Project

General

Profile

Bug #3968

Incorrect gateway is assumed when using tun + topology subnet

Added by Dmitriy K over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Category:
OpenVPN
Target version:
Start date:
10/30/2014
Due date:
10/30/2014
% Done:

100%

Estimated time:
0.10 h
Affected Version:
All
Affected Architecture:
All

Description

The script /usr/local/sbin/ovpn-linkup has en error where network mask is returned as a gateway when no gateway provided by the server:

if [ "${dev_type}" = "tun" ]; then
    if [ "" != "$route_vpn_gateway" ]; then
        /bin/echo $route_vpn_gateway > /tmp/$1_router
    else
        /bin/echo $5 > /tmp/$1_router
    fi
fi

See "ovpn log.txt" attachment. 5th argument passed to the script is a network mask. The script should use interface IP (the 4th argument) as it's gateway ... like in GRE tunnel configuration.

ifconfig_ovpnc1.txt Magnifier (375 Bytes) Dmitriy K, 10/30/2014 07:23 AM

ovpn log.txt Magnifier (634 Bytes) Dmitriy K, 10/30/2014 07:27 AM

Untitled.png (62 KB) Dmitriy K, 10/30/2014 01:10 PM

invalid_gw_4_tun_srv.png - Invalid IP for TUN server (40.8 KB) Dmitriy K, 11/25/2014 04:13 AM

Associated revisions

Revision 15fbb5ec
Added by Renato Botelho over 3 years ago

Fix ovpn-linkup for tun + topology subnet case setting router as ifconfig_local envvaar when route_vpn_gateway and ifconfig_remote are both not defined. Keep using 5th parameter as a seatbelt in last case. While I'm here, improve sh syntax. It should fix #3968

History

#1 Updated by Dmitriy K over 3 years ago

#2 Updated by Chris Buechler over 3 years ago

  • Status changed from New to Rejected

scratch that, can happen with topology subnet

#3 Updated by Dmitriy K over 3 years ago

I know that pfsense team wants to release 2.2 asap but its quality will suffer if fast decisions were taken place.

This bug is real and nothing will change the reality. The script works incorrectly for tun.

See attachment. Top part made with $5; Bottom with $4; ... conclusion is obvious ... network mask, heh ...

#4 Updated by Chris Buechler over 3 years ago

this is valid with topology subnet in newer versions

#5 Updated by Chris Buechler over 3 years ago

  • Status changed from Rejected to New
  • Assignee deleted (Dmitriy K)

#6 Updated by Dmitriy K over 3 years ago

Well, I won't argue. If you see no bug then there is no bug.

#7 Updated by Chris Buechler over 3 years ago

  • Subject changed from Incorrect gateway is assumed when ovpn server provides no gateway to Incorrect gateway is assumed when using tun + topology subnet
  • Status changed from New to Confirmed

I re-opened it after confirming that atypical circumstance. Your pull request is wrong though, it fixes a rare edge case, while breaking all the common circumstances.

#8 Updated by Renato Botelho over 3 years ago

  • Status changed from Confirmed to Assigned
  • Assignee set to Renato Botelho

#9 Updated by Renato Botelho over 3 years ago

  • Status changed from Assigned to Feedback
  • % Done changed from 0 to 100

#10 Updated by Dmitriy K over 3 years ago

Everything is ok except for tun server. Incorrect IP is assumed: 5.45.32.2 is not exists and never existed.

--

1. Why would server-side need a gateway at all? I don't understand such configuration.

2. Why I have lots of dynamic gateways for interfaces without an IP address assigned? It's impossible to edit such entry or add a static route on such gw entry. I can't apprehend such "feature" either.

#11 Updated by Jim Thompson over 3 years ago

Just kicking this so maybe we can get it resolved.

#12 Updated by Chris Buechler over 3 years ago

  • Status changed from Feedback to Resolved

all the circumstances that work in 2.1.x confirmed good

Also available in: Atom PDF