Hi, On Sat, May 30, 2020 at 02:05:59AM +0200, Antonio Quartulli wrote: > From: Antonio Quartulli <anto...@openvpn.net> > > If no IPv4 redirection flag is set, do not enable the IPv4 > redirection logic at all so that it won't bother adding any > useless IPv4 route. > > Trac: #208 > Signed-off-by: Antonio Quartulli <anto...@openvpn.net>
I can see why we want this - I tried to connect to a "v6-only-in-tunnel" server over v4, specifying "redirect-gateway !ipv4 ipv6", and it tried to install a v4 /32 redirect route... Sun Jun 7 13:20:43 2020 net_route_v4_add: 199.102.77.82/32 via 193.149.48.190 dev [NULL] table 0 metric -1 ... which is harmless, but "unnecesary fumbling" is not desirable. The reason why I'm a bit unhappy about applying it is that it will change behaviour for the "redirect-private" case, and that might break people's setups. For "redirect-gateway" or "redirect-gateway def1" (etc), it will not change anything. Can we make this conditional in a way that does not break "redirect-private"? (I used to use "redirect-private" to handle overlapping IPv4 routes without actually redirecting the whole gateway - think "VPN server is on 192.0.2.1 and you want to push 'route 192.0.2.0/24'". IPv6 handles this automatically, but v4 needs "redirect-private" for that to work) thanks :) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel