Follow-up:

this problem is NOT present in OpenVPN 2.3.17; the same warning appears (route gateway is ambiguous) but the route is added anyway. This seems to be a regression in 2.4.

JJK


On 17/07/17 14:01, Jan Just Keijser wrote:
Hi all,

On 17/07/17 12:34, Samuli Seppänen wrote:
On 15/07/2017 00:43, Jan Just Keijser wrote:
Hi Samuli,

On 14/07/17 16:07, Samuli Seppänen wrote:
Hi all,

Those of you who use pkcs11 on Windows: could you please test this new
Windows installer:

<http://build.openvpn.net/downloads/releases/openvpn-install-2.4.3-I602.exe>


The previous installer(s) had pkcs11-helper 1.11. This one has 1.22, so
some regression testing would be good to have.

I'd like to push the updated installer out early next week, preferably
on Monday.

nice to see that pkcs11 support is still included in the Windows
version; I can test the installer on monday morning(no Windows laptop in
my house ;))  I will let you know my findings.

cheers,

JJK

Hi JJK,

Excellent, thanks! I will push out the new installer if everything looks
good at your end.


good news and bad news:

+ the pkcs11 stuff works as expected, no problems there
- with openvpn 2.4.3 my existing setup using "redirect-gateway def1"  stopped 
working!

I'll downgrade OpenVPN to see if this problem was already there in 2.3.XX ; 
what happens is this:
- openvpn wants to add a direct route to the VPN server
- there happen to be TWO gateways to that server with the SAME IP address, one 
via wired ethernet, one via wireless
- openvpn gets confused and says "route gateway is ambiguous" and refuses to 
add it
- after that, all traffic is jammed, as there is no direct route to the VPN server itself, and thus all encrypted traffic is fed back into the tunnel, where it is encrypted again, etc etc ("biting your own tail").

Disconnecting either wired or wireless solves the issue AFTER restarting 
OpenVPN. Annoying.
It looks like a (minor) patch is needed to deal with this special case

cheers,

JJK


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to