Package: vpnc-scripts Version: 0.1~git20220510-1 Severity: normal Tags: upstream Forwarded: https://gitlab.com/openconnect/vpnc-scripts/-/issues/65
I've just reported the following bug upstream: vpnc-script adds several vpngateway routes, but when disconnecting, it does a single "ip route del", which has the effect to delete a single route (though this is ambiguous in the ip-route(8) man page), not all the routes to the VPN gateway. For instance, I have the following default routes on my laptop: default via 192.168.1.1 dev eth0 proto dhcp src 192.168.1.13 metric 100 default via 192.168.1.1 dev wlp0s20f3 proto dhcp src 192.168.1.14 metric 600 Connecting with OpenConnect to the Inria VPN after enabling tracing in vpnc-script gives: + set_vpngateway_route [...] + /sbin/ip -4 route add 192.134.164.161 via 192.168.1.1 dev eth0 src 192.168.1.13 metric 100 [...] + /sbin/ip -4 route add 192.134.164.161 via 192.168.1.1 dev wlp0s20f3 src 192.168.1.14 metric 600 So, 2 routes to the VPN gateway are added, corresponding to the 2 default routes. But when disconnecting, I get: + del_vpngateway_route + /sbin/ip route del 192.134.164.161 which has the effect to delete a single route (apparently always the first listed one). The consequence is that after disconnecting, I get a spurious route in the routing table output by "ip route". -- System Information: Debian Release: 13.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.12.32-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages vpnc-scripts depends on: ii iproute2 6.15.0-1 ii net-tools 2.10-1.3 vpnc-scripts recommends no packages. Versions of packages vpnc-scripts suggests: pn dnsmasq <none> ii openssh-server 1:10.0p1-5 pn resolvconf <none> -- no debconf information -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)
