Re: strange routing behavior starting with ocserv 0.12.0

Thu, 17 Sep 2020 13:16:27 -0700 


Hello Nikos,

thank you for answering!


route = 0.0.0.0/0.0.0.0


Is your goal to have the server being the default route for the
client? If yes, then the documented way to do that is to set "route =
default" or removing all the routes.



Yes, the server should be default route for the client. Thank you for 
pointing out the right setting. I think that setting is unrelated to my 
problem as I had also config files without any route configuration before.



On Debian 9 with ocserv Version 0.11.6 routing behavior is as expected:
- user connects
- ocserv creates a route pointing to the vpn device the user is assigned to
- after the user disconnects: the vpn route is removed

creates a route pointing to the vpn device the user is assigned to
After upgrading to Debian 10 (current armbian with Kernel 5.7.15),
ocserv was upgraded to version 0.12.2. With the same configuration, the
routing behavior had changed to the following:
- user connects
- ocserv creates a route pointing to the vpn device the user is assigned to
- Strange: the default route changes to the hostname of the host ocserv
is running on


What is this address? Is it part of the address range for ocserv? Does
the issue go away by using the expected route notation?



My topology (Fritzbox is the router to my internet provider, 
backuphostsr is the host running ocserv. ports 443 UDP/TCP are 
portforwarded from the fritzbox to backuphostsr.):


Fritzbox       <-->  Backuphostsr
192.168.7.1          192.168.7.13
                     Default Route: 192.168.7.1


With 0.11.12, the setting of the default route remains stable (as set) 
after a user connects to ocserv. The user gets an IP from the pool.



Starting with ocserv 0.12.0: a user connects, and the route changes to 
the following:


Fritzbox       <-->  Backuphostsr
192.168.7.1          192.168.7.13
                     Default Route: 192.168.7.13


The host backuphostsr is assigned 192.168.7.13. Therefore the default 
route points to the host itself. Changig the route notation does not 
change anything. After the user disconnects, the correct default route 
(192.168.7.1) is restored.



It is a strange behavior ...

Regards

  Sven







regards,
Nikos

_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel




_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel






















					Reply via email to