From: Selva Nair <selva.nair@gmail.com>
Date: Wed, 30 Nov 2016 00:39:32 +0000 (-0500)
Subject: Force 'def1' method when --redirect-gateway is done through service
X-Git-Tag: v2.4_rc1~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=788e5e4a08e0df7206d17e9cbc135764d6fc385f;p=thirdparty%2Fopenvpn.git

Force 'def1' method when --redirect-gateway is done through service

The service deletes all added routes when the client process (openvpn)
exits, causing the re-instated default route to disappear.
Fix by rewriting "--redirect-gateway" to "--redirect-gateway def1" when
routes are set using interactive service.

Only the behaviour on Windows with intereactive service is affected.

Trac: #778

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1480466372-2396-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13307.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/Changes.rst b/Changes.rst
index aa80c1035..1343034e1 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -79,6 +79,12 @@ New interactive Windows service
     files under %USERPROFILE%\\OpenVPN\\config for use with the
     interactive service.
 
+redirect-gateway
+    if no flags are given, and the interactive service is used, "def1"
+    is implicitly set (because "delete and later reinstall the existing
+    default route" does not work well here).  If not using the service,
+    the old behaviour is kept.
+
 redirect-gateway ipv6
     OpenVPN has now feature parity between IPv4 and IPv6 for redirect
     gateway including the handling of overlapping IPv6 routes with
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index eac802327..038fcd382 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2526,6 +2526,22 @@ options_postprocess_mutate_ce (struct options *o, struct connection_entry *ce)
 
 }
 
+#ifdef _WIN32
+/* If iservice is in use, we need def1 method for redirect-gateway */
+static void
+remap_redirect_gateway_flags (struct options *opt)
+{
+  if (opt->routes
+      && opt->route_method == ROUTE_METHOD_SERVICE
+      && opt->routes->flags & RG_REROUTE_GW
+      && !(opt->routes->flags & RG_DEF1))
+    {
+      msg (M_INFO, "Flag 'def1' added to --redirect-gateway (iservice is in use)");
+      opt->routes->flags |= RG_DEF1;
+    }
+}
+#endif
+
 static void
 options_postprocess_mutate_invariant (struct options *options)
 {
@@ -2555,6 +2571,8 @@ options_postprocess_mutate_invariant (struct options *options)
       options->tuntap_options.ip_win32_type = IPW32_SET_MANUAL;
       options->ifconfig_noexec = false;
     }
+
+  remap_redirect_gateway_flags (options);
 #endif
 
 #if P2MP_SERVER
@@ -5707,6 +5725,10 @@ add_option (struct options *options,
 	      goto err;
 	    }
 	}
+#ifdef _WIN32
+      /* we need this here to handle pushed --redirect-gateway */
+      remap_redirect_gateway_flags (options);
+#endif
       options->routes->flags |= RG_ENABLE;
     }
   else if (streq (p[0], "remote-random-hostname") && !p[1])