fix redirect-gateway behaviour when an IPv4 default route does not exist

When no IPv4 default route exists, the "redirect-gateway" routine aborts even if the sub-option "local" was specified or if we are connecting to the remote host using IPv6. This is not expected because in either case OpenVPN should not bother checking the existence of the default route as it is not required at all. Therefore, skip the IPv4 default route check when "local" is specified or we are connecting to an IPv6 remote host. (This is a cherry-pick of 14670a9d654b (master), adapted to 2.3 code) Signed-off-by: Antonio Quartulli <a@unstable.cc> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20170509152422.12606-1-a@unstable.cc> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14602.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
2025-05-09 05:31:05 +08:00 · 2017-05-09 23:24:22 +08:00 · 2017-05-09 23:24:22 +08:00 · 0b339bf958
commit 0b339bf958
parent 04c84548c2
1 changed files with 32 additions and 18 deletions
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@ -840,11 +840,18 @@ redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, u

  if ( rl && rl->flags & RG_ENABLE )
    {
+      bool local = BOOL_CAST(rl->flags & RG_LOCAL);
      if (!(rl->spec.flags & RTSA_REMOTE_ENDPOINT) && (rl->flags & RG_REROUTE_GW))
 	{
 	  msg (M_WARN, "%s VPN gateway parameter (--route-gateway or --ifconfig) is missing", err);
 	}
-      else if (!(rl->rgi.flags & RGI_ADDR_DEFINED))
+      /*
+       * check if a default route is defined, unless:
+       * - we are connecting to a remote host in our network
+       * - we are connecting to a non-IPv4 remote host (i.e. we use IPv6)
+       */
+      else if (!(rl->rgi.flags & RGI_ADDR_DEFINED) && !local
+	       && (rl->spec.remote_host != IPV4_INVALID_ADDR))
 	{
 	  msg (M_WARN, "%s Cannot read current default gateway from system", err);
 	}
@ -854,7 +861,6 @@ redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, u
 	}
      else
 	{
-	  bool local = BOOL_CAST(rl->flags & RG_LOCAL);
 	  if (rl->flags & RG_AUTO_LOCAL) {
 	    const int tla = rl->spec.remote_host_local;
 	    if (tla == TLA_NONLOCAL)
@ -914,14 +920,18 @@ redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, u
 		}
 	      else
 		{
-		  /* delete default route */
-		  del_route3 (0,
-			      0,
-			      rl->rgi.gateway.addr,
-			      tt,
-			      flags | ROUTE_REF_GW,
-			      &rl->rgi,
-			      es);
+		  /* don't try to remove the def route if it does not exist */
+		  if (rl->rgi.flags & RGI_ADDR_DEFINED)
+		  {
+		      /* delete default route */
+		      del_route3 (0,
+				  0,
+				  rl->rgi.gateway.addr,
+				  tt,
+				  flags | ROUTE_REF_GW,
+				  &rl->rgi,
+				  es);
+		  }

 		  /* add new default route */
 		  add_route3 (0,
@ -994,14 +1004,18 @@ undo_redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *
 			  &rl->rgi,
 			  es);

-	      /* restore original default route */
-	      add_route3 (0,
-			  0,
-			  rl->rgi.gateway.addr,
-			  tt,
-			  flags | ROUTE_REF_GW,
-			  &rl->rgi,
-			  es);
+	      /* restore original default route if there was any */
+	      if (rl->rgi.flags & RGI_ADDR_DEFINED)
+	        {
+		  /* restore original default route */
+		  add_route3 (0,
+			      0,
+			      rl->rgi.gateway.addr,
+			      tt,
+			      flags | ROUTE_REF_GW,
+			      &rl->rgi,
+			      es);
+	        }
 	    }
 	}