strange routing behavior starting with ocserv 0.12.0
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Thu Sep 17 08:48:43 EDT 2020
On Sun, Sep 13, 2020 at 2:41 PM <ocserv at plaga.de> wrote:
>
>
> Hello everyone,
>
Hi!
> Now my problem: In one of my standard configurations, I run the ocserv
> behind of proprietary routers on a small arm-based computer. On that, I
> use armbian which is a Debian derivative with a 5.7 Linux Kernel
> optimized for Arm boards. Armbian is configured to be systemd-free and
> runs SysV init. Ports 443 UDP/TCP are portforwarded to the Arm board so
> that these are reachable from the internet. The IP configuration is static.
>
> Configuration is minimal:
> ----
> socket-file = /var/run/ocserv-socket
> device = vpns
> dns=8.8.8.8
>
> ipv4-network = 192.168.7.32/27
>
> # TCP and UDP port number
> tcp-port = 443
> udp-port = 443
>
> route = 0.0.0.0/0.0.0.0
Is your goal to have the server being the default route for the
client? If yes, then the documented way to do that is to set "route =
default" or removing all the routes.
> On Debian 9 with ocserv Version 0.11.6 routing behavior is as expected:
> - user connects
> - ocserv creates a route pointing to the vpn device the user is assigned to
> - after the user disconnects: the vpn route is removed
>
> creates a route pointing to the vpn device the user is assigned to
> After upgrading to Debian 10 (current armbian with Kernel 5.7.15),
> ocserv was upgraded to version 0.12.2. With the same configuration, the
> routing behavior had changed to the following:
> - user connects
> - ocserv creates a route pointing to the vpn device the user is assigned to
> - Strange: the default route changes to the hostname of the host ocserv
> is running on
What is this address? Is it part of the address range for ocserv? Does
the issue go away by using the expected route notation?
regards,
Nikos
More information about the openconnect-devel
mailing list