Support for redirect-gw local

When VPN server is in local network and
not accessible via default gateway, adding bypass route
via default gw (as we do on windows/mac) makes server
inaccessible.

This handles client-side config option "redirect-gw local"
and skips adding bypass route via agent.

Fixes OVPN3-653

Signed-off-by: Lev Stipakov <lev@openvpn.net>

client/ovpncli.cpp

@@ -259,14 +259,19 @@ namespace openvpn {
 	parent = parent_arg;
       }
 
+      void set_rg_local(bool rg_local_arg)
+      {
+        rg_local = rg_local_arg;
+      }
+
       bool socket_protect(int socket, IP::Addr endpoint) override
       {
 	if (parent)
 	  {
 #if defined(OPENVPN_COMMAND_AGENT) && defined(OPENVPN_PLATFORM_WIN)
-	    return WinCommandAgent::add_bypass_route(endpoint);
+	    return rg_local ? true : WinCommandAgent::add_bypass_route(endpoint);
 #elif defined(OPENVPN_COMMAND_AGENT) && defined(OPENVPN_PLATFORM_MAC)
-	    return UnixCommandAgent::add_bypass_route(endpoint);
+	    return rg_local ? true : UnixCommandAgent::add_bypass_route(endpoint);
 #else
 	    return parent->socket_protect(socket, endpoint.to_string(), endpoint.is_ipv6());
 #endif
@@ -282,6 +287,7 @@ namespace openvpn {
 
     private:
       OpenVPNClient* parent;
+      bool rg_local = false; // do not add bypass route if true
     };
 
     class MyReconnectNotify : public ReconnectNotify
@@ -490,6 +496,8 @@ namespace openvpn {
 
 	  // socket protect
 	  socket_protect.set_parent(parent);
+	  RedirectGatewayFlags rg_flags{ options };
+	  socket_protect.set_rg_local(rg_flags.redirect_gateway_local());
 
 	  // reconnect notifications
 	  reconnect_notify.set_parent(parent);

openvpn/client/rgopt.hpp

@@ -73,6 +73,11 @@ namespace openvpn {
       return rg_enabled() && (flags_ & RG_IPv6);
     }
 
+    bool redirect_gateway_local() const
+    {
+      return flags_ & RG_LOCAL;
+    }
+
     std::string to_string() const
     {
       std::string ret;