diff options
| author | Gert Doering <gert@greenie.muc.de> | 2015-09-11 17:33:43 +0200 |
|---|---|---|
| committer | Gert Doering <gert@greenie.muc.de> | 2015-09-17 19:47:07 +0200 |
| commit | 3ddb56433b1fa0f20565dfda13a647459c06251a (patch) | |
| tree | c8cfed4b08eb09077448e643ad666478f5f9c49e /src/openvpn/init.c | |
| parent | 3128abcfdd1eb293b10e4d0bfdb0805728538563 (diff) | |
| download | openvpn-3ddb56433b1fa0f20565dfda13a647459c06251a.tar.gz openvpn-3ddb56433b1fa0f20565dfda13a647459c06251a.tar.xz openvpn-3ddb56433b1fa0f20565dfda13a647459c06251a.zip | |
Implement handling of overlapping IPv6 routes with IPv6 remote VPN server address
- socket.[ch]: add link_socket_current_remote_ipv6() helper to extract
current address of remote VPN server (if IPv6, NULL otherwise), IPv6
equivalent to link_socket_current_remote()
- init.c: pass remote VPN server address to init_route_ipv6_list()
(link_socket_current_remote_ipv6())
- route.h: add route_ipv6_gateway_info to route_ipv6_list, and reorder
structures so that this actually compiles. Add iface/adapter_index
to struct route_ipv6 (for non-tun/tap routes).
- route.[ch]: add "const" to *dest argument to get_default_gateway_ipv6()
- route.c: add route_ipv6_match_host() helper to check whether an IPv6
address is matched by a given "route_ipv6" IPv6 route)
- route.c: init_route_ipv6_list()
- call get_default_gateway_ipv6()
- check to-be-installed IPv6 routes against VPN server address (if IPv6)
- if an overlap is seen, add a host route for the VPN server address
via the just-discovered gateway to the list of IPv6 routes to be
installed (rl6->routes_ipv6)
- warn if overlap is detected but platform code has not been able to
discover IPv6 default gateway
- route.c: add_route_ipv6() / delete_route_ipv6(): set "device" to
"external default gateway interface" (r6->iface) instead of TUN/TAP
device (if set), which nicely enables arbitrary gateway/interface
combinations for Linux
- ssl.c: add "IV_RGI6=1" to push-peer-info data to let server know we can
handle pushed IPv6 routes that overlap with server IPv6 address
- tun.c: when adding/removing on-link routes, CLEAR(r6) first to
ensure new struct route_ipv6 members are cleared
Tested on Linux with iproute2 and /bin/route, on eth and tun routes.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1441985627-14822-7-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10089
Diffstat (limited to 'src/openvpn/init.c')
| -rw-r--r-- | src/openvpn/init.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 48542c9..922308d 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1179,6 +1179,7 @@ do_init_route_list (const struct options *options, static void do_init_route_ipv6_list (const struct options *options, struct route_ipv6_list *route_ipv6_list, + const struct link_socket_info *link_socket_info, bool fatal, struct env_set *es) { @@ -1198,6 +1199,7 @@ do_init_route_ipv6_list (const struct options *options, options->routes_ipv6, gw, metric, + link_socket_current_remote_ipv6 (link_socket_info), es)) { if (fatal) @@ -1391,7 +1393,7 @@ do_open_tun (struct context *c) if (c->options.routes && c->c1.route_list && c->c2.link_socket) do_init_route_list (&c->options, c->c1.route_list, &c->c2.link_socket->info, false, c->c2.es); if (c->options.routes_ipv6 && c->c1.route_ipv6_list ) - do_init_route_ipv6_list (&c->options, c->c1.route_ipv6_list, false, c->c2.es); + do_init_route_ipv6_list (&c->options, c->c1.route_ipv6_list, &c->c2.link_socket->info, false, c->c2.es); /* do ifconfig */ if (!c->options.ifconfig_noexec |