Am 26.03.21 um 11:30 schrieb Antonio Quartulli: > Hi, > > On 26/03/2021 08:12, Gert Doering wrote: >> Now... if we consider a scenario where OpenVPN packets are not subject >> to be routed into the tunnel (Linux VRF, policy routing, ...) - which >> is actually something I want to see happen :-) - twisting this feature >> into some other direction might make the coding effort useful: what >> about "we only block packets that match destination IP *and port and >> protocol* with what OpenVPN is using"? >> >> So, if we talk to 1.2.3.4/udp/1194, only packets inside the tunnel >> destined to 1.2.3.4/udp/1994 would be dropped, and everything else can >> be sent freely - because those are never "recursive openvpn packets". > > I was just questioning this feature per se: why do we want to *allow* > real loops?
On Android where VPN setup is a bit different from normal setup. Different enoguh that the recursive routing message is easily triggered and the client always sets the allow-recursive-roouting option. I cannot remember the exact details anymore. Arne _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
