From: Antonio Quartulli Date: Mon, 8 Jun 2020 15:32:39 +0000 (+0200) Subject: options: enable IPv4 redirection logic only if really required X-Git-Tag: v2.5_beta1~126 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=070319c13524125d8325a0df15fe795cc2a4bcf2;p=thirdparty%2Fopenvpn.git options: enable IPv4 redirection logic only if really required If no IPv4 redirection flag is set, do not enable the IPv4 redirection logic at all so that it won't bother adding any useless IPv4 route. Trac: #208 Signed-off-by: Antonio Quartulli Acked-by: Gert Doering Message-Id: <20200608153239.2260-1-a@unstable.cc> URL: https://www.mail-archive.com/search?l=mid&q=20200608153239.2260-1-a@unstable.cc Signed-off-by: Gert Doering --- diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 7556e7ee3..018f6f18c 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -6542,6 +6542,18 @@ add_option(struct options *options, int j; VERIFY_PERMISSION(OPT_P_ROUTE); rol_check_alloc(options); + + if (options->routes->flags & RG_ENABLE) + { + msg(M_WARN, + "WARNING: You have specified redirect-gateway and " + "redirect-private at the same time (or the same option " + "multiple times). This is not well supported and may lead to " + "unexpected results"); + } + + options->routes->flags |= RG_ENABLE; + if (streq(p[0], "redirect-gateway")) { options->routes->flags |= RG_REROUTE_GW; @@ -6579,7 +6591,7 @@ add_option(struct options *options, } else if (streq(p[j], "!ipv4")) { - options->routes->flags &= ~RG_REROUTE_GW; + options->routes->flags &= ~(RG_REROUTE_GW | RG_ENABLE); } else { @@ -6591,7 +6603,6 @@ add_option(struct options *options, /* we need this here to handle pushed --redirect-gateway */ remap_redirect_gateway_flags(options); #endif - options->routes->flags |= RG_ENABLE; } else if (streq(p[0], "block-ipv6") && !p[1]) {