From patchwork Thu Oct 9 17:19:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4490 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:7d42:b0:72f:f16c:e055 with SMTP id fr2csp1800960mab; Thu, 9 Oct 2025 10:19:34 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWOYYucoU/1W0MjiiW7pcgiRi1ae4SOj/D13pvIuM12wUkWeDA64KG+grHsi2g09dS8b0lD3JNWBDE=@openvpn.net X-Google-Smtp-Source: AGHT+IEXoohVc1C4+iqQh8x+WFtejkmgv+XTwUxDCstfKktGjbO9DlVJ+NDN0GafqyAbDA0MeKnN X-Received: by 2002:a05:6870:a0a2:b0:340:e914:8e02 with SMTP id 586e51a60fabf-3c0f8db728emr4443922fac.36.1760030374602; Thu, 09 Oct 2025 10:19:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1760030374; cv=none; d=google.com; s=arc-20240605; b=ChqnCnrEih2o3o6CTkK3HlpJ4oe4D8i1xPFOewS0naDIkr3JY3sBx0pDnU5SfQEMsX kA29cUS3LT8vch1TcuJKoccM5kh5igYWrZTfXNCBhCMclvYPs2SvJ3cuKR5b2uPUDOWU edf/V3bJIoj86zYP0RnP4GHZmxG9vsEcyOzNKB0iIaltvGtEJqvCqTEPixZHuYaCIWtG 8iGp136S6MYsgyIVv9cj/Wl2+1AlZQ3nNDKUV2dmmqEUATHWJ52D516WISUdKGDel5SZ Af2w1tBcGnNDeyJ84Yvzu/wczF0feq6nyg53rM1MhqDNcdgED3yUtWW8osfnW05JYLwm 1eow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=v4LeT2RHIaWywkKpNsM7bpMCJiTfXk+LnQprXOBDtCc=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=GpxsGj/pKJquNL/Re64Z+hRrqDmN065HMwtGUElKmKbejl6wH556G77S8R4TW5TBqu xVpOaFJR1YWQ8a+JTPiHzFiyMtNXnTwunyfpR9GFmqONYI3iXPVVQQd1REGAT8lr3bp8 kDfLt9w+zBLksMA4dMgKbSJ0vf0CsZP0pdycRRwvSdruh0AjVpq80pgP2opznDQoqI4c k2x4v384pUHKUfXU5TAjJixwc/TMXSyzYRC39syf+voicybvg9bF9zQ6MdLeWCMKou52 DR0sha8GkyuD6c6IxXtLVy15CuH5a6xnweMW/3+TmD9Xo3EkLAXE4daZBPVdJZw8P4+z +jhQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=YtDGB48J; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=LMcfObfF; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=NUKoG2Id; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-3c8c90399c8si19045fac.267.2025.10.09.10.19.34 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 Oct 2025 10:19:34 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=YtDGB48J; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=LMcfObfF; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=NUKoG2Id; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=v4LeT2RHIaWywkKpNsM7bpMCJiTfXk+LnQprXOBDtCc=; b=YtDGB48JG2RVCQzJIOO9KLOgPF O/E6+a0p4S39nkZq9Z3Hp1G1DaIxSWtHQr1+6Ntn6Q3W+5BMIsCRtFuNw3NN8qqD447y6GBpYv7uq WZ7GNYIQiq3NhU2GVr4wm4QCINQtJldgfmBzJ4Dl8nBy+jC2mCLfOcosdKoTHe9iOcIU=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1v6uIe-0008Si-5q; Thu, 09 Oct 2025 17:19:32 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1v6uIc-0008SY-O3 for openvpn-devel@lists.sourceforge.net; Thu, 09 Oct 2025 17:19:30 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=RueGClp+8E98X9gPNNzLUK9CJJKHiMSUOzDX2Mm05dk=; b=LMcfObfFjGmfUkdPs47Rjbu65m HyWk4qwF6975Q6N5ltk0HAdvjvx8R6vKeAGG1mLgAxhF0kPphTvJFMe28QGrMpqeZXeQeC8aoXK4R rdi+dAdpwOF9vtaqWvYbv6ZIe5B4cB+lnDwnVrTKJf8hmrGyZ8yK2f4DLb4kjLoNAnpY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=RueGClp+8E98X9gPNNzLUK9CJJKHiMSUOzDX2Mm05dk=; b=NUKoG2IdpQMG7J280oWPm4cwOa 5UWy64ewyXX6doIrBut0RpamYbYHiwIrsCID+t0I/D+9auD4SvwOajKmb/nB8Sp6ItgOmPEqxAlON N0md3vOPoZN1NJQOGtiPa8k69QaEncBC5kx1hGsQK4iuaUCxL0ZqevcqSrbpqW4HHcHI=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1v6uIb-0008Ur-Hc for openvpn-devel@lists.sourceforge.net; Thu, 09 Oct 2025 17:19:30 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 599HJHrd012830 for ; Thu, 9 Oct 2025 19:19:17 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 599HJHDI012829 for openvpn-devel@lists.sourceforge.net; Thu, 9 Oct 2025 19:19:17 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 9 Oct 2025 19:19:11 +0200 Message-ID: <20251009171916.12811-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Lev Stipakov Turns out that ifconfig_(ipv6)_local options are set once and are not reset on a reconnect. Consider following scenario: Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1v6uIb-0008Ur-Hc Subject: [Openvpn-devel] [PATCH v2] Preserve ifconfig(_ipv6)_local across reconnect X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1845525609871238970?= X-GMAIL-MSGID: =?utf-8?q?1845525609871238970?= From: Lev Stipakov Turns out that ifconfig_(ipv6)_local options are set once and are not reset on a reconnect. Consider following scenario: - connect first time, server pushes ifconfig-ipv6 - add a ipv6 network route because ifconfig_ipv6_local is set - reconnect, server doesn't push ifconfig-ipv6 Because of ifconfig_ipv6_local is not reset and holds the value set by the first connect, client adds a ipv6 network route - but this is wrong, since ipv6 wasn't pushed this time by the server. Fix by saving/restoring ifconfig(_ipv6)_local in a struct options_pre_connect along with other options which preserves the initial values until --pull modifications are applied. Github: OpenVPN/openvpn#850 Change-Id: I9b099924286f9bccb6833e1e40606abe72714bbb Signed-off-by: Lev Stipakov Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1248 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1248 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): diff --git a/src/openvpn/options.c b/src/openvpn/options.c index f35738d..d1ce551 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3143,6 +3143,9 @@ o->pre_connect->client_nat_defined = true; } + o->pre_connect->ifconfig_local = o->ifconfig_local; + o->pre_connect->ifconfig_ipv6_local = o->ifconfig_ipv6_local; + o->pre_connect->route_default_gateway = o->route_default_gateway; o->pre_connect->route_ipv6_default_gateway = o->route_ipv6_default_gateway; @@ -3193,6 +3196,9 @@ o->routes_ipv6 = NULL; } + o->ifconfig_local = pp->ifconfig_local; + o->ifconfig_ipv6_local = pp->ifconfig_ipv6_local; + o->route_default_gateway = pp->route_default_gateway; o->route_ipv6_default_gateway = pp->route_ipv6_default_gateway; diff --git a/src/openvpn/options.h b/src/openvpn/options.h index b033068..445fd25 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -64,6 +64,9 @@ bool tuntap_options_defined; struct tuntap_options tuntap_options; + const char *ifconfig_local; + const char *ifconfig_ipv6_local; + bool routes_defined; struct route_option_list *routes;