From patchwork Wed Nov 19 11:40:35 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4614 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7001:3515:b0:7b1:439f:bdf with SMTP id ss21csp72626mab; Wed, 19 Nov 2025 03:40:56 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWHtH1g8jMsPogcX1lDiCR1U550g6U9Khv/DkBmZAvgIc9sXNRZ7+l2tDSryVOzQ4dCj2AlJDLzuR4=@openvpn.net X-Google-Smtp-Source: AGHT+IFf5nCJcnyVnjFnslqUFc/F1vWEhrHsfJCK3nqww/QVRS7fF/wrrJ+EQoJVuxpnZYBlqcgr X-Received: by 2002:a05:6870:f202:b0:3d1:ae96:e734 with SMTP id 586e51a60fabf-3e868f52565mr8185218fac.19.1763552456183; Wed, 19 Nov 2025 03:40:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1763552456; cv=none; d=google.com; s=arc-20240605; b=Jm0cczFGMWR/R9z3ha5CaA9KYfo8DZPfxWJljBlVxcJQfC3kLJxFvZjQdN6f2N7ey5 ssuM+74PVVsnYyL5p3rWutcvnahd+5GMzLyDphXFZR/HgKsOWUneCb6Vc/VOJEULfj5O ic+4fYQhVqhVTwCcgYgrXWtj9Jce0B/taWvRhglf4UTR+WBoWOP2eLrYkrDbhoviKwRy wuuUNbAxL69dLAJpCZHtbrluoxhPH2WVf8Ik8trHIclkyRVLxuvfKecLw0IqCiV3mD6m paAjsom5m91oSrkb1JDMNo0OomSrNHjyzOUGT3xIjYDiSLN54eum8VLvrJ3cjesWih1p m63w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=hfJYWtatiFKDk4EGuCiC2fX9CisvKhYfeAFEJD3Rm5M=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=ffR0ZWzzP3hlhzL+diQ2nPYSoxNYkCepJUqr/hH1EBpXG9IQmaLqq6vBJOtiZFdZe3 CyA3sjaTp5sTaZ1dTiVsg09Ya/YijpHlt0RzwPUfPFp83c/6EpjeSVByi8IyK+G2yZjv kdBq125LaJujJFMl9gAc6d46HWNZO1E3wrA63KnTiMsHvg49n3Om3px4L6eaYFbQ0uBQ zM064QZhLuaj8Lu3G2MkJWOvVxPBIIA7UMyw4WHX0Otu3sjVYmUg3Qp1mQoHFzTqiLI/ KNp8nZzAif/tlbKfQzue2LP6uN3ekhjvurarzpt9REzkti9M2GPTw4yrmv2uTHaS+gC6 iZLQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="PI1/RrXV"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=jUqvLW1K; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="fX/PDiEI"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-3ec7d1086b1si896657fac.16.2025.11.19.03.40.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Nov 2025 03:40:55 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="PI1/RrXV"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=jUqvLW1K; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="fX/PDiEI"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=hfJYWtatiFKDk4EGuCiC2fX9CisvKhYfeAFEJD3Rm5M=; b=PI1/RrXVf6eFeFrInktrp5CQIJ H1uVcAv0PkfSUmS/Mu+7ru3dQLVmIp0D2qnNG9Vc5F979Gsfvrs7ORHAIdC7d5hyf5IxcTilQ0M5t yHkv9+rU/p+0iby9OPUsuIbRu1GToazDpzKpDwMCzFzZD+Yc5Inq7VLUCC2occ/jAkCI=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vLgYO-0007jI-5C; Wed, 19 Nov 2025 11:40:53 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vLgYL-0007j0-RL for openvpn-devel@lists.sourceforge.net; Wed, 19 Nov 2025 11:40:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=INche4I0pMzgnlG5SrICeWMBvshBQey7jII4JMTCB2I=; b=jUqvLW1KauMhCUnFMabTTvHUnz 3mOtvzkz2ax+jZ+GbOdBAtJ9405CM7dyT4AcdPW8Axzi2T01wiovv3LoBVszk50TSgJq56D5m3+iM V3f0bffJ6NFEEJylMkqRWd05zPvDoUwOn5YJMzgWwPjgjvP4YUd07rhu0pKUUaErgxyc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=INche4I0pMzgnlG5SrICeWMBvshBQey7jII4JMTCB2I=; b=fX/PDiEI2mQmr9ZVFraasSFpjE wT+T2Yglli4B5tL7plqWHuxFt+csyE0olrROE6q/QdVJp1rOQTQ9CWprjWTVHs3bXFTydFQG+vq9N G8d8uUo1mYuESiby7Xh3wXlnvRRKUsXBsCcdGVcoQ4zC7lfNgD0Wu3smCqi/4k4wndkQ=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vLgYK-0000bz-Q0 for openvpn-devel@lists.sourceforge.net; Wed, 19 Nov 2025 11:40:49 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5AJBegZ3017684 for ; Wed, 19 Nov 2025 12:40:42 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5AJBef0Z017683 for openvpn-devel@lists.sourceforge.net; Wed, 19 Nov 2025 12:40:41 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 19 Nov 2025 12:40:35 +0100 Message-ID: <20251119114041.17665-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Marco Baffo Right now there is the assumption that the gateway used for net_gateway is the same used to reach the VPN server. However, these two gateways may be different (i.e. when there is a specific hostroute [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vLgYK-0000bz-Q0 Subject: [Openvpn-devel] [PATCH v4] route: handle default gateway (net_gateway) and nexthop towards VPN server separately X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1849218780252904203?