[Openvpn-devel,v4] redirect-gateway: only redirect traffic through TUN if address families match
| Message ID | 20251011111417.11802-1-gert@greenie.muc.de |
|---|---|
| State | New |
| Headers |
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:7d42:b0:72f:f16c:e055 with SMTP id fr2csp882957mab;
Sat, 11 Oct 2025 04:14:34 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
AJvYcCViIkT1XwV8ijw+5WQgQVq7GjKT+enWVIGqwuDmWboo7Y4B4iEe1vU6oAYBL7gE7zwSySalt7n6L5Y=@openvpn.net
X-Google-Smtp-Source:
AGHT+IF5OCZJdrJJJ5DUSG3648lNrJabJVL2QxxkAGz7IiSVX89QvMZIb4R4z4/4E5aeUg9iVXQZ
X-Received: by 2002:a05:6870:810c:b0:301:fec8:fc5 with SMTP id
586e51a60fabf-3c0f91a5af1mr6691997fac.23.1760181273990;
Sat, 11 Oct 2025 04:14:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1760181273; cv=none;
d=google.com; s=arc-20240605;
b=EkyGMfLGY7iia/PmtDbhFoPIPQ5nZGFtjDC5X9KaW/dyBcMLP5BKGuK/jpPrIpgMVc
tIbe4Kam9c2o0+Hpj6MlXyFlKRNthmgenc90/261/dkTdGTZhoP4f4reCQWO+tRUhYxv
ofkg/h+wlYFPqP+oHf96sAqN7LzzCl8bMdphLq9ddIFj4vcST895giOn8TOmrFKocYOc
t/tgBLYNyoMdONX5lHC58gqyl9MUdcYJo8bJ+smmwh2co8wCrn9/2tYKbkms8v+r11YG
YLMHmM+0Yg/b3QkA7Ox0m3Nr+zLbOcXOgLwW0TSoUklPBmDwgTxFChhjnPu9QrdF976t
8Nmw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=errors-to:content-transfer-encoding:list-subscribe:list-help
:list-post:list-archive:list-unsubscribe:list-id:precedence:subject
:mime-version:references:in-reply-to:message-id:date:to:from
:dkim-signature:dkim-signature:dkim-signature;
bh=M9W5u8DXu/2qUQuHmTmeWzzR8V4IXQkXXX05UYZgzA0=;
fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
b=lHTAJITmNDcck1f3BUGRQO5nUy0OIQUmTDfH/dnsTB0iktB45IZfW8zYmRm9nUlkKj
WYA1y9w+5MX2KQ4N3mhNsv1vKVBVg4e5oeQLzFAqOKhCw5/XEbH0zG/702Y7G4GSkTiT
loLxG2StRHI3CiiP9pPyyaKsTMoSuKMwn6sKvEjemc8L6zXJvy4nDIXahqCg+CMQ9Tm9
sTXqGXDhMdRY32aIg6kRgeGuj1k/LRNgmj2x5551XjrEGnos4MmpP0kNbrVyMGj35gEH
1i6V+NwEurSUwmhHjVCV5o4/mrQ7G7DAprSqAl+n3F8envGy+GJn4ZFkH3b1sxronIa7
O3Lg==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b="OLQf/0Ql";
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=lHZti38Q;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b="WkOPqUx/";
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
006d021491bc7-650181f9879si989615eaf.116.2025.10.11.04.14.33
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Sat, 11 Oct 2025 04:14:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b="OLQf/0Ql";
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=lHZti38Q;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b="WkOPqUx/";
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
bh=M9W5u8DXu/2qUQuHmTmeWzzR8V4IXQkXXX05UYZgzA0=; b=OLQf/0QlAO/b0xrga4JltJWLIH
/J5Z0ZQBMbuMBCbFaHfocPCD37q41mH7pjeMoqzPRMWl8kXnJPUtu3dgMA1PhiEV0q56M1B3aBjJY
fooLfEaE1CxJBiq+IUEs5ixnRgl96TW24/ld3MZu+AsNdOq55GQ6DWEfC+53w9PKxBHc=;
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1v7XYU-0007ce-FN;
Sat, 11 Oct 2025 11:14:31 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <gert@blue4.greenie.muc.de>) id 1v7XYS-0007c1-R0
for openvpn-devel@lists.sourceforge.net;
Sat, 11 Oct 2025 11:14:29 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=hQAEcdkEZFww2zcOzwQfybitcGGSNmIsMKnb+VjZ840=; b=lHZti38QBdtccG5SDLK6/2Gjii
Ne4lhkhXkM0JMaWpFU8xFTgIT5ceNtfMD1SIimmoDQ42QAxRi27M91lSYAOWCg9RzxjUJAvG28gCD
mD1grhipfyG3l35kmUyeMitT34SDtPrNZe1JuMTHL8TlghjfmyIwehADA1dBSJ3iu+1E=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=hQAEcdkEZFww2zcOzwQfybitcGGSNmIsMKnb+VjZ840=; b=WkOPqUx/oxiUk5DM0hhDFAKNL9
CpM0Rso/Za7jyLXO2ZsEZqJebSNiwDUK6pmxC67yhrffnxxZHtO3JJQbgzvRUFFxVbTTGTv6OaZMe
YDTCtwNnmZrh5lSEwrCIO15aJ8Kdqpl/HHe3IWIY4hPRaydSSW1G2XaxoOJqZHMxZSg0=;
Received: from [193.149.48.134] (helo=blue.greenie.muc.de)
