cron2
commented
1 year ago Hi,
On Wed, Mar 15, 2023 at 06:07:17PM -0700, krzee wrote:
Sorry I can not provide patches, I have no C skills, if it were bash I'd happily provide code
Someone needs to code, document, and test this.
Also, /128 for IPv6 destinations.
And it might turn out that the event loop in OpenVPN 2 is not suitable for this, so it might turn out to be a very large change.
OTOH, we already wanted to rework the whole "how to deal with changing LAN attachments due to WiFi/wired roaming" mess - which breaks /32 routes - for 2.6, and did not have resources. So maybe we can tackle both for 2.7 (but then someone will come and ask for "do not take so long for the next release!!")...
gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany @.***
When using redirect-gateway a /32 route gets made for the vpn server that was connected to and then a default route gets made for the internet to flow over. When using persist-tun those routes remain active while trying to reconnect. That means that if there are multiple IPs in the --remote entry or multiple --remote entries that we can not connect to any of them except for the IP that was connected to in the first place. This is a request to handle that situation. After talking to dazo I found that in this situation openvpn3 will add a /32 route for the next IP it is trying to connect to, to bypass the route over the VPN.
This is related to https://github.com/OpenVPN/openvpn/issues/281
Sorry I can not provide patches, I have no C skills, if it were bash I'd happily provide code