Hi, On Sat, May 30, 2020 at 02:05:59AM +0200, Antonio Quartulli wrote: > From: Antonio Quartulli <anto...@openvpn.net> > > If no IPv4 redirection flag is set, do not enable the IPv4 > redirection logic at all so that it won't bother adding any > useless IPv4 route. > > Trac: #208 > Signed-off-by: Antonio Quartulli <anto...@openvpn.net>
I can see why we want this - I tried to connect to a "v6-only-in-tunnel"
server over v4, specifying "redirect-gateway !ipv4 ipv6", and it tried
to install a v4 /32 redirect route...
Sun Jun 7 13:20:43 2020 net_route_v4_add: 199.102.77.82/32 via 193.149.48.190
dev [NULL] table 0 metric -1
... which is harmless, but "unnecesary fumbling" is not desirable.
The reason why I'm a bit unhappy about applying it is that it will
change behaviour for the "redirect-private" case, and that might break
people's setups. For "redirect-gateway" or "redirect-gateway def1" (etc),
it will not change anything.
Can we make this conditional in a way that does not break "redirect-private"?
(I used to use "redirect-private" to handle overlapping IPv4 routes without
actually redirecting the whole gateway - think "VPN server is on 192.0.2.1
and you want to push 'route 192.0.2.0/24'". IPv6 handles this automatically,
but v4 needs "redirect-private" for that to work)
thanks :)
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
