strange routing behavior starting with ocserv 0.12.0

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Mon Sep 21 15:43:04 EDT 2020 

On Thu, Sep 17, 2020 at 10:15 PM <ocserv at plaga.de> wrote:
> Hello Nikos,
> > What is this address? Is it part of the address range for ocserv? Does
> > the issue go away by using the expected route notation?
>
> My topology (Fritzbox is the router to my internet provider,
> backuphostsr is the host running ocserv. ports 443 UDP/TCP are
> portforwarded from the fritzbox to backuphostsr.):
>
> Fritzbox       <-->  Backuphostsr
> 192.168.7.1          192.168.7.13
>                       Default Route: 192.168.7.1

> With 0.11.12, the setting of the default route remains stable (as set)
> after a user connects to ocserv. The user gets an IP from the pool.
>
> Starting with ocserv 0.12.0: a user connects, and the route changes to
> the following:
>
> Fritzbox       <-->  Backuphostsr
> 192.168.7.1          192.168.7.13
>                       Default Route: 192.168.7.13

I suspect that default route here is the peer address you see on the
clients right? ocserv sets as its IP the first network address of the
one assigned. With
192.168.7.32/27 you should have
192.168.7.33 (is 13 a typo?)

Most likely the behavior in 0.11.x is a bug, and it most likely
accidental that it was working. If the first address in the network
doesn't work as default route in your setup you may need to make the
server ocserv runs on capable to route.

regards,
Nikos



>
> The host backuphostsr is assigned 192.168.7.13. Therefore the default
> route points to the host itself. Changig the route notation does not
> change anything. After the user disconnects, the correct default route
> (192.168.7.1) is restored.
>
>
> It is a strange behavior ...
>
> Regards
>
>    Sven
>
>
>
>
>
> >
> > regards,
> > Nikos
> >
> > _______________________________________________
> > openconnect-devel mailing list
> > openconnect-devel at lists.infradead.org
> > http://lists.infradead.org/mailman/listinfo/openconnect-devel
> >
>
>
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/openconnect-devel

More information about the openconnect-devel mailing list