Opened 11 years ago
Last modified 4 years ago
#403 assigned Feature Wish
Adding routes with gateways that have the same IP address
Reported by: | kruton | Owned by: | Gert Döring |
---|---|---|---|
Priority: | major | Milestone: | release 2.6 |
Component: | Networking | Version: | OpenVPN git master branch (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
If there are multiple gateways where the IP address on the remote side of the VPN connection are the same, adding routes might point the route to the wrong logical gateway.
In src/openvpn/route.c "add_route", it only specifies "via %s" and not "dev %s" to ensure it's routing to the interface that OpenVPN just brought up.
I'm not sure if there is a downside to specifying the device explicitly. It seems to only do this if you don't have ENABLE_IPROUTE set and "is_local_route" is true. It might be worth eliminating some complexity here by always specifying it.
Change History (6)
comment:2 Changed 11 years ago by
No, if you're a client and the servers have picked the same address. (I agree it's not the most sane setup, but it is a problem if you can't get either server operator to change.)
comment:3 Changed 11 years ago by
Use IPv6 :-) - the ipv6 routing code will actually use "dev %s" on tun interfaces...
The whole "setup route to <x>" code is problematic to change, as you can actually end up with routes that should be set outside the tun/tap interface, so just changing our logic to do "dev %s" for IPv4 as well is likely going to break someone's existing setup...
comment:5 Changed 10 years ago by
Owner: | set to Gert Döring |
---|---|
Status: | new → assigned |
Type: | Bug / Defect → Feature Wish |
Well, I think it is a legitimate request, but it's not easy or straightforward (due to the ambiguity of our current way of doing this, which people might want to keep).
I'll put it on my heap of things, but it won't happen "soonish".
comment:6 Changed 4 years ago by
Milestone: | → release 2.6 |
---|
are you saying you have multiple interfaces on multiple networks on the same subnet?
why would somebody do that?