= X-GMAIL-MSGID: =?utf-8?q?1849218780252904203?= From: Marco Baffo Right now there is the assumption that the gateway used for net_gateway is the same used to reach the VPN server. However, these two gateways may be different (i.e. when there is a specific hostroute for the VPN server using a different nexthop). For this reason we must adapt init_route_list() to fetch the two gateways separately. Github: fixes OpenVPN/openvpn#890 Change-Id: I16d90221d0a75193035253817ff195f6da9dc0b3 Signed-off-by: Marco Baffo Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1222 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1222 This mail reflects revision 4 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 7d988da..770300a 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -257,9 +257,9 @@ { if (rl) { - if (rl->rgi.flags & RGI_ADDR_DEFINED) + if (rl->ngi.flags & RGI_ADDR_DEFINED) { - *out = rl->rgi.gateway.addr; + *out = rl->ngi.gateway.addr; } else { @@ -624,10 +624,10 @@ rl->spec.flags |= RTSA_DEFAULT_METRIC; } - get_default_gateway(&rl->rgi, remote_host != IPV4_INVALID_ADDR ? remote_host : INADDR_ANY, ctx); - if (rl->rgi.flags & RGI_ADDR_DEFINED) + get_default_gateway(&rl->ngi, INADDR_ANY, ctx); + if (rl->ngi.flags & RGI_ADDR_DEFINED) { - setenv_route_addr(es, "net_gateway", rl->rgi.gateway.addr, -1); + setenv_route_addr(es, "net_gateway", rl->ngi.gateway.addr, -1); #if defined(ENABLE_DEBUG) && !defined(ENABLE_SMALL) print_default_gateway(D_ROUTE, &rl->rgi, NULL); #endif @@ -637,6 +637,8 @@ dmsg(D_ROUTE, "ROUTE: default_gateway=UNDEF"); } + get_default_gateway(&rl->rgi, remote_host != IPV4_INVALID_ADDR ? remote_host : INADDR_ANY, ctx); + if (rl->spec.flags & RTSA_REMOTE_HOST) { rl->spec.remote_host_local = test_local_addr(remote_host, &rl->rgi); @@ -773,10 +775,10 @@ msg(D_ROUTE, "GDG6: remote_host_ipv6=%s", remote_host_ipv6 ? print_in6_addr(*remote_host_ipv6, 0, &gc) : "n/a"); - get_default_gateway_ipv6(&rl6->rgi6, remote_host_ipv6, ctx); - if (rl6->rgi6.flags & RGI_ADDR_DEFINED) + get_default_gateway_ipv6(&rl6->ngi6, NULL, ctx); + if (rl6->ngi6.flags & RGI_ADDR_DEFINED) { - setenv_str(es, "net_gateway_ipv6", print_in6_addr(rl6->rgi6.gateway.addr_ipv6, 0, &gc)); + setenv_str(es, "net_gateway_ipv6", print_in6_addr(rl6->ngi6.gateway.addr_ipv6, 0, &gc)); #if defined(ENABLE_DEBUG) && !defined(ENABLE_SMALL) print_default_gateway(D_ROUTE, NULL, &rl6->rgi6); #endif @@ -786,6 +788,8 @@ dmsg(D_ROUTE, "ROUTE6: default_gateway=UNDEF"); } + get_default_gateway_ipv6(&rl6->rgi6, remote_host_ipv6, ctx); + if (is_route_parm_defined(remote_endpoint)) { if (inet_pton(AF_INET6, remote_endpoint, &rl6->remote_endpoint_ipv6) == 1) diff --git a/src/openvpn/route.h b/src/openvpn/route.h index 54fa137..3d19dbd 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -234,7 +234,8 @@ struct route_special_addr spec; struct route_gateway_info rgi; - unsigned int flags; /* RG_x flags */ + struct route_gateway_info ngi; /* net_gateway */ + unsigned int flags; /* RG_x flags */ struct route_ipv4 *routes; struct gc_arena gc; }; @@ -249,7 +250,8 @@ int default_metric; struct route_ipv6_gateway_info rgi6; - unsigned int flags; /* RG_x flags, see route_option_list */ + struct route_ipv6_gateway_info ngi6; /* net_gateway_ipv6 */ + unsigned int flags; /* RG_x flags, see route_option_list */ struct route_ipv6 *routes_ipv6; struct gc_arena gc; };