When no IPv4 default route exists, the "redirect-gateway" routine
aborts even if the sub-option "local" was specified or if we are
connecting to the remote host using IPv6.
This is not expected because in either case OpenVPN should not
bother checking the existence of the default route as it is not
required at all.
Therefore, skip the IPv4 default route check when "local" is
specified or we are connecting to an IPv6 remote host.
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20170119162518.31752-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13905.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -986,11 +986,19 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un |
986 | 986 |
|
987 | 987 |
if (rl && rl->flags & RG_ENABLE) |
988 | 988 |
{ |
989 |
+ bool local = rl->flags & RG_LOCAL; |
|
990 |
+ |
|
989 | 991 |
if (!(rl->spec.flags & RTSA_REMOTE_ENDPOINT) && (rl->flags & RG_REROUTE_GW)) |
990 | 992 |
{ |
991 | 993 |
msg(M_WARN, "%s VPN gateway parameter (--route-gateway or --ifconfig) is missing", err); |
992 | 994 |
} |
993 |
- else if (!(rl->rgi.flags & RGI_ADDR_DEFINED)) |
|
995 |
+ /* |
|
996 |
+ * check if a default route is defined, unless: |
|
997 |
+ * - we are connecting to a remote host in our network |
|
998 |
+ * - we are connecting to a non-IPv4 remote host (i.e. we use IPv6) |
|
999 |
+ */ |
|
1000 |
+ else if (!(rl->rgi.flags & RGI_ADDR_DEFINED) && !local |
|
1001 |
+ && (rl->spec.remote_host != IPV4_INVALID_ADDR)) |
|
994 | 1002 |
{ |
995 | 1003 |
msg(M_WARN, "%s Cannot read current default gateway from system", err); |
996 | 1004 |
} |
... | ... |
@@ -1001,7 +1009,6 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un |
1001 | 1001 |
else |
1002 | 1002 |
{ |
1003 | 1003 |
#ifndef TARGET_ANDROID |
1004 |
- bool local = BOOL_CAST(rl->flags & RG_LOCAL); |
|
1005 | 1004 |
if (rl->flags & RG_AUTO_LOCAL) |
1006 | 1005 |
{ |
1007 | 1006 |
const int tla = rl->spec.remote_host_local; |
... | ... |
@@ -1066,14 +1073,13 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un |
1066 | 1066 |
} |
1067 | 1067 |
else |
1068 | 1068 |
{ |
1069 |
- /* delete default route */ |
|
1070 |
- del_route3(0, |
|
1071 |
- 0, |
|
1072 |
- rl->rgi.gateway.addr, |
|
1073 |
- tt, |
|
1074 |
- flags | ROUTE_REF_GW, |
|
1075 |
- &rl->rgi, |
|
1076 |
- es); |
|
1069 |
+ /* don't try to remove the def route if it does not exist */ |
|
1070 |
+ if (rl->rgi.flags & RGI_ADDR_DEFINED) |
|
1071 |
+ { |
|
1072 |
+ /* delete default route */ |
|
1073 |
+ del_route3(0, 0, rl->rgi.gateway.addr, tt, |
|
1074 |
+ flags | ROUTE_REF_GW, &rl->rgi, es); |
|
1075 |
+ } |
|
1077 | 1076 |
|
1078 | 1077 |
/* add new default route */ |
1079 | 1078 |
add_route3(0, |
... | ... |
@@ -1145,15 +1151,12 @@ undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *t |
1145 | 1145 |
flags, |
1146 | 1146 |
&rl->rgi, |
1147 | 1147 |
es); |
1148 |
- |
|
1149 |
- /* restore original default route */ |
|
1150 |
- add_route3(0, |
|
1151 |
- 0, |
|
1152 |
- rl->rgi.gateway.addr, |
|
1153 |
- tt, |
|
1154 |
- flags | ROUTE_REF_GW, |
|
1155 |
- &rl->rgi, |
|
1156 |
- es); |
|
1148 |
+ /* restore original default route if there was any */ |
|
1149 |
+ if (rl->rgi.flags & RGI_ADDR_DEFINED) |
|
1150 |
+ { |
|
1151 |
+ add_route3(0, 0, rl->rgi.gateway.addr, tt, |
|
1152 |
+ flags | ROUTE_REF_GW, &rl->rgi, es); |
|
1153 |
+ } |
|
1157 | 1154 |
} |
1158 | 1155 |
} |
1159 | 1156 |
|