fasferraz / SWu-IKEv2

IKEv2/IPSec SWu Client Dialer
GNU General Public License v3.0
43 stars 20 forks source link

default route has satrange netmask #6

Closed laf0rge closed 3 years ago

laf0rge commented 3 years ago

once the tun device is up, a default route with a strange netmask of 128.0.0.0 is added:

0.0.0.0         10.29.47.254    128.0.0.0       UG    0      0        0 tun1

I guess that should probably be 0.0.0.0?

fasferraz commented 3 years ago

I explain in the README why i do this . Instead of using a 0.0.0.0/0 that may conflict with an already installed route, i add two routes: 0.0.0.0/1 and 128.0.0.0/1 that will be preferable over the 0.0.0.0/0, and when the application terminates, the tunnel is removed and those 2 routes are removed, leaving the previous default route.

The text i have: "When the IKEv2/IPSec tunnel is activated, the DNS servers are updated to the ones received through IKE (and the old ones are saved), and an tunnel interface is created with the session IP. The route table is update in order to set the default route to this tunnel interface. To simplify the deactivation process, I choose to create two routes (0.0.0.0/1 and 128.0.0.0/1) that together form a default route, but have more priority over any already existing default route (0.0.0.0/0). When the app is deactivate, the tunnel interface is removed and the previous default route becomes the preferred one again, and the old DNS are restored."

laf0rge commented 3 years ago

sorry for not RTFM. You could probably use the metric to make it higher priority.

In any case, it may be an idea to consider the ip network namespace approach of #7 which provides clean isolation between processes inside and outside of the tunnel. We use this very successfully e.g. in osmo-uecups (the user plane side of a SGW/MME/eNB emulation twoards PGW).