Hi, the following patch was posted to trac#261, and I intend to ACK it (patches to track are a bit complicated regarding our standard policy and --author :-/ - but it's simple enough, and while a very esoteric corner case, fixing a real bug :-) - namely, --redirect-private in combination with --dev tap)
Specifically, --redirect-private does half the work of --redirect-gateway,
namely "install a host route to the VPN server via the current default
gateway", but not the actual "... and then redirect everything else into
the VPN". This can be useful if you push the same private network that
is used at the client site, but do *not* want to push a default route.
This normally works, unless used in tap mode with routes coming from a DHCP
server, where it complains about missing --route-gateway, which isn't
actually needed for *this* part of the work.
gert
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index dd69d8e..df80286 100644
Index: src/openvpn/route.c
===================================================================
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -837,7 +837,7 @@ redirect_default_route_to_vpn (struct route_list *rl, const
struct tuntap *tt, u
if ( rl && rl->flags & RG_ENABLE )
{
- if (!(rl->spec.flags & RTSA_REMOTE_ENDPOINT))
+ if (!(rl->spec.flags & RTSA_REMOTE_ENDPOINT) && (rl->flags &
RG_REROUTE_GW))
{
msg (M_WARN, "%s VPN gateway parameter (--route-gateway or
--ifconfig) is missing", err);
}
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgp5fg6jFA8Ju.pgp
Description: PGP signature
