Hi, On Sun, Sep 13, 2015 at 11:26:12AM +0200, Arne Schwabe wrote: > I think we may need an (explicit) opt out of the mechanism. Currently > the code that inserts the IPv6 host route will always run.
It will only insert the host route if you connect over IPv6, and you
try to install IPv6 routes that overlap with the server address
(need_remote_ipv6_route=true in init_route_ipv6_list()). If there
is no overlap, or you connect over IPv4, it won't do anything (just
re-tested to ensure that I did not forget the "we don't need this now"
case :-) )
That it auto-activates is intentional - with IPv4, if you do not set
--redirect-private, and have overlapping pushed routes with the VPN server
address, it will silently fail due to recursive routing (unless you
have a VPN API to do the right thing). So I wanted this to do the
right thing automatically on the other platforms as well...
But I can be convinced to add an opt-out switch - what use case do you
have in mind where this would be needed? In some cases, the logic is
not actually *necessary* (if you have a more-specific route for the VPN
server than what is pushed), but it won't do *harm* in that case either
(tested with /64 routes and pushing /32).
(In any case, thanks for reviewing the first few patches in the set and
the feedback)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgprVwYboX1ta.pgp
Description: PGP signature
