On Tue, Feb 21, 2012 at 01:46:51PM -0500, Simon Deziel wrote: > On 12-02-21 11:41 AM, Teodor MICU wrote: > > This is a hack anyway. How about dealing with this properly with some > > code in OpenVPN? If I were you I would propose this to upstream > > developers. > > Upstream (EugeneKay on #openvpn) expressed that they were not inclined > to make those changes. They suggest to filter those bogus ICMP redirects > at the firewall level. IMHO, avoiding the generation of those bogus ICMP > redirects is cleaner and I still think the init script should take care > of this. > > @Alberto, may I ask your opinion on this one ?
Hi, I'd like to give this a second thought (kfreebsd compatibility worries me too) How about suggesting (i.e. in README.Debian) inserting that piece of shell you sent in "up" scripts for those people using tun + subnet? May be including it as /usr/share/openvpn/examples/avoid_redirects.sh so people could just "source" it in their "up" script? Thanks both of you for your interest! Alberto -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
