From cbcfb9ab3ea90e1d09e5783bdb3bbd18ac0328d1 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Mon, 6 Oct 2025 16:58:37 +0200 Subject: [PATCH] Allowing installing FreeBSD routes with interface instead of next-hop This matches the Linux behaviour of the net_route add/delete commands Change-Id: I88e16e15fad065cb310d38f09924053efc3a6ce5 Signed-off-by: Arne Schwabe Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1193 Message-Id: <20251006145844.27794-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59242876/ Signed-off-by: Gert Doering --- src/openvpn/networking_freebsd.c | 51 +++++++++++++++++++++++++------- 1 file changed, 40 insertions(+), 11 deletions(-) diff --git a/src/openvpn/networking_freebsd.c b/src/openvpn/networking_freebsd.c index b47444cc7..04051a6ee 100644 --- a/src/openvpn/networking_freebsd.c +++ b/src/openvpn/networking_freebsd.c @@ -15,17 +15,31 @@ net_route_v4(const char *op, const in_addr_t *dst, int prefixlen, const in_addr_ char buf1[INET_ADDRSTRLEN], buf2[INET_ADDRSTRLEN]; in_addr_t _dst, _gw; struct argv argv = argv_new(); - bool status; + + ASSERT(gw || iface); _dst = ntohl(*dst); - _gw = ntohl(*gw); - argv_printf(&argv, "%s %s -net %s/%d %s -fib %d", ROUTE_PATH, op, - inet_ntop(AF_INET, &_dst, buf1, sizeof(buf1)), prefixlen, - inet_ntop(AF_INET, &_gw, buf2, sizeof(buf2)), table); + /* if we have a gateway (GW != NULL) install route to gateway IP + * if not, install "connected" route to interface + * (needed to make 'ifconfig-push IPs outside server subnet' work) + */ + if (gw) + { + _gw = ntohl(*gw); + argv_printf(&argv, "%s %s -net %s/%d %s -fib %d", ROUTE_PATH, op, + inet_ntop(AF_INET, &_dst, buf1, sizeof(buf1)), prefixlen, + inet_ntop(AF_INET, &_gw, buf2, sizeof(buf2)), table); + } + else + { + argv_printf(&argv, "%s %s -net %s/%d -iface %s -fib %d", ROUTE_PATH, op, + inet_ntop(AF_INET, &_dst, buf1, sizeof(buf1)), prefixlen, + iface, table); + } argv_msg(M_INFO, &argv); - status = openvpn_execve_check(&argv, NULL, 0, "ERROR: FreeBSD route command failed"); + bool status = openvpn_execve_check(&argv, NULL, 0, "ERROR: FreeBSD route command failed"); argv_free(&argv); @@ -38,14 +52,29 @@ net_route_v6(const char *op, const struct in6_addr *dst, int prefixlen, const st { char buf1[INET6_ADDRSTRLEN], buf2[INET6_ADDRSTRLEN]; struct argv argv = argv_new(); - bool status; - argv_printf(&argv, "%s -6 %s -net %s/%d %s -fib %d", ROUTE_PATH, op, - inet_ntop(AF_INET6, dst, buf1, sizeof(buf1)), prefixlen, - inet_ntop(AF_INET6, gw, buf2, sizeof(buf2)), table); + ASSERT(gw || iface); + + /* if we have a gateway (GW != NULL) install route to gateway IP + * if not, install "connected" route to interface + * (needed to make 'ifconfig-push IPs outside server subnet' work) + */ + if (gw) + { + argv_printf(&argv, "%s -6 %s -net %s/%d %s -fib %d", ROUTE_PATH, op, + inet_ntop(AF_INET6, dst, buf1, sizeof(buf1)), prefixlen, + inet_ntop(AF_INET6, gw, buf2, sizeof(buf2)), table); + } + else + { + argv_printf(&argv, "%s -6 %s -net %s/%d -iface %s -fib %d", ROUTE_PATH, op, + inet_ntop(AF_INET6, dst, buf1, sizeof(buf1)), prefixlen, + iface, table); + } + argv_msg(M_INFO, &argv); - status = openvpn_execve_check(&argv, NULL, 0, "ERROR: FreeBSD route command failed"); + bool status = openvpn_execve_check(&argv, NULL, 0, "ERROR: FreeBSD route command failed"); argv_free(&argv); -- 2.47.3