd.org > Onderwerp: Re: openvpn broken caused by a change in route add and > delete > > On 2016/09/11 18:20, Sander van Kranenburg wrote: > > Hi, > > > > In openbsd 6.0 is the openvpn package is broken because the route add and > > delete commands are different from 5.9 and before. > > > > Mon Sep 5 13:27:46 2016 /sbin/route delete -net 0.0.0.0 192.168.2.1 > > delete net 0.0.0.0: gateway 192.168.2.1: not in table Mon Sep 5 > > 13:27:46 2016 ERROR: OpenBSD/NetBSD route delete command failed: > > external program exited with error status: 1 Mon Sep 5 13:27:46 > > 2016 /sbin/route add -net 0.0.0.0 10.10.10.237 -netmask 0.0.0.0 add > > net > > 0.0.0.0: gateway 10.10.10.237: File exists > > > > I have created a patch for version 2.3.12 see attachment. > > It wouldn't surprise me about possible OpenVPN problems due to changes > to the routing code in OpenBSD, but I'm confused as to how this would > fix it, it's just changing commands like > > route (delete|add) -net $foo $gateway -netmask $mask > > to > > route (delete|add) $foo/$prefix $gateway > > and I'm not aware of any changes (certainly not intentional ones) that would > necessitate this. Also the lines you are patching include "-netmask" but that > isn't showing in your log output at all for the "route delete" line..? > > > --- route.c Tue Aug 23 16:16:22 2016 > > +++ /root/route.c Sun Sep 11 18:17:43 2016 > > @@ -1501,10 +1501,19 @@ > > argv_printf_cat (&argv, "-rtt %d", r->metric); #endif > > > > - argv_printf_cat (&argv, "-net %s %s -netmask %s", > > +if( count_netmask_bits(netmask) < 32) > > + { > > + argv_printf_cat (&argv, "-net %s/%d %s", > > network, > > - gateway, > > - netmask); > > + count_netmask_bits(netmask), > > + gateway); > > +} > > +else > > +{ > > + argv_printf_cat (&argv, "-host %s %s", > > + network, > > + gateway); > > +} > > > > /* FIXME -- add on-link support for OpenBSD/NetBSD */ > > > > @@ -1880,11 +1889,21 @@ > > > > #elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) > > > > - argv_printf (&argv, "%s delete -net %s %s -netmask %s", > > +if (count_netmask_bits(netmask) < 32) > > + { > > + argv_printf (&argv, "%s delete -net %s/%d %s", > > ROUTE_PATH, > > network, > > - gateway, > > - netmask); > > + count_netmask_bits(netmask), > > + gateway); > > + } > > +else > > + { > > + argv_printf (&argv, "%s delete -host %s %s", > > + ROUTE_PATH, > > + network, > > + gateway); > > + } > > > > argv_msg (D_ROUTE, &argv); > > openvpn_execve_check (&argv, es, 0, "ERROR: OpenBSD/NetBSD route > > delete command failed");
