What's new

Bug report: not resetting routing table after OpenVPN connection failures

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

remote_recon

New Around Here
Hello, I wanted to submit a bug report. I am running Merlin ASUS 388.1 on an RT-AX58U.

Using my router to connect as an OpenVPN client, I had a server-side configuration error for IPV6. A crash / connection failure occurs after IPV4 routes added, but before the invalid IPV6 route can be added:
/usr/sbin/ip -6 addr add xxxx:xxx:x:xxx::xxxx/64 dev tun14
Jan 29 18:08:24 ovpn-client4[#####]: Linux ip -6 addr add failed: external program exited with error status: 2

Expected behaviour: routing tables reset after the above failure.
Observed behaviour: IPV4 routes added before the crash persist after failure. On subsequent connections, this leads to a new cause of connection failure that arises from an attempt to add a redundant IPV4 route, as follows:
Jan 29 18:43:06 ovpn-client4[#####]: /usr/sbin/ip addr add dev tun14 10.x.x.x/24
Jan 29 18:43:06 ovpn-client4[#####]: Linux ip addr add failed: external program exited with error status: 2

Sorry if I have missed something obvious in my configuration, but as this does not occur on a clean connection an exit I think this is probably a bug. Please correct me if I am wrong. Thank you for your time and for contributing this valuable firmware.
 
The VPN client doesn't support IPv6:

 
Thanks for pointing that out. Perhaps the routing tables could still be reset in the event a user didn't realize the server config settings included IPV6 routing and a crash occurred.

I also wondered if you or others had any suggestions as to best practice for blocking IPv6 leaks in this environment? I am aware of the client directives:
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "router-ipv6"

But I am observing IPV6 DNS servers leak using this approach.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top