From 3a3da8ddd3f395f9b2bc64f84cb549d99e7c6dbd Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Sun, 13 Jul 2014 14:28:47 +0200 Subject: [PATCH] Fix server routes not working in topology subnet with --server [v3] The IPv4 routing code needs an IPv4 address to point a route to, and in --topology subnet mode, the *server* did not have one set by default. So we now just default --route-gateway to the next address right after the server address - the specific address doesn't matter, as the correct next-hop will not be resolved by the host OS but by the OpenVPN daemon. All that is needed is "it's in the subnet routed to the tun interface". Using the server address itself would work on unix, but doesn't work with the Windows TAP driver (as it does not spoof ARP responses for itself). Signed-off-by: Arne Schwabe Signed-off-by: Gert Doering Acked-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <1405254527-23833-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/8904 (cherry picked from commit 4cc6a2595947a0e2f13b37637899bfc50f8509aa) --- doc/openvpn.8 | 5 ++++- src/openvpn/helper.c | 6 +++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 64247a480..39b128ff2 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -2660,7 +2660,7 @@ on sufficiently fast hardware. SSL/TLS authentication must be used in this mode. .\"********************************************************* .TP -.B \-\-server network netmask +.B \-\-server network netmask ['nopool'] A helper directive designed to simplify the configuration of OpenVPN's server mode. This directive will set up an OpenVPN server which will allocate addresses to clients @@ -2695,6 +2695,9 @@ expands as follows: if !nopool: ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0 push "route-gateway 10.8.0.1" + if route-gateway unset: + route-gateway 10.8.0.2 + .in -4 .ft .fi diff --git a/src/openvpn/helper.c b/src/openvpn/helper.c index d9eef03bf..0ed0b2ba1 100644 --- a/src/openvpn/helper.c +++ b/src/openvpn/helper.c @@ -232,6 +232,8 @@ helper_client_server (struct options *o) * if !nopool: * ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0 * push "route-gateway 10.8.0.1" + * if route-gateway unset: + * route-gateway 10.8.0.2 */ if (o->server_defined) @@ -311,8 +313,10 @@ helper_client_server (struct options *o) ifconfig_pool_verify_range (M_USAGE, o->ifconfig_pool_start, o->ifconfig_pool_end); } o->ifconfig_pool_netmask = o->server_netmask; - + push_option (o, print_opt_route_gateway (o->server_network + 1, &o->gc), M_USAGE); + if (!o->route_default_gateway) + o->route_default_gateway = print_in_addr_t (o->server_network + 2, 0, &o->gc); } else ASSERT (0); -- 2.47.2