search

OpenVPN / openvpn

OpenVPN is an open source VPN daemon
http://openvpn.net
Other
10.75k stars 2.99k forks source link

OpenVPN Removes Existing Routes on the Wrong Interface on Disconnect #455

Open nbauernfeind opened 10 months ago

nbauernfeind commented 10 months ago

Description: If I connect to the vpn from inside of the vpn network, then the routing table is left broken after disconnect.

To Reproduce:

  1. Look for the existing route: 
    $  sudo netstat -rn | grep "10.10/22"
10.10/22           link#15            UCS               en0      !
  2. connect to vpn; note that it fails to add a route for 10.10/22: 
    $ sudo netstat -rn | grep -e utun5 -e "10.10/22"
10.10/22           link#15            UCS               en0      !
10.10.5/24         10.10.5.5          UGSc            utun5
10.10.5.1/32       10.10.5.5          UGSc            utun5
10.10.5.5          10.10.5.6          UH              utun5
  3. disconnect from vpn; now the en0 route is completely missing 
    $ sudo netstat -rn | grep -e utun5 -e "10.10/22"

Note that if I connect once more, it successfully adds the route to utun5:

$ sudo netstat -rn | grep -e utun5 -e "10.10/22"
10.10/22           10.10.5.5          UGSc            utun5
10.10.5/24         10.10.5.5          UGSc            utun5
10.10.5.1/32       10.10.5.5          UGSc            utun5
10.10.5.5          10.10.5.6          UH              utun5

Expected behavior: When disconnecting from the vpn, only remove routes that belong to the utun interface. One could argue they want the vpn route to actually go through the vpn while connected and then restore the original route when disconnected.

Work around: Bounce wifi/network connection to reestablish proper routes through en0. (Also, don't connect to vpn from said network... but in this particular case I forgot to disconnect from the vpn while I was still away from home.)

Desktop:

I'm not sure how to tell what version of OpenVPN the synology server is running.

oluwatosinolamilekan commented 10 months ago

same thing happen to me

itsGiaan commented 6 months ago

Tested and successfully replicated on macOS Monterey 12.7.4 (21H1123) and it seems that "File exists" is not considered an error by the route command, causing OpenVPN to incorrectly believe that it has added the route (which then leads to the erroneous removal of the pre-existing route). An idea could be to parse the output of the route command and mark it as an error. What do you guys think? @cron2 @schwabe