Menu
▾
▴
[Openvpn-devel] [PATCH applied] Re: Install host routes for out-of-subnet ifconfig-push addresses when DCO is enabled
|
From: Gert D. <ge...@gr...> - 2025-10-29 07:53:14
|
Thanks for the midnight fix, just in time for 2.7_rc1 ;-)
So this has been a bit of a journey with the patch running up to v14...
getting bits and pieces right across the 3 potentially affected platforms
(Linux and FreeBSD need this, Windows has DCO but must not have this)
and IPv4/IPv6 is quite a few small snippets all over the place.
I have tested this on FreeBSD with DCO, with a client-connect script that
can setup ifconfig-push/ifconfig-ipv6-push/iroute/iroute-ipv6 controlled
from the client ("setenv UV_WANT_IP ...") and t_client.rc instances that
request IPv4/IPv6 addresses "outside the server subnet", verify that they
receive what they asked for, and then run pings to see if traffic actually
comes back. This worked already in v11.
v11->v13->v14 was basically ensuring that we only install these routes
when we really need them (v11 installed the route "always!" for IPv6 due
to checking the wrong variable, v13 always tried to *delete* the route
for IPv4 due to missing htonl() in one of the calls). In v14 we now
have exactly what we want - routes get only installed when needed, and
are only deleted when installed.
There might be dragons lurking here with clients reconnecting and
learn/unlearn-address getting confused. I ran my tests with EEN on the
client side to ensure the server always has a well-defined state.
I have also reworded the commit message a bit :-)
Your patch has been applied to the master branch.
commit f938d991a8222bb3304865f2cd7b368d7f8a9224
Author: Arne Schwabe
Date: Wed Oct 29 08:06:56 2025 +0100
Install host routes for out-of-subnet ifconfig-push addresses when DCO is enabled
Signed-off-by: Arne Schwabe <ar...@rf...>
Acked-by: Gert Doering <ge...@gr...>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1192
Message-Id: <202...@gr...>
URL: https://www.mail-archive.com/ope...@li.../msg33991.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
