Opened 5 years ago

Last modified 4 years ago

#403 assigned Feature Wish

Adding routes with gateways that have the same IP address

Reported by: kruton Owned by: Gert Döring
Priority: major Milestone:
Component: Networking Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

If there are multiple gateways where the IP address on the remote side of the VPN connection are the same, adding routes might point the route to the wrong logical gateway.

In src/openvpn/route.c "add_route", it only specifies "via %s" and not "dev %s" to ensure it's routing to the interface that OpenVPN just brought up.

I'm not sure if there is a downside to specifying the device explicitly. It seems to only do this if you don't have ENABLE_IPROUTE set and "is_local_route" is true. It might be worth eliminating some complexity here by always specifying it.

Change History (5)

comment:1 Changed 5 years ago by krzee king

are you saying you have multiple interfaces on multiple networks on the same subnet?
why would somebody do that?

Last edited 5 years ago by krzee king (previous) (diff)

comment:2 Changed 5 years ago by kruton

No, if you're a client and the servers have picked the same address. (I agree it's not the most sane setup, but it is a problem if you can't get either server operator to change.)

comment:3 Changed 5 years ago by Gert Döring

Use IPv6 :-) - the ipv6 routing code will actually use "dev %s" on tun interfaces...

The whole "setup route to <x>" code is problematic to change, as you can actually end up with routes that should be set outside the tun/tap interface, so just changing our logic to do "dev %s" for IPv4 as well is likely going to break someone's existing setup...

comment:4 Changed 4 years ago by Samuli Seppänen

cron2: close as "wontfix"?

comment:5 Changed 4 years ago by Gert Döring

Owner: set to Gert Döring
Status: newassigned
Type: Bug / DefectFeature Wish

Well, I think it is a legitimate request, but it's not easy or straightforward (due to the ambiguity of our current way of doing this, which people might want to keep).

I'll put it on my heap of things, but it won't happen "soonish".

Note: See TracTickets for help on using tickets.