mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 12:12:15 +02:00
8a502f3b61
When profile contains several remotes or single remote which is resolved into multiple IP addresses AND all traffic is redirected to the VPN, client will reconnect to the next remote if connection is broken. Since all traffic is redirected to VPN, except traffic to current remote, reconnect fails. Currently this problem is solved by creating bypass routes to all remotes before establishing connection, so that reconnect won't go via broken VPN. This solution is sub-optimal, since it leaks traffic to other remotes. This patch implements a better approach. Before connecting to remote, we create a bypass route just for this remote. On reconnect we replace an old route with a new one for the new remote. We piggyback on socket_protect() method of OpenVPNClient which is called before opening connection to remote. Connection to a new remote usually means a new IP address etc, so to prevent traffic leakage we first create a new tun interface, set up routes and then remove old routes and tear down old tun interface. Signed-off-by: Lev Stipakov <lev@openvpn.net> |
||
|---|---|---|
| .. | ||
| sitnl.hpp | ||
| tuncli.hpp | ||
| tuniproute.hpp | ||
| tunnetlink.hpp | ||
| tunsetup.hpp | ||