Bug#808578: marked as done (openvpn client adds wrong routes and blackholes a big chunk of networks)

Mon, 30 Jul 2018 01:06:34 -0700 

Your message dated Mon, 30 Jul 2018 10:02:55 +0200
with message-id <[email protected]>
and subject line RE:  openvpn client adds wrong routes and blackholes a big 
chunk of networks
has caused the Debian Bug report #808578,
regarding openvpn client adds wrong routes and blackholes a big chunk of 
networks
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
808578: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808578
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: openvpn
Version: 2.3.4-5

Debian 8 Jessie amd64
I have a server and a client configured, the server is configured not to push a default route so that only the client adds a static route for the needed range but instead I get a route for a very big internet range which blackholes the entire 10.0.0.0/8 RFC1918 range. 

Don't know if this should go upstream so I'm hoping for some input here.

[root@box ~]# ifconfig tap0
tap0      Link encap:Ethernet  HWaddr e2:f3:f9:b6:d2:52
          inet addr:10.8.0.14  Bcast:255.255.255.254  Mask:252.0.0.0
          inet6 addr: fe80::e0f3:f9ff:feb6:d252/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:73 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:10518 (10.2 KiB)

[root@box ~]# ip route
default via 172.16.80.1 dev eth0
8.0.0.0/6 dev tap0  proto kernel  scope link  src 10.8.0.14
172.16.80.0/23 dev eth0  proto kernel  scope link  src 172.16.80.35
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1

Some times I also get a route with a even smaller net like 8.0.0.0/5
What i'm expecting is either a 10.8.0.0/24 route as configured on the server or no route at all for. 

The same happens even if I comment out route-nopull on the client.
If I were to guess this must be related to me turning of the default route directive in the server config. 

/etc/openvpn/server.conf
port 1194
proto tcp

dev tun

ca ca.crt
cert server.crt
key server.key

management localhost 7505

dh dh2048.pem
server 10.8.0.0 255.255.255.0

;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"

keepalive 10 120
comp-lzo

user nobody
group nogroup

max-clients 50
persist-key
persist-tun

;username-as-common-name
client-cert-not-required

script-security 3 system
auth-user-pass-verify /etc/openvpn/auth.py via-env

status openvpn-status.log
verb 5



/etc/openvpn/client.conf
client
remote x.x.x.x
port 1194
proto tcp
dev tap

ca ca.crt

route-nopull
comp-lzo

user nobody
group nogroup

persist-key
persist-tun

auth-user-pass login.txt

verb 5

Best regards
Tobias

--- End Message ---
--- Begin Message --- 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello,

thank you for spending your time helping to make Debian better with
this bug report.

You file this bug against a currently not longer supported release. And
we get no answer since Oct. 2017.
 
So I close this bug. If the bug still exists please file a new bug from
a supported release.

CU
Jörg
- -- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key        : 8CA1D25D
CAcert Key S/N : 0E:D4:56

Old pgp Key: BE581B6E (revoked since 2014-12-31).

Jörg Frings-Fürst
D-54470 Lieser


git:      https://jff.email/cgit/

Threema:  SYR8SJXB
Wire:     @joergfringsfuerst
Skype:    joergpenguin
Ring:     jff
Telegram: @joergfringsfuerst


My wish list: 
 - Please send me a picture from the nature at your home.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEY+AHX8jUOrs1qzDuCfifPIyh0l0FAltexi8ACgkQCfifPIyh
0l3OFg/+I61c3oU+FOp2wQWJhe0EC9Jbj56ypYwWmveD/sYQoNhU0dGPlZ9UIySv
2iQo8WnucH/jgNeyKTNPHsxFLBEshEvZ9zL2joWrjS/LxXCaJAr87QcFTx9vy5/p
O8p6h20omRx9Obj5rTgS/LVtNrSy9ZtNDpXSnaNtaoRYVhZUfGbpyW6VZDlqqCTd
zJ/yXmOcPjAwXTIe3CDJxcUxsEvUn2ineiFE8EY+6BntvHcFfXCnP57mQIWh0XGu
nfb3XYxsvBBkMQ/UIYhezdcm6pGKzDTYIZUcqUSluFfB8LSkuIlftWn7076MT5rg
EKEM8n/Pc6gfq6xZH/bvW60ZiVpSGQpFW9wyuJVMcRX9jv5lNPShBFo/otjkHhoT
s4AKJ39T6rBzQZ+pd5DIAgRQ0N0bebgq52sWGsLoTqBBag9fQoLE3ACrD7XENOSB
FAMZl2LBtPdgB9wW8y6WyJ5E8dn6NJMfjs3u5fIRVVosZ5MazPIxCac8DwQ0nvwU
Sc7CKd5ldqPveJolQewKI8NY7KU6SR2lPUzcaMBWyX3JSVTTYhqvVqbK+BwOP98S
5Yha3l5B2zFev5829hMyex+zBU0zGLFQj8lUvFHawKLOvMSydqIU6e1eDhIOOVpU
kbIwZ3fhyYbTMyTRSlG6BCkFsYvE9+mKGBYd4yTgG0QgXC63p2M=
=rORW
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to