diff mbox series

[Openvpn-devel] dco: don't pass VPN IPs to NEW_PEER API in P2P mode

Message ID 20220815223941.26839-1-a@unstable.cc
State Accepted
Headers show
Series [Openvpn-devel] dco: don't pass VPN IPs to NEW_PEER API in P2P mode | expand

Commit Message

Antonio Quartulli Aug. 15, 2022, 12:39 p.m. UTC 
When adding a peer to a P2P interface, the VPN IPs are not really used by DCO as
there is no routing happening in this mode.

For this reason don't pass any VPN IP when adding a new peer in p2p mode.

Signed-off-by: Antonio Quartulli <a@unstable.cc>
---
 src/openvpn/dco.c | 51 ++---------------------------------------------
 1 file changed, 2 insertions(+), 49 deletions(-)

Comments

Gert Doering Aug. 17, 2022, 9:12 a.m. UTC | #1 
Acked-by: Gert Doering <gert@greenie.muc.de>

This goes hand in hand with commit 383a897a5cb040d065689 in the ovpn-dco
repo ("require peer VPN IPs only in multipoint mode").  If the kernel does
no longer want this from us, no need to have it here.

Also, the kernel change fixes the edge case I found (ipv4-only without
route-gateway = breaks DCO setup).

So, upgraded the kernel, old openvpn -> "3a" fixed

New openvpn with this patch -> all tests still pass :-)  (that is: client
side DCO tests = p2p mode, and also server side DCO tests = p2mp mode - 
which are not touched by this code, but by the new kernel code)

This also takes care of the older patch from Frank Lichtenheld
("do not warn about missing default gw", PW ID 2646) as this rips out 
much more than just the warning - very good :-)

Your patch has been applied to the master branch.

commit da758e6d7f4298d835ceadd60e60309acc032ee7
Author: Antonio Quartulli
Date:   Tue Aug 16 00:39:41 2022 +0200

     dco: don't pass VPN IPs to NEW_PEER API in P2P mode

     Signed-off-by: Antonio Quartulli <a@unstable.cc>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20220815223941.26839-1-a@unstable.cc>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24940.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 6933a50f..61cf4dd5 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -401,61 +401,14 @@  dco_p2p_add_new_peer(struct context *c)
         return 0;
     }
 
-    struct tls_multi *multi = c->c2.tls_multi;
     struct link_socket *ls = c->c2.link_socket;
 
-    struct in6_addr remote_ip6 = { 0 };
-    struct in_addr remote_ip4 = { 0 };
-
-    struct in6_addr *remote_addr6 = NULL;
-    struct in_addr *remote_addr4 = NULL;
-
-    const char *gw = NULL;
-
     ASSERT(ls->info.connection_established);
 
-    /* In client mode if a P2P style topology is used we assume the
-     * remote-gateway is the IP of the peer */
-    if (c->options.topology == TOP_NET30 || c->options.topology == TOP_P2P)
-    {
-        gw = c->options.ifconfig_remote_netmask;
-    }
-    if (c->options.route_default_gateway)
-    {
-        gw = c->options.route_default_gateway;
-    }
-
-    /* These inet_pton conversion are fatal since options.c already implements
-     * checks to have only valid addresses when setting the options */
-    if (c->options.ifconfig_ipv6_remote)
-    {
-        if (inet_pton(AF_INET6, c->options.ifconfig_ipv6_remote, &remote_ip6) != 1)
-        {
-            msg(M_FATAL,
-                "DCO peer init: problem converting IPv6 ifconfig remote address %s to binary",
-                c->options.ifconfig_ipv6_remote);
-        }
-        remote_addr6 = &remote_ip6;
-    }
-
-    if (gw)
-    {
-        if (inet_pton(AF_INET, gw, &remote_ip4) != 1)
-        {
-            msg(M_FATAL, "DCO peer init: problem converting IPv4 ifconfig gateway address %s to binary", gw);
-        }
-        remote_addr4 = &remote_ip4;
-    }
-    else if (c->options.ifconfig_local)
-    {
-        msg(M_INFO, "DCO peer init: Need a peer VPN addresss to setup IPv4 (set --route-gateway)");
-    }
-
     struct sockaddr *remoteaddr = &ls->info.lsa->actual.dest.addr.sa;
-
+    struct tls_multi *multi = c->c2.tls_multi;
     int ret = dco_new_peer(&c->c1.tuntap->dco, multi->peer_id,
-                           c->c2.link_socket->sd, NULL, remoteaddr,
-                           remote_addr4, remote_addr6);
+                           c->c2.link_socket->sd, NULL, remoteaddr, NULL, NULL);
     if (ret < 0)
     {
         return ret;