Please find attached a patch for a new stale-routes-check (and remove) option.
As requested on IRC #openvpn-devel channel, I've fixed my previously submitted
patch against version 2.1.0 (i.e. the version currently used by ubuntu 10.04.3
LTS) and I'm also submitting a patch against the latest master branch.
I've been testing both versions for a while with no issues so far.
openvpn-2.1.0-aged-routes.patch
Description: Binary data
openvpn-master-aged-routes.patch
Description: Binary data
Signed-off-by: Davide Guerri
On 14/set/2011, at 16:58, Davide Guerri wrote:
> Hi all,
> please find attached the patch Matteo is referring to.
>
> Since we're not expert of the openvpn source code, we think it should be
> considered as a starting point for a discussion.
>
> Basically this patch adds a stale-routes-check option that takes 2
> parameters: a ageing time (in seconds) and a check interval (in seconds). The
> latter defaults to the former if it's not present.
> Internally, a new "check" is added in
> multi_process_per_second_timers_dowork(). This check deletes stale routes and
> it is inspired to the function multi_reap_range().
>
> We're running a very large connectivity infrastructure based on openVPN (more
> than 4000 different clients connected per day per server), so we can
> throughly check this patch (or, of course, any variant of it).
>
> Regards,
> Matteo and Davide.
>
> On 14/set/2011, at 15:42, Matteo Latini wrote:
>
>> Hi,
>> we (openwisp.it) are an open source wireless ISP using openvpn's tap devices
>> to bridge access points with our main servers.
>>
>> We recently ran into a problem with openvpn's internal routing table getting
>> filled up by "old and stale" routes.
>> Some routes are kept for months (till the vpn gets restarted). This and the
>> --max-routes-per-client option makes
>> the internal routing table fill up and never let newer clients add new
>> internal routes.
>>
>> Since we were unable to find a way to clean stale routes by reading the
>> manpages, we began exploring openvpn's
>> code to create a patch that would clean old and inactive routes. The patch
>> is working but, by looking through code,
>> we found some reference to MULTI_ROUTE_AGEABLE and ageable_ttl_secs in the
>> multi_route_defined method (multi.h).
>>
>> Are those in any way meant to clean, in any way (maybe yet to implement),
>> aged routes?
>> We tried using multi_route_defined to keep track of such routes without
>> success.
>>
>> Should we keep trying with MULTI_ROUTE_AGEABLE or find other ways (we
>> implemented the patch by using a dedicated
>> timer that triggers a function that does something similar to what happens
>> on teardown)?
>>
>> We are currently patching OpenVPN 2.1.0
>>
>>
>> Regards,
>> Matteo Latini