strange routing behavior starting with ocserv 0.12.0
ocserv at plaga.de
ocserv at plaga.de
Thu Sep 17 16:15:12 EDT 2020
Hello Nikos,
thank you for answering!
>> route = 0.0.0.0/0.0.0.0
>
> Is your goal to have the server being the default route for the
> client? If yes, then the documented way to do that is to set "route =
> default" or removing all the routes.
Yes, the server should be default route for the client. Thank you for
pointing out the right setting. I think that setting is unrelated to my
problem as I had also config files without any route configuration before.
>> On Debian 9 with ocserv Version 0.11.6 routing behavior is as expected:
>> - user connects
>> - ocserv creates a route pointing to the vpn device the user is assigned to
>> - after the user disconnects: the vpn route is removed
>>
>> creates a route pointing to the vpn device the user is assigned to
>> After upgrading to Debian 10 (current armbian with Kernel 5.7.15),
>> ocserv was upgraded to version 0.12.2. With the same configuration, the
>> routing behavior had changed to the following:
>> - user connects
>> - ocserv creates a route pointing to the vpn device the user is assigned to
>> - Strange: the default route changes to the hostname of the host ocserv
>> is running on
>
> What is this address? Is it part of the address range for ocserv? Does
> the issue go away by using the expected route notation?
My topology (Fritzbox is the router to my internet provider,
backuphostsr is the host running ocserv. ports 443 UDP/TCP are
portforwarded from the fritzbox to backuphostsr.):
Fritzbox <--> Backuphostsr
192.168.7.1 192.168.7.13
Default Route: 192.168.7.1
With 0.11.12, the setting of the default route remains stable (as set)
after a user connects to ocserv. The user gets an IP from the pool.
Starting with ocserv 0.12.0: a user connects, and the route changes to
the following:
Fritzbox <--> Backuphostsr
192.168.7.1 192.168.7.13
Default Route: 192.168.7.13
The host backuphostsr is assigned 192.168.7.13. Therefore the default
route points to the host itself. Changig the route notation does not
change anything. After the user disconnects, the correct default route
(192.168.7.1) is restored.
It is a strange behavior ...
Regards
Sven
>
> regards,
> Nikos
>
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/openconnect-devel
>
More information about the openconnect-devel
mailing list