From: Gert Doering Date: Tue, 26 Aug 2025 18:40:38 +0000 (+0200) Subject: Introduce env variables to communicate desired gateway redirection to NM. X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;p=thirdparty%2Fopenvpn.git Introduce env variables to communicate desired gateway redirection to NM. When run under Network Manager control, OpenVPN is not allowed to control routing. Instead, NM uses the OpenVPN-set environment variables ("route_network_1" etc) to set up routes as requested. This method never worked properly for "redirect-gateway", as the information was not made available in environment variables. Introduce new env vars: route_redirect_gateway_ipv4 route_redirect_gateway_ipv6 to communicate desired state: = no gateway redirection desired 1 = "redirect-gateway for that protocol in question" 2 = "include block-local to redirect the local LAN as well" We intentionally do not expose all the IPv4 flags ("local", "def1", ...) as this is really internal OpenVPN historical cruft. Change-Id: I1e623b4a836f7216750867243299c7e4d0bd32d0 Signed-off-by: Gert Doering Acked-by: Arne Schwabe Message-Id: <20250826184046.21434-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32686.html Signed-off-by: Gert Doering --- diff --git a/doc/man-sections/script-options.rst b/doc/man-sections/script-options.rst index bd5ecd482..670cd33a6 100644 --- a/doc/man-sections/script-options.rst +++ b/doc/man-sections/script-options.rst @@ -874,6 +874,14 @@ instances. translations will be recorded rather than their names as denoted on the command line or configuration file. +:code:`route_redirect_gateway_ipv4` + +:code:`route_redirect_gateway_ipv6` + Set to `1` if the corresponding default gateway should be redirected + into the tunnel, and to `2` if also the local LAN segment should be + blocked (`block-local`). Not set otherwise. Set prior to **--up** script + execution. + :code:`script_context` Set to "init" or "restart" prior to up/down script execution. For more information, see documentation for ``--up``. diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 0b16c5a3f..648d526fe 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -5720,6 +5720,8 @@ remove_option(struct context *c, struct options *options, char *p[], bool is_inl { options->routes_ipv6->flags = 0; } + env_set_del(es, "route_redirect_gateway_ipv4"); + env_set_del(es, "route_redirect_gateway_ipv6"); } else if (streq(p[0], "dns") && !p[1]) { @@ -6039,6 +6041,8 @@ update_option(struct context *c, struct options *options, char *p[], bool is_inl { options->routes_ipv6->flags = 0; } + env_set_del(es, "route_redirect_gateway_ipv4"); + env_set_del(es, "route_redirect_gateway_ipv6"); *update_options_found |= OPT_P_U_REDIR_GATEWAY; } } @@ -7661,6 +7665,16 @@ add_option(struct options *options, char *p[], bool is_inline, const char *file, goto err; } } + if (options->routes->flags & RG_REROUTE_GW) + { + setenv_int(es, "route_redirect_gateway_ipv4", + options->routes->flags & RG_BLOCK_LOCAL ? 2 : 1); + } + if (options->routes_ipv6 && (options->routes_ipv6->flags & RG_REROUTE_GW)) + { + setenv_int(es, "route_redirect_gateway_ipv6", + options->routes->flags & RG_BLOCK_LOCAL ? 2 : 1); + } #ifdef _WIN32 /* we need this here to handle pushed --redirect-gateway */ remap_redirect_gateway_flags(options);