Context Navigation

← Previous Ticket
Next Ticket →

#1143 closed Bug / Defect (fixed)

--redirect-gateway ipv6 does not work without --ifconfig-ipv6

Reported by:	Gert Döring	Owned by:
Priority:	major	Milestone:
Component:	Generic / unclassified	Version:	OpenVPN git master branch (Community Ed)
Severity:	Not set (select this one, unless your'e a OpenVPN developer)	Keywords:
Cc:	Antonio Quartulli, Gert Döring

Description

In the context of testing the --block-ipv6 patch I tried to make it work without --ifconfig-ipv6 and it does not

gert@mobileV ~/openvpn.git $ SU src/openvpn/openvpn --config /home/gert/ppp/openvpn/ov-test.ovpn --redirect-gateway ipv6 --block-ipv6 --route-ipv6-gateway fe80::123
Fri Nov 30 16:31:32 2018 Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: route-ipv6-gateway (2.5_git)
Fri Nov 30 16:31:32 2018 OpenVPN 2.5_git [git:master/bb2bdf9a459ca6a2] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 30 2018
...
Fri Nov 30 16:31:38 2018 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
Fri Nov 30 16:31:38 2018 OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/4
...

so, why is it asking for a --route-ipv6-gateway in the first place, when we do not need it at all (ipv6 routes point to interfaces in tun mode), and if we ask for it, why do we not have the option to set it...

(It works when making up an --ifconfig-ipv6, but I wanted to see fe80::7 packets)

Change History (6)

comment:1 Changed 5 years ago by Gert Döring

funky.

If I specify the redirect route not via --redirect-gateway ipv6 but via --route-ipv6 2000::/3 fe80::123, it works, with the expected warning...

Fri Nov 30 16:34:48 2018 WARNING: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
Fri Nov 30 16:34:48 2018 add_route_ipv6(2000::/3 -> fe80::123 metric 101) dev tun0Fri Nov 30 16:34:48 2018 /bin/route -A inet6 add 2000::/3 dev tun0 metric 101

need to dig into this, this is silly.

comment:2 Changed 5 years ago by tct

cc interested in ipv6 routing

comment:3 Changed 5 years ago by Gert Döring

It's silly indeed. tun mode works fine without a gateway (just commented out the "goto fail" line in init_route_ipv6() - but tap mode needs a gateway, and this function has no knowledge in which mode we're operating.

So maybe I'll rework this to accept all routes right away and fail in add_route_ipv6() instead, if it turns out "we need a gateway"...

comment:4 Changed 5 years ago by Gert Döring

Patch is on the list:

https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17988.html
https://patchwork.openvpn.net/patch/629/

comment:5 Changed 5 years ago by Gert Döring

https://patchwork.openvpn.net/patch/630/

v2, message adjusted to patch from James Bekkema

comment:6 Changed 5 years ago by Gert Döring

Resolution:	→ fixed
Status:	new → closed

commit 14d7e0e496f15563005fffc6d4791a95444ddf23 (master)
Author: Gert Doering
Date: Wed Dec 5 22:40:37 2018 +0100

Stop complaining about IPv6 routes without gateway address.

Signed-off-by: Gert Doering <gert@…>
Acked-by: Antonio Quartulli <antonio@…>
Message-Id: <20181205214037.70783-1-gert@…>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17990.html

Last edited 5 years ago by Gert Döring (previous) (diff)

Note: See TracTickets for help on using tickets.

Download in other formats: