[Bug 771148] Re: redirect-gateway fails when default route does not use a gateway

TJ 771148 at bugs.launchpad.net
Sun May 13 09:50:48 UTC 2012 

I agree with Andreas; this is a bug in openvpn. I have local office
gateway servers with an internal PCI ADSL modem that runs embedded Linux
and is configured in RFC 1483 LLC Bridge mode. The Host PC uses PPPoE to
connect to the ISP via the embedded ADSL modem over the single ATM LLC
available from BT in the U.K.

This results in the host PC creating the ppp0 interface which is the
default route:

$ ip route show
default dev ppp0  scope link 
62.3.82.17 dev ppp0  proto kernel  scope link  src 82.71.24.87 
...

The OpenVPN server's configuration includes:

push "redirect-gateway def1"

When the local office connects it reports:

ovpn-01linode[24920]: TUN/TAP device tun0 opened
ovpn-01linode[24920]: TUN/TAP TX queue length set to 100
ovpn-01linode[24920]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
ovpn-01linode[24920]: /sbin/ifconfig tun0 10.254.252.18 pointopoint 10.254.252.17 mtu 1500
ovpn-01linode[24920]: NOTE: unable to redirect default gateway -- Cannot read current default gateway from system

There is (an invasive) patch in Debian bug #592088 by Lionel Elie Mamane
in comment 10. A better solution that doesn't involve trying to get the
OpenVPN project to substantially change the semantics of "redirect-
gateway" to "redirect-default-route" is in a short PPP script mentioned
by Vladislav Naumov in comment 20, and originally from the OpenVPN
mailing list in 2007:

/etc/ppp/ip-up.d/default-gateway:
---------------8<--------------
#!/bin/bash

if [ $(ip route list exact default |\
  awk '/^default/ {print $2}') = dev ];
then
         IF=$(ip route | awk '/^default/ {print $3}')
         GW=$(ip address show $IF |\
	 awk '/peer/ {print $4}' | cut -d"/" -f1)
         ip route replace default via $GW dev $IF
fi
-----------8<------------------

Now, when the PPP interface comes up

 default dev ppp0  scope link

is replaced by the PPP script with a route that includes the ISP gateway
IP address:

 default via 62.3.82.19 dev ppp0

This allows OpenVPN to recognise and replace the default route when it
starts:

default via 10.254.252.17 dev tun0
10.254.252.17 dev tun0  proto kernel  scope link  src 10.254.252.18


** Also affects: ppp (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/771148

Title:
  redirect-gateway fails when default route does not use a gateway

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/771148/+subscriptions

More information about the Ubuntu-server-bugs mailing list