From 7193de12abad34f2cd2ca8ab742cd7b0727b865d Mon Sep 17 00:00:00 2001
From: Lev Stipakov <lev@openvpn.net>
Date: Tue, 11 Aug 2020 11:32:30 +0300
Subject: [PATCH] Support for redirect-gw local

When VPN server is in local network and
not accessible via default gateway, adding bypass route
via default gw (as we do on windows/mac) makes server
inaccessible.

This handles client-side config option "redirect-gw local"
and skips adding bypass route via agent.

Fixes OVPN3-653

Signed-off-by: Lev Stipakov <lev@openvpn.net>
---
 client/ovpncli.cpp       | 12 ++++++++++--
 openvpn/client/rgopt.hpp |  5 +++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/client/ovpncli.cpp b/client/ovpncli.cpp
index 6d235198..3849b341 100644
--- a/client/ovpncli.cpp
+++ b/client/ovpncli.cpp
@@ -259,14 +259,19 @@ namespace openvpn {
 	parent = parent_arg;
       }
 
+      void set_rg_local(bool rg_local_arg)
+      {
+        rg_local = rg_local_arg;
+      }
+
       bool socket_protect(int socket, IP::Addr endpoint) override
       {
 	if (parent)
 	  {
 #if defined(OPENVPN_COMMAND_AGENT) && defined(OPENVPN_PLATFORM_WIN)
-	    return WinCommandAgent::add_bypass_route(endpoint);
+	    return rg_local ? true : WinCommandAgent::add_bypass_route(endpoint);
 #elif defined(OPENVPN_COMMAND_AGENT) && defined(OPENVPN_PLATFORM_MAC)
-	    return UnixCommandAgent::add_bypass_route(endpoint);
+	    return rg_local ? true : UnixCommandAgent::add_bypass_route(endpoint);
 #else
 	    return parent->socket_protect(socket, endpoint.to_string(), endpoint.is_ipv6());
 #endif
@@ -282,6 +287,7 @@ namespace openvpn {
 
     private:
       OpenVPNClient* parent;
+      bool rg_local = false; // do not add bypass route if true
     };
 
     class MyReconnectNotify : public ReconnectNotify
@@ -490,6 +496,8 @@ namespace openvpn {
 
 	  // socket protect
 	  socket_protect.set_parent(parent);
+	  RedirectGatewayFlags rg_flags{ options };
+	  socket_protect.set_rg_local(rg_flags.redirect_gateway_local());
 
 	  // reconnect notifications
 	  reconnect_notify.set_parent(parent);
diff --git a/openvpn/client/rgopt.hpp b/openvpn/client/rgopt.hpp
index 218e499b..151e5dde 100644
--- a/openvpn/client/rgopt.hpp
+++ b/openvpn/client/rgopt.hpp
@@ -73,6 +73,11 @@ namespace openvpn {
       return rg_enabled() && (flags_ & RG_IPv6);
     }
 
+    bool redirect_gateway_local() const
+    {
+      return flags_ & RG_LOCAL;
+    }
+
     std::string to_string() const
     {
       std::string ret;