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
id 1v7XYO-00045X-2S for openvpn-devel@lists.sourceforge.net;
Sat, 11 Oct 2025 11:14:25 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 59BBEHE9011817
for <openvpn-devel@lists.sourceforge.net>; Sat, 11 Oct 2025 13:14:17 +0200
Received: (from gert@localhost)
by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 59BBEHaO011816
for openvpn-devel@lists.sourceforge.net; Sat, 11 Oct 2025 13:14:17 +0200
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Sat, 11 Oct 2025 13:14:11 +0200
Message-ID: <20251011111417.11802-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.49.1
In-Reply-To:
<gerrit.1758706218000.Ib3458a9ed2eb38e00184c4a92659b83b97fe476c@gerrit.openvpn.net>
References:
<gerrit.1758706218000.Ib3458a9ed2eb38e00184c4a92659b83b97fe476c@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software,
running on the system "sfi-spamd-2.hosts.colo.sdot.me",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: From: Marco Baffo <marco@mandelbit.com> Adds a check in
do_init_route_ipv6_list()
to add default routes toward the TUN only if the TUN has IPv6 addresses.
Github: fixes OpenVPN/openvpn#850 github.com/OpenVPN/openvpn/issues/850
Content analysis details: (1.3 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Headers-End: 1v7XYO-00045X-2S
Subject: [Openvpn-devel] [PATCH v4] redirect-gateway: only redirect traffic
through TUN if address families match
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1845683839259712583?=
X-GMAIL-MSGID: =?utf-8?q?1845683839259712583?=
|
| Series |
[Openvpn-devel,v4] redirect-gateway: only redirect traffic through TUN if address families match
|
|
Commit Message
Gert Doering
Oct. 11, 2025, 11:14 a.m. UTC
From: Marco Baffo <marco@mandelbit.com> Adds a check in do_init_route_ipv6_list() to add default routes toward the TUN only if the TUN has IPv6 addresses. Github: fixes OpenVPN/openvpn#850 github.com/OpenVPN/openvpn/issues/850 Change-Id: Ib3458a9ed2eb38e00184c4a92659b83b97fe476c Signed-off-by: mrbff <marco@mandelbit.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1210 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1210 This mail reflects revision 4 of this Change. Signed-off-by line for the author was added as per our policy. Acked-by according to Gerrit (reflected above): Gert Doering <gert@greenie.muc.de>
Comments
So, this is still fixing an edge case when reconnecting and having
stale data around - a better fix, I think, would be to properly extend
pre-connect save/restore to the RG flags (and remove this check again)
- but for now, it does the job. I have added a reference to the
new GH issue (863) for the subsequent cleanup.
Not tested beyond "BB confirms it's not breaking platforms" and a bit
of stare-at-code.
Your patch has been applied to the master branch.
commit 1b423f508e7ebf70e711c90bc9cf2e57c1f197f0
Author: Marco Baffo
Date: Sat Oct 11 13:14:11 2025 +0200
redirect-gateway: only redirect traffic through TUN if address families match
Signed-off-by: mrbff <marco@mandelbit.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1210
Message-Id: <20251011111417.11802-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59245295/
Signed-off-by: Gert Doering <gert@greenie.muc.de>
--
kind regards,
Gert Doering
diff --git a/src/openvpn/init.c b/src/openvpn/init.c index f8a0fee..aaa0573 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1523,7 +1523,7 @@ /* redirect (IPv6) gateway to VPN? if yes, add a few more specifics */ - if (options->routes_ipv6->flags & RG_REROUTE_GW) + if (options->routes_ipv6->flags & RG_REROUTE_GW && options->ifconfig_ipv6_local) { char *opt_list[] = { "::/3", "2000::/4", "3000::/4", "fc00::/7", NULL }; int i;