@@ -1218,7 +1218,6 @@
for (r = rl->routes; r; r = r->next)
{
- check_subnet_conflict(r->network, r->netmask, "route");
if (flags & ROUTE_DELETE_FIRST)
{
delete_route(r, tt, flags, &rl->rgi, es, ctx);
@@ -626,44 +626,6 @@
gc_free(&gc);
}
-/*
- * Issue a warning if ip/netmask (on the virtual IP network) conflicts with
- * the settings on the local LAN. This is designed to flag issues where
- * (for example) the OpenVPN server LAN is running on 192.168.1.x, but then
- * an OpenVPN client tries to connect from a public location that is also running
- * off of a router set to 192.168.1.x.
- */
-void
-check_subnet_conflict(const in_addr_t ip,
- const in_addr_t netmask,
- const char *prefix)
-{
-#if 0 /* too many false positives */
- struct gc_arena gc = gc_new();
- in_addr_t lan_gw = 0;
- in_addr_t lan_netmask = 0;
-
- if (get_default_gateway(&lan_gw, &lan_netmask) && lan_netmask)
- {
- const in_addr_t lan_network = lan_gw & lan_netmask;
- const in_addr_t network = ip & netmask;
-
- /* do the two subnets defined by network/netmask and lan_network/lan_netmask intersect? */
- if ((network & lan_netmask) == lan_network
- || (lan_network & netmask) == network)
- {
- msg(M_WARN, "WARNING: potential %s subnet conflict between local LAN [%s/%s] and remote VPN [%s/%s]",
- prefix,
- print_in_addr_t(lan_network, 0, &gc),
- print_in_addr_t(lan_netmask, 0, &gc),
- print_in_addr_t(network, 0, &gc),
- print_in_addr_t(netmask, 0, &gc));
- }
- }
- gc_free(&gc);
-#endif /* if 0 */
-}
-
void
warn_on_use_of_common_subnets(openvpn_net_ctx_t *ctx)
{
@@ -922,15 +884,6 @@
tt->remote_netmask);
}
}
-
- if (!tun_p2p)
- {
- check_subnet_conflict(tt->local, tt->remote_netmask, "TUN/TAP adapter");
- }
- else
- {
- check_subnet_conflict(tt->local, IPV4_NETMASK_HOST, "TUN/TAP adapter");
- }
}
#ifdef _WIN32
@@ -355,10 +355,6 @@
bool is_tun_p2p(const struct tuntap *tt);
-void check_subnet_conflict(const in_addr_t ip,
- const in_addr_t netmask,
- const char *prefix);
-
void warn_on_use_of_common_subnets(openvpn_net_ctx_t *ctx);
/**
Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/863?usp=email to review the following change. Change subject: Remove unused function check_subnet_conflict ...................................................................... Remove unused function check_subnet_conflict This has been #if 0 for over a decade. Let's just remove this. Change-Id: If570253e57371e4126b0e8aa4c349e2051cb8b00 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> --- M src/openvpn/route.c M src/openvpn/tun.c M src/openvpn/tun.h 3 files changed, 0 insertions(+), 52 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/63/863/1