Opened 7 years ago
Closed 6 years ago
#726 closed Feature Wish (fixed)
iroute 0.0.0.0 not work and not warning about that
| Reported by: | mastervolkov | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | Generic / unclassified | Version: | OpenVPN 2.3.11 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
If in ccd (for cl5, for example) set:
iroute 0.0.0.0 128.0.0.0 192.168.5.5
iroute 0.0.0.0 128.0.0.0 192.168.5.5
Then in log we view:
: cl05/X.X.X.X:53 MULTI: internal route 128.0.0.0/1 -> exitnode/X.X.X.X:53
: cl05/X.X.X.X:53 MULTI: internal route 0.0.0.0/1 -> exitnode/X.X.X.X:53
, but work as expected only 128.0.0.1 - 255.255.255.255, for example in log we see:
: cl05/Y.Y.Y.Y:53 MULTI: Learn: 128.0.0.1 -> exitnode/X.X.X.X:53
All query to 0.0.0.0 - 127.255.255.255 do not exist in the journal and, accordingly, do not work.
If that normal, is can any warning be except simple "internal route 0.0.0.0/1 -> exitnode/X.X.X.X:53", similary wrong configured subnet, etc
Attachments (1)
Change History (6)
comment:1 Changed 7 years ago by
Changed 7 years ago by
| Attachment: | ccd_tmp_fixed_content added |
|---|
Temporary fix problem with 0.0.0.0 by add other network
comment:2 Changed 7 years ago by
This problem found by other people:
http://serverfault.com/questions/310002/openvpn-iroute-for-all-theoretically-reachable-public-ips
comment:3 Changed 7 years ago by
Apparently mroute_learnable_address() returns FALSE for an address made up by 0s only ... thus multi_learn_addr() refuses to add the route to the internal routing table :-(
mroute_learnable_address() could be changed to accept this case, but this needs to be carefully checked to understand what's the impact on other code.
My guess is that this is just a sanity check before adding a route and a 0/x was not thought to be a meaningful one.
comment:4 Changed 7 years ago by
@mastervolkov: a patch (based on current master) addressing this issue has been sent to the mailing list. Its subject is:
"[PATCH] Allow learning iroutes with network made up of all 0s (only if netbits < 8)"
If you are still interested in this problem, would you mind giving it a try and reporting the results here?
Thanks a lot!
comment:5 Changed 6 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
The patch fixing this issue has been merged into master (commit a19c56db) and the 2.4 (commit 80614c7c) branches. It'll be available in 2.5 and in the next 2.4.x release.
it should work - this is code that was written many years ago, so arguably it might be a bug, or a conflict with internal implementation details, or someone thought it would be reasonable to reject 0.0.0.0 - dunno, someone will need to investigate and fix it.
{{{ iroute-ipv6 2000::/3 }}
should work just fine, though :-)