[Openvpn-devel] [PATCH] Client's routes ageing timer

[Davide Guerri]

Please find attached a patch for a new stale-routes-check (and remove) option.

As requested on IRC #openvpn-devel channel, I've fixed my previously submitted 
patch against version 2.1.0 (i.e. the version currently used by ubuntu 10.04.3 
LTS) and I'm also submitting a patch against the latest master branch.

I've been testing both versions for a while with no issues so far. 




openvpn-2.1.0-aged-routes.patch
Description: Binary data


openvpn-master-aged-routes.patch
Description: Binary data


Signed-off-by: Davide Guerri 




On 14/set/2011, at 16:58, Davide Guerri wrote:

> Hi all,
> please find attached the patch Matteo is referring to.
> 
> Since we're not expert of the openvpn source code, we think it should be 
> considered as a starting point for a discussion.
> 
> Basically this patch adds a stale-routes-check option that takes 2 
> parameters: a ageing time (in seconds) and a check interval (in seconds). The 
> latter defaults to the former if it's not present.
> Internally, a new "check" is added in 
> multi_process_per_second_timers_dowork(). This check deletes stale routes and 
> it is inspired to the function multi_reap_range().
> 
> We're running a very large connectivity infrastructure based on openVPN (more 
> than 4000 different clients connected per day per server), so we can 
> throughly check this patch (or, of course, any variant of it).
> 
> Regards,
> Matteo and Davide.
> 
> On 14/set/2011, at 15:42, Matteo Latini wrote:
> 
>> Hi,
>> we (openwisp.it) are an open source wireless ISP using openvpn's tap devices 
>> to bridge access points with our main servers.
>> 
>> We recently ran into a problem with openvpn's internal routing table getting 
>> filled up by "old and stale" routes.
>> Some routes are kept for months (till the vpn gets restarted). This and the 
>> --max-routes-per-client option makes
>> the internal routing table fill up and never let newer clients add new 
>> internal routes.
>> 
>> Since we were unable to find a way to clean stale routes by reading the 
>> manpages, we began exploring openvpn's
>> code to create a patch that would clean old and inactive routes. The patch 
>> is working but, by looking through code,
>> we found some reference to MULTI_ROUTE_AGEABLE and ageable_ttl_secs in the 
>> multi_route_defined method (multi.h).
>> 
>> Are those in any way meant to clean, in any way (maybe yet to implement), 
>> aged routes?
>> We tried using multi_route_defined to keep track of such routes without 
>> success.
>> 
>> Should we keep trying with MULTI_ROUTE_AGEABLE or find other ways (we 
>> implemented the patch by using a dedicated
>> timer that triggers a function that does something similar to what happens 
>> on teardown)?
>> 
>> We are currently patching OpenVPN 2.1.0
>> 
>> 
>> Regards,
>> Matteo Latini

[Openvpn-devel] tun.c patch breaks compile on FreeBSD

[Eric Crist]

James,

It would appear a patch you committed breaks compile on FreeBSD.  Part of this 
removes r.defined, which is looked for during compile on FreeBSD, and 
specifically stops things during compile of tun.c.  The commit in question is 
7fb0e07ec3f7c5f65 visible here:

http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=openvpn/openvpn-testing.git;a=commitdiff;h=7fb0e07ec3f7c5f6514523085dbe02ea6b8933e2

The configure line used is as follows:

$ ./configure --with-lzo-lib=/usr/local/lib 
--with-lzo-headers=/usr/local/include --disable-depr-random-resolv 
--enable-password-save --disable-pkcs11 --prefix=/usr/local 
--mandir=/usr/local/man --infodir=/usr/local/info/ 
--build=amd64-portbld-freebsd9.0

Feel free to talk to me here or, easier for me, on IRC if you'd like to test.

Eric Crist