| Message ID | 20181205210734.62565-1-gert@greenie.muc.de |
|---|---|
| State | Superseded |
| Delegated to: | Antonio Quartulli |
| Headers | show |
| Series | [Openvpn-devel] Stop complaining about IPv6 routes without gateway address. | expand |
Hi, On Wed, Dec 05, 2018 at 10:07:34PM +0100, Gert Doering wrote: > The IPv6 routing code inherited assumptions and the message > > "OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 > option and no default was specified by either --route-ipv6-gateway or > --ifconfig-ipv6 options" > > from the IPv4 routing code. > > This was never really correct, as no gateway is needed for "into tun > device" IPv6 routes, and the "--route-ipv6-gateway" option it refers > to also never existed. (Routes on tap interfaces *do* need a gateway > due to neighbour discovery being involved. As do routes on Windows, > but there we fake the gateway in tun mode anyway). Mmmh, ditch this patch. I've forgotten the patch from James Bekkema (which was sent in a weird format so patchwork did not recognize it as such). Both patches are compatible, but my new message does not take this into account v2 coming tomorrow. gert
diff --git a/src/openvpn/route.c b/src/openvpn/route.c index d97e8dba..cf51063b 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -448,11 +448,6 @@ init_route_ipv6(struct route_ipv6 *r6, { r6->gateway = rl6->remote_endpoint_ipv6; } - else - { - msg(M_WARN, PACKAGE_NAME " ROUTE6: " PACKAGE_NAME " needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options"); - goto fail; - } /* metric */ @@ -1917,6 +1912,16 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag gateway_needed = true; } + if (gateway_needed && IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) ) + { + msg(M_WARN, "ROUTE6 WARNING: " PACKAGE_NAME " needs a gateway " + "parameter for a --route-ipv6 option and no default was set via " + "--ifconfig-ipv6 option. Not installing IPv6 route to %s/%d.", + network, r6->netbits ); + status = false; + goto done; + } + #if defined(TARGET_LINUX) #ifdef ENABLE_IPROUTE argv_printf(&argv, "%s -6 route add %s/%d dev %s", @@ -2114,6 +2119,7 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag msg(M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on this operating system. Try putting your routes in a --route-up script"); #endif /* if defined(TARGET_LINUX) */ +done: if (status) { r6->flags |= RT_ADDED;
The IPv6 routing code inherited assumptions and the message "OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options" from the IPv4 routing code. This was never really correct, as no gateway is needed for "into tun device" IPv6 routes, and the "--route-ipv6-gateway" option it refers to also never existed. (Routes on tap interfaces *do* need a gateway due to neighbour discovery being involved. As do routes on Windows, but there we fake the gateway in tun mode anyway). Change the code to generally accept IPv6 routes with no gateway specification (so "--block-ipv6 --redirect-gateway ipv6" can work without additional config). When installing IPv6 routes, check if a gateway is needed (tap mode) but missing, and if yes, print correct message. Trac: #1143 Signed-off-by: Gert Doering <gert@greenie.muc.de> --- src/openvpn/route.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-)