redirect-gateway does not work

Bug #445695 reported by Šarūnas Burdulis on 2009-10-07
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openvpn (Ubuntu)
Medium
Thierry Carrez
Karmic
Medium
Thierry Carrez

Bug Description

Binary package hint: openvpn

With 'redirect-gateway' option (either pushed from the server or in local config) openvpn does not execute 'route del/add...' to change the default route. Server and client configuration files attached. Below is a comparison of client log files (grep for 'route').

Ubuntu 9.04, openvpn 2.1~11-1ubuntu3 (redirect-gateway works):
...
Wed Oct 7 10:46:58 2009 us=793182 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,dhcp-option DOMAIN nnn.nnn,dhcp-option DNS nnn.nnn.nnn.nnn ,dhcp-option DNS nnn.nnn.nnn.nnn ,route 10.7.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.7.0.10 10.7.0.9'
Wed Oct 7 10:46:58 2009 us=793461 OPTIONS IMPORT: route options modified
Wed Oct 7 10:46:58 2009 us=849128 /sbin/route add -net nnn.nnn.nnn.nnn netmask 255.255.255.255 gw 10.35.0.1
Wed Oct 7 10:46:58 2009 us=864304 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
Wed Oct 7 10:46:58 2009 us=866014 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.7.0.9
Wed Oct 7 10:46:58 2009 us=868045 WARNING: potential route subnet conflict between local LAN [10.7.0.0/255.255.255.0] and remote VPN [10.7.0.1/255.255.255.255]
Wed Oct 7 10:46:58 2009 us=868099 /sbin/route add -net 10.7.0.1 netmask 255.255.255.255 gw 10.7.0.9

Ubuntu 9.10b, openvpn 2.1~19-1ubuntu1:
...
Wed Oct 7 10:11:50 2009 us=470452 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,dhcp-option DOMAIN nnn.nnn,dhcp-option DNS nnn.nnn.nnn.nnn,dhcp-option DNS nnn.nnn.nnn.nnn,route 10.7.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.7.0.10 10.7.0.9'
Wed Oct 7 10:11:50 2009 us=474648 OPTIONS IMPORT: route options modified
Wed Oct 7 10:11:50 2009 us=599437 /sbin/route add -net nnn.nnn.nnn.nnn netmask 255.255.255.255 gw 10.0.2.2
Wed Oct 7 10:11:50 2009 us=631302 /sbin/route add -net 10.7.0.1 netmask 255.255.255.255 gw 10.7.0.9

ProblemType: Bug
Architecture: i386
Date: Wed Oct 7 13:33:36 2009
DistroRelease: Ubuntu 9.10
Package: openvpn 2.1~rc19-1ubuntu1
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-12.40-generic
SourcePackage: openvpn
Uname: Linux 2.6.31-12-generic i686
XsessionErrors:
 (gnome-settings-daemon:1323): GLib-CRITICAL **: g_propagate_error: assertion `src != NULL' failed
 (nautilus:1376): Eel-CRITICAL **: eel_preferences_get_boolean: assertion `preferences_is_initialized ()' failed
 (polkit-gnome-authentication-agent-1:1420): GLib-CRITICAL **: g_once_init_leave: assertion `initialization_value != 0' failed

Related branches

Šarūnas Burdulis (sarunas) wrote :
Šarūnas Burdulis (sarunas) wrote :
Šarūnas Burdulis (sarunas) wrote :
Chuck Short (zulcss) wrote :

Hi,

Can you re-create the bug with a level 9 verbosity for openvpn and please attach both logs? Also can you describe how the steps you took to create the setup as well.

Thanks
chuck

Changed in openvpn (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
Šarūnas Burdulis (sarunas) wrote :
Šarūnas Burdulis (sarunas) wrote :
Šarūnas Burdulis (sarunas) wrote :

OpenVPN installed from standard repositories (server --- Debian stable amd64, client --- Ubuntu Karmic i386 beta). VPN private network is chosen to be 10.7.0.0/24. Conf files created according to our needs, but are pretty standard, IMO, except for MSS fix maybe. This particular test was run from Karmic beta virtual machine (host is Jaunty amd64 VBox 3.0.8; same local network as server; guest networking using private 10.0.2.* and NAT). Not sure what else as steps to create setup. Please let me know if you need anything in particular.

Looking at the route.c I can see that there was quite some reshuffling in if/else logic for route add/del comparing 2.1~rc11 (jaunty) and 2.1~rc19 (karmic beta).

Thierry Carrez (ttx) wrote :

From upstream changelog:

2009.10.01 -- Version 2.1_rc20

* Fixed a bug introduced in 2.1_rc17 (svn r4436) where using the
  redirect-gateway option by itself, without any extra parameters,
  would cause the option to be ignored.

Changed in openvpn (Ubuntu):
status: Incomplete → Triaged
tags: added: regression-potential
Thierry Carrez (ttx) on 2009-10-12
Changed in openvpn (Ubuntu Karmic):
assignee: nobody → Thierry Carrez (ttx)
Thierry Carrez (ttx) on 2009-10-13
Changed in openvpn (Ubuntu Karmic):
importance: Low → Medium
status: Triaged → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openvpn - 2.1~rc19-1ubuntu2

---------------
openvpn (2.1~rc19-1ubuntu2) karmic; urgency=low

  * debian/patches/redirect-gateway.patch: Fix regression introduced in
    2.1rc17 that makes redirect-gateway (without options) to be ignored.
    Patch cherrypicked from upstream 2.1rc20 (SVN r5011), LP: #445695

 -- Thierry Carrez <email address hidden> Tue, 13 Oct 2009 09:31:20 +0200

Changed in openvpn (Ubuntu Karmic):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers