Incorrect warning message when dropping packets because of "Recursive routing detected"

[archimede.pitagorico]

When recursive routing is detected a packet is dropped and the following error message is printed:
drop tun packet to [AF_INET]212.83.177.138:443
Here port 443 is not actually read from the packet, it is simply assumed that the destination port of the packet is the same as the one of the VPN server, but that this is not necessarily the case as I verified with tcpdump.

A possible explanation of how this is possible is here:
​https://forums.openvpn.net/viewtopic.php?f=4&p=67980#p67980

By the way, if this gets fixed, it would be nice to have as much info as possible on the packet in the error message.

[Gert Döring]

Well, as the error message does not say *which* port is the port it's talking about (outside or inside) it's not strictly "incorrect" - but the port information is not truly meaningful, as we cannot deliver *any* packet inside the tunnel that has the same destination IP as the VPN server.

So maybe we should just remove printing of the port number, to remove ambiguity.

[Gert Döring]

@stipa, what do you think?

[archimede.pitagorico]

@cron2, I see your point. I just would like to stress the fact that, for situation like the one I described in the attached link, having more information about the inner packet is extremely helpful to diagnose and solve the problem at its root.

[stipa]

I'll look into it.

[powerman]

+1 for removing port number, it's misleading.

It may worth to mention --allow-recursive-routing in this warning.

Also I believe man page description for --allow-recursive-routing can be improved by mentioning reasoning from ​commit message: "Could be useful when packets sent by openvpn itself are not subject to the routing tables that would move packets into the tunnel."