Please find attached a patch for a new stale-routes-check (and remove) option.
As requested on IRC #openvpn-devel channel, I've fixed my previously submitted patch against version 2.1.0 (i.e. the version currently used by ubuntu 10.04.3 LTS) and I'm also submitting a patch against the latest master branch. I've been testing both versions for a while with no issues so far.
openvpn-2.1.0-aged-routes.patch
Description: Binary data
openvpn-master-aged-routes.patch
Description: Binary data
Signed-off-by: Davide Guerri <d.gue...@caspur.it> On 14/set/2011, at 16:58, Davide Guerri wrote: > Hi all, > please find attached the patch Matteo is referring to. > > Since we're not expert of the openvpn source code, we think it should be > considered as a starting point for a discussion. > > Basically this patch adds a stale-routes-check option that takes 2 > parameters: a ageing time (in seconds) and a check interval (in seconds). The > latter defaults to the former if it's not present. > Internally, a new "check" is added in > multi_process_per_second_timers_dowork(). This check deletes stale routes and > it is inspired to the function multi_reap_range(). > > We're running a very large connectivity infrastructure based on openVPN (more > than 4000 different clients connected per day per server), so we can > throughly check this patch (or, of course, any variant of it). > > Regards, > Matteo and Davide. > > On 14/set/2011, at 15:42, Matteo Latini wrote: > >> Hi, >> we (openwisp.it) are an open source wireless ISP using openvpn's tap devices >> to bridge access points with our main servers. >> >> We recently ran into a problem with openvpn's internal routing table getting >> filled up by "old and stale" routes. >> Some routes are kept for months (till the vpn gets restarted). This and the >> --max-routes-per-client option makes >> the internal routing table fill up and never let newer clients add new >> internal routes. >> >> Since we were unable to find a way to clean stale routes by reading the >> manpages, we began exploring openvpn's >> code to create a patch that would clean old and inactive routes. The patch >> is working but, by looking through code, >> we found some reference to MULTI_ROUTE_AGEABLE and ageable_ttl_secs in the >> multi_route_defined method (multi.h). >> >> Are those in any way meant to clean, in any way (maybe yet to implement), >> aged routes? >> We tried using multi_route_defined to keep track of such routes without >> success. >> >> Should we keep trying with MULTI_ROUTE_AGEABLE or find other ways (we >> implemented the patch by using a dedicated >> timer that triggers a function that does something similar to what happens >> on teardown)? >> >> We are currently patching OpenVPN 2.1.0 >> >> >> Regards, >> Matteo Latini
