[Bug 907828] Re: tun-based VPNs using the "subnet" topology are wrongly sending ICMP redirects

Bryce Harrington 907828 at bugs.launchpad.net
Wed Feb 22 03:37:00 UTC 2012 

** Description changed:

- When a tun-based VPN is using the subnet topology, the communication
- between clients can confuse the routing code that will wrongly emit ICMP
- redirects. This problem is very well described here
- http://backreference.org/2010/05/02/controlling-client-to-client-
- connections-in-openvpn/. The same link also provides the workaround
- (disable ICMP redirect on the TUN device).
+ [Impact]
+ <fill me in with explanation of severity and frequency of bug on users and justification for backporting the fix to the stable release>
+ 
+ [Development Fix]
+ <fill me in with an explanation of how the bug has been addressed in the development branch, including the relevant version numbers of packages modified in order to implement the fix. >
+ 
+ [Stable Fix]
+ <fill me in by pointing out a minimal patch applicable to the stable version of the package.>
+ 
+ [Text Case]
+ <fill me in with detailed *instructions* on how to reproduce the bug.  This will be used by people later on to verify the updated package fixes the problem.>
+ 1.
+ 2.
+ 3.
+ Broken Behavior: 
+ Fixed Behavior: 
+ 
+ [Regression Potential]
+ <fill me in with a discussion of likelihood and potential severity of regressions and how users could get inadvertently affected. 
+ 
+ [Original Report]
+ When a tun-based VPN is using the subnet topology, the communication between clients can confuse the routing code that will wrongly emit ICMP redirects. This problem is very well described here http://backreference.org/2010/05/02/controlling-client-to-client-connections-in-openvpn/. The same link also provides the workaround (disable ICMP redirect on the TUN device).
  
  This problem affects Lucid to Precise (Hardy's version does not support
  the subnet mode).
  
  ProblemType: Bug
  DistroRelease: Ubuntu 11.04
  Package: openvpn 2.1.3-2ubuntu3
  ProcVersionSignature: Ubuntu 2.6.38-13.53-generic 2.6.38.8
  Uname: Linux 2.6.38-13-generic x86_64
  Architecture: amd64
  Date: Thu Dec 22 11:34:08 2011
  ProcEnviron:
-  LANGUAGE=en_US:en
-  LANG=en_US.UTF-8
-  SHELL=/bin/bash
+  LANGUAGE=en_US:en
+  LANG=en_US.UTF-8
+  SHELL=/bin/bash
  SourcePackage: openvpn
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/907828

Title:
  tun-based VPNs using the "subnet" topology are wrongly sending ICMP
  redirects

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/907828/+subscriptions

More information about the Ubuntu-server-bugs mailing list