strange routing behavior starting with ocserv 0.12.0
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Tue Sep 22 03:12:15 EDT 2020
On Tue, Sep 22, 2020 at 3:28 AM sven plaga <sven at plaga.de> wrote:
>
>
> Hello Nikos,
>
> >> Starting with ocserv 0.12.0: a user connects, and the route changes to
> >> the following:
> >>
> >> Fritzbox <--> Backuphostsr
> >> 192.168.7.1 192.168.7.13
> >> Default Route: 192.168.7.13
> >
> > I suspect that default route here is the peer address you see on the
> > clients right? ocserv sets as its IP the first network address of the
> > one assigned. With
> > 192.168.7.32/27 you should have
> > 192.168.7.33 (is 13 a typo?)
>
> No typo: in 0.12.0 ocserv sets 192.168.7.13 as default route on the
> server (deleting the former 192.168.7.1 route). The ocserv server sets
> itself as default route when a client is connecting, which makes no
> sense at all. Additionally, of course, it sets the route to my client
> peer (192.168.7.33).
>
> When the client is disconnecting, default route is restored to
> 192.168.7.1 and route to the peer 192.168.7.33 is deleted.
>
> Problem is: the default route setup destroys IPv4 connectivity of the
> ocserv server. This behavior is new in 0.12.0. I do not see it in
> 0.11.12 (both versions self compiled).
This is indeed strange because ocserv doesn't set any routes. It only
creates the vpns device. Do you have scripts running either when new
devices are setup or when ocserv starts a new connection? Check the
connect-script/disconnect-script whether they are set, as well as the
restrict-user-to-routes.
regards,
Nikos
More information about the openconnect-devel
mailing list