OSPFd + OpenVPN collision again - function openvpn_clear_route()



  • Trying to setup full mesh OpenVPN between three sites that have CARP clusters and Multi-WAN.

    Having the problem on the client side. The p-to-p network is 192.168.240.40/30. So the server interface is 192.168.240.41 and the client is 192.168.240.42.

    On the client in the routing table I see:

    | 192.168.240.41 | link#22 | UH | 0 | 0 | 1500 | ovpnc2 |

    I do not see 192.168.240.42 in there anywhere.

    But looking at  function openvpn_clear_route():

    
    function openvpn_clear_route($mode, $settings) {
    	if (empty($settings['tunnel_network']))
    		return;
    	list($ip, $cidr) = explode('/', $settings['tunnel_network']);
    	$mask = gen_subnet_mask($cidr);
    	$clear_route = false;
    
    	switch($settings['mode']) {
    		case 'shared_key':
    			$clear_route = true;
    			break;
    		case 'p2p_tls':
    		case 'p2p_shared_key':
    			if ($cidr == 30)
    				$clear_route = true;
    			break;
    	}
    
    	if ($clear_route && !empty($ip) && !empty($mask)) {
    		list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask);
    		$ip_to_clear = ($mode == "server") ? $ip1 : $ip2;
    		mwexec("/sbin/route -q delete {$ip_to_clear}");
    	}
    }
    
    

    I see that $ip_to_clear is selective which route it removes based on if its a server or client.

    In my case its a client. But the route stuck in the routing table is with the server's IP.

    Why not wack both routes in this function?

    Thanks,

    Shahid



  • Oh wait! the interface is ovpnc2 which is this very tunnel OpenVPN client is trying to bring up. How is that route still there when the VPN tunnel is down.


Log in to reply