This also move the building IV_HWADDR peer info variable to the point
that the server address is actually available.
This also avoids failing to connect when push-peer-info is enabled and
there is no IPv4 default gateway. The new code will always pick the device
that holds the route to the current remote.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
Out of all the suggestions by Coverity I picked
the ones that move non-Ptr objects into variables
or attributes.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
The current implementation of "get best gateway"
is completely unaware of IPv6. Because of that
agent-enabled client is not able to connect to IPv6
server. This happens because the first call to agent
(add-bypass-route) fails, since we pass IPv6 address,
which agent tries to intrepret as IPv4 and fails.
Moreover, "add bypass route" logic looks for the best gateway
for the given remote, and the API we use (GetIpForwardTable and
GetBestGateway) doesn't work with IPv6.
This adds IPv6 support to BestGateway class and "add bypass route"
logic. For that we use IPv6-aware API such as GetIpForwardTable2
and own IP::Addr/4/6 absactions.
Fixes OVPN3-959.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This is the result after running 'clang-format -i' on all C++ files and
headers, with the defined formatting rules in .clang-format.
Only the openvpn/common/unicode-impl.hpp has been excluded, as that is
mostly a copy of an external project.
Signed-off-by: David Sommerseth <davids@openvpn.net>
When adding bypass route to remote we always use
default gateway. This doesn't work when remote is not
reachable via default gateway (local network,
custom route - OVPN3-653).
Implement "get best gateway" logic by traversing routing
table and find gateway with longest prefix match and
highest metric.
In case of seamless tunnel and redirect-gw "get best gateway"
will return VPN gateway when adding bypass route during reconnect
to another remote. VPN tunnel is likely broken at this point
and bypass route via VPN make reconnect impossible.
Fix that by storing VPN interface index and, when finding best gateway,
filter routes which use VPN interface.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This is useful for running a command from a worker thread
where signals have been blocked, but we want the child
process to run with the original pre-blocked signal configuration.
Signed-off-by: James Yonan <james@openvpn.net>
When creating bypass route for server, it is better
to use gateway for server address instead of 0.0.0.0 or ::0.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This will be needed to exclude gateway on tun interface when
creating bypass route.
Note that this is required only for sitnl, since iproute-based routines
already ignore tun gateway.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
std::strerror() doesn't claim to be thread-safe, so
add openvpn::strerror_str() which is thread-safe by
virtue of the fact that it backs to strerror_r().
Signed-off-by: James Yonan <james@openvpn.net>
When "setenv PUSH_PEER_INFO" or "push-peer-info" is present
in client config, push the MAC address of the interface
owning the default route to the server via IV_HWADDR.
unrecognized, ignored, or unused.
This behavior is somewhat different (by design) to 2.x branch, which
will raise a fatal exception if an unrecognized option is
encountered.
Implemented IPv6 in iOS client.
Added new flags to redirect-gateway to control whether redirection
occurs at IPv4 or IPv6 levels (or both):
* ipv4 (default)
* !ipv4
* ipv6
* !ipv6
Added new directive "redirect-dns yes|no". If yes, all DNS requests
will be forwarded through pushed DNS servers. If no, only DNS
requests that match domains enumerated in "dhcp-option DOMAIN"
directives will be forwarded. If redirect-dns is omitted, it will
default to yes if redirect-gateway is specified at the IPv4 level
(this is the normal pre-existing behavior).
Allow the following aggregated options that are normally pushed by
the server to be defined in the config file as well. These options
will be combined with server-pushed options:
* route
* route-ipv6
* redirect-gateway
* redirect-private
* dhcp-option
Allow the following singleton options (i.e. options that don't
aggregate), that are normally pushed, to be defined in the config
file (note that server-pushed singleton options will override the
config file setting):
* redirect-dns
The Connection Details section of the UI now displays VPN IP
addresses for IPv4 and IPv6.
Added new pushable option "client-ip IP_ADDR" that can be pushed
by the server with the client's IP address as seen by the server.
The client will then show the address in the Connection Details
section of the UI.
array instead of concatenated string, and to resolve issue on OS X
where signals were being ignored after system() was called.
C++ iterators incremented in a for statement should usually use
a preincrement syntax.