git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Lev Stipakov <lev@openvpn.net>
	Sat, 11 Oct 2025 11:44:42 +0000 (13:44 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Sat, 11 Oct 2025 11:58:21 +0000 (13:58 +0200)
commit	cf2d18de8b9d75a235dba8e84674361cf64b1489
tree	7a728c93eb4ebbd6b11dea4e88c674dda28e7b3b	tree \| snapshot
parent	0f9ad850d4202f0efe42976b00156226df7dfa17	commit \| diff

Make recursive routing check more fine-grained

The existing recursive routing check drops TUN packets
if their address matches the remote. While this works in
most cases, a more fine-grained check is preferable for
complex routing rules.

Since we only need to drop traffic originating from OpenVPN,
all of the following values must match between the packet
and the link:

- IP protocol
- Transport protocol (TCP/UDP)
- Destination address
- Destination port

GitHub: #699

Change-Id: I6841e2f2a85275254a04e2d8ae3defe4420db8f6
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/903
Message-Id: <20251011114448.14501-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59245301/
Signed-off-by: Gert Doering <gert@greenie.muc.de>