Possible bug in vpnc-connect script
Bernhard Schmidt
berni at birkenwald.de
Thu Jan 21 18:32:39 EST 2010
Hi,
we just stumbled about a weird bug in OpenConnect in conjunction with
the vpnc-script from
http://git.infradead.org/users/dwmw2/vpnc-scripts.git. Possibly caused
by a misconfiguration on our side, but I think it could be solved pretty
easily in vpnc-script
Our ASA is at the IP address x.x.254.40. It returns
X-CSTP-Address: x.x.48.207
X-CSTP-Netmask: 255.255.0.0
i.e. a wrong netmask. What happens now is do_connect() in vpnc-script
invokes do_ifconfig(), which configures a route to
x.x.48.207/255.255.0.0 = x.x.0.0/16 to the tun interface. After that
do_connect() invokes set_vpngateway_route(), which retrieves the route
for x.x.254.40 (at this moment already pointing to tun0) and sets a
hostroute. And we have a very pretty endless recursion.
Proposed solution: reorder do_ifconfig() and set_vpngateway_route(),
since setting the hostroute to the gateway should always operate on the
previous routingtable.
Very basic git patch attached.
Best Regards,
Bernhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-setting-route-to-gateway-with-wrong-netmask.patch
Type: text/x-patch
Size: 746 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20100122/380e9624/attachment.bin>
More information about the openconnect-devel
mailing list