Re: [Openvpn-devel] Problem with --route-method exe and --redirect-gateway

[Mathias S. <ma...@ni...>]

On Sat, 22 Jan 2005, James Yonan wrote:

> On Fri, 21 Jan 2005, Mathias Sundman wrote:
>
>> On Fri, 21 Jan 2005, Mathias Sundman wrote:
>>
>>> Just because someone reported about problems with route additions via IPAPI
>>> when using PPP or PPPoE adapters the other day, one of my users reported the
>>> same problem to me today. I'll try to reproduce it on my computer later to
>>> night, so we can get to the bottom with that problem.
>>>
>>> While thoubleshouting that problem, I switched to --route-method exe, but
>>> found another problem!
>>>
>>> I would call it bug in Windows route.exe rather than in OpenVPN. The problem
>>> is that when using --redirect-gateway def1, and disconnecting, OpenVPN
>>> executes the command:
>>>
>>> ROUTE DELETE 0.0.0.0 MASK 128.0.0.0
>>>
>>> The problem is that route.exe deletes both the 0.0.0.0/1, AND the real
>>> 0.0.0.0/0 route, regardless if the MASK option is used or not.
>>>
>>> I double MS will fix this, so I think we need to work around this.
>>>
>>> I can see two solutions:
>>>
>>> 1) Re-add the old default gw, like we do when not using the def1 parameter.
>>>
>>> 2) Also specify the gateway parameter on the route delete cmd. This causes
>>> route.exe only to delete the correct route.
>>
>> Here's a small patch that does the trick for me:
>>
>> $ diff -u route.c.orig route.c
>> --- route.c.orig        Sun Jan  9 18:46:28 2005
>> +++ route.c     Fri Jan 21 21:12:22 2005
>> @@ -820,8 +820,10 @@
>>
>>   #elif defined (WIN32)
>>
>> -  buf_printf (&buf, ROUTE_PATH " DELETE %s",
>> -             network);
>> +  buf_printf (&buf, ROUTE_PATH " DELETE %s MASK %s %s",
>> +             network,
>> +              netmask,
>> +              gateway);
>>
>>     msg (D_ROUTE, "%s", BSTR (&buf));
>
> This is good, though we need to be sure that this will consistently work
> for different kinds of routes.
>
> The dwForwardType fix for the IP helper API + RRAS problem shows that
> there's a certain amount of hidden complexity in the Windows routing
> engine that can potentially break things if it's not fully understood.

Yes, you're right.

I've done the following tests now on WinXP SP2 without any problems:

HOST routes (255.255.255.255)
NETWORK routes (about 10 diffrent subnet masks)
--redirect-gateway
--redirect-gateway def1
routes to the old default gateway

I've done all tests on both ethernet and PPP adapters.

/Mathias