Package: vpnc
Version: 0.5.1r334-1
Severity: normal
In my environemnt our DHCP returns a bogus-default-route, which I remove
in a custom /etc/dhcp3/dhclient-enter-hooks.d/ script, because the
gateway blocks most outbound traffic expect than a very limited subset
of 134.106.*. My script bascially does this by doing
case "$reason,`iwgetid -s $interface`" in
BOUND,vpnhrzb|BOUND,uniOLwlan)
vpn_gw="$new_routers"
unset new_routers
This breaks the MTU calculation in /etc/vpnc/vpnc-script, because in
do_ifconfig()
DEV=$($IPROUTE route | grep ^default | sed 's/^.* dev
\([[:alnum:]-]\+\).*$/\1/')
returns no default route and thus DEV is empty.
Since the script is not really interested in the MTU to the
default-gateway but to the VPN-gateway, I propose to change the function
to something like the following: ip route get returns the "mtu" used to
reach the VPN-gateway; directly use that value and substract 88 for the
IPSec-headers. If that fails, fall back to 1412.
do_ifconfig() {
test -n "$IPROUTE" \
&& MTU=$(($($IPROUTE route get "$VPNGATEWAY" | sed -ne 's/^.*
mtu \([[:digit:]]\+\).*$/\1/p') - 88)) \
|| MTU=1412
ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp
"$INTERNAL_IP4_ADDRESS" netmask ${INTERNAL_IP4_NETMASK:-255.255.255.255} mtu
${MTU} up
}
(For sid (untested:)
do_ifconfig() {
if [ -n "$INTERNAL_IP4_MTU" ]; then
MTU=$INTERNAL_IP4_MTU
else
test -n "$IPROUTE" && MTU=$(($($IPROUTE route get "$VPNGATEWAY"
| sed -ne 's/^.* mtu \([[:digit:]]\+\).*$/\1/p') - 88)) || MTU=1412
fi
# Point to point interface require a netmask of 255.255.255.255 on some
systems
ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp
"$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu ${MTU} up
if [ -n "$INTERNAL_IP4_NETMASK" ]; then
set_network_route $INTERNAL_IP4_NETADDR $INTERNAL_IP4_NETMASK
$INTERNAL_IP4_NETMASKLEN
fi
}
BYtE
Philipp
-- System Information:
Debian Release: 5.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages vpnc depends on:
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr
Versions of packages vpnc recommends:
ii iproute 20080725-2 networking and traffic control too
ii resolvconf 1.42 name server information handler
vpnc suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
