Hi all, please find attached the patch Matteo is referring to. Since we're not expert of the openvpn source code, we think it should be considered as a starting point for a discussion.
Basically this patch adds a stale-routes-check option that takes 2 parameters: a ageing time (in seconds) and a check interval (in seconds). The latter defaults to the former if it's not present. Internally, a new "check" is added in multi_process_per_second_timers_dowork(). This check deletes stale routes and it is inspired to the function multi_reap_range(). We're running a very large connectivity infrastructure based on openVPN (more than 4000 different clients connected per day per server), so we can throughly check this patch (or, of course, any variant of it). Regards, Matteo and Davide.
openvpn-2.0.1-aged-routes.patch
Description: Binary data
-- dott. Davide Guerri - C.A.S.P.U.R. Interuniversity Consortium Lead R&D Eng. OpenWISP (http://openwisp.caspur.it) CTO CASPUR per Provinciawifi, Pratowifi, FreeWiFiGenova, Maremmawifi, ProvinciaGoriziaWiFi, IX-WiFi e-mail: d.gue...@caspur.it phone: +39 06.44486.404 www: http://openwisp.caspur.it/projects/ow/wiki/Davide_Guerri On 14/set/2011, at 15:42, Matteo Latini wrote: > Hi, > we (openwisp.it) are an open source wireless ISP using openvpn's tap devices > to bridge access points with our main servers. > > We recently ran into a problem with openvpn's internal routing table getting > filled up by "old and stale" routes. > Some routes are kept for months (till the vpn gets restarted). This and the > --max-routes-per-client option makes > the internal routing table fill up and never let newer clients add new > internal routes. > > Since we were unable to find a way to clean stale routes by reading the > manpages, we began exploring openvpn's > code to create a patch that would clean old and inactive routes. The patch is > working but, by looking through code, > we found some reference to MULTI_ROUTE_AGEABLE and ageable_ttl_secs in the > multi_route_defined method (multi.h). > > Are those in any way meant to clean, in any way (maybe yet to implement), > aged routes? > We tried using multi_route_defined to keep track of such routes without > success. > > Should we keep trying with MULTI_ROUTE_AGEABLE or find other ways (we > implemented the patch by using a dedicated > timer that triggers a function that does something similar to what happens on > teardown)? > > We are currently patching OpenVPN 2.1.0 > > > Regards, > Matteo Latini
