Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1156?usp=email
to review the following change.
Change subject: Introduce env variables to communicate desired gateway
redirection to NM.
......................................................................
Introduce env variables to communicate desired gateway redirection to NM.
When run under Network Manager control, OpenVPN is not allowed to
control routing. Instead, NM uses the OpenVPN-set environment variables
("route_network_1" etc) to set up routes as requested. This method never
worked properly for "redirect-gateway", as the information was not made
available in environment variables.
Introduce new env vars:
route_redirect_gateway_ipv4
route_redirect_gateway_ipv6
to communicate desired state:
<not set> = no gateway redirection desired
1 = "redirect-gateway for that protocol in question"
2 = "include block-local to redirect the local LAN as well"
We intentionally do not expose all the IPv4 flags ("local", "def1", ...)
as this is really internal OpenVPN historical cruft.
Change-Id: I1e623b4a836f7216750867243299c7e4d0bd32d0
Signed-off-by: Gert Doering <g...@greenie.muc.de>
---
M doc/man-sections/script-options.rst
M src/openvpn/options.c
2 files changed, 22 insertions(+), 0 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/56/1156/1
diff --git a/doc/man-sections/script-options.rst
b/doc/man-sections/script-options.rst
index bd5ecd4..670cd33 100644
--- a/doc/man-sections/script-options.rst
+++ b/doc/man-sections/script-options.rst
@@ -874,6 +874,14 @@
translations will be recorded rather than their names as denoted on the
command line or configuration file.
+:code:`route_redirect_gateway_ipv4`
+
+:code:`route_redirect_gateway_ipv6`
+ Set to `1` if the corresponding default gateway should be redirected
+ into the tunnel, and to `2` if also the local LAN segment should be
+ blocked (`block-local`). Not set otherwise. Set prior to **--up** script
+ execution.
+
:code:`script_context`
Set to "init" or "restart" prior to up/down script execution. For more
information, see documentation for ``--up``.
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 0b16c5a..648d526 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -5720,6 +5720,8 @@
{
options->routes_ipv6->flags = 0;
}
+ env_set_del(es, "route_redirect_gateway_ipv4");
+ env_set_del(es, "route_redirect_gateway_ipv6");
}
else if (streq(p[0], "dns") && !p[1])
{
@@ -6039,6 +6041,8 @@
{
options->routes_ipv6->flags = 0;
}
+ env_set_del(es, "route_redirect_gateway_ipv4");
+ env_set_del(es, "route_redirect_gateway_ipv6");
*update_options_found |= OPT_P_U_REDIR_GATEWAY;
}
}
@@ -7661,6 +7665,16 @@
goto err;
}
}
+ if (options->routes->flags & RG_REROUTE_GW)
+ {
+ setenv_int(es, "route_redirect_gateway_ipv4",
+ options->routes->flags & RG_BLOCK_LOCAL ? 2 : 1);
+ }
+ if (options->routes_ipv6 && (options->routes_ipv6->flags &
RG_REROUTE_GW))
+ {
+ setenv_int(es, "route_redirect_gateway_ipv6",
+ options->routes->flags & RG_BLOCK_LOCAL ? 2 : 1);
+ }
#ifdef _WIN32
/* we need this here to handle pushed --redirect-gateway */
remap_redirect_gateway_flags(options);
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1156?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I1e623b4a836f7216750867243299c7e4d0bd32d0
Gerrit-Change-Number: 1156
Gerrit-PatchSet: 1
Gerrit-Owner: cron2 <g...@greenie.muc.de>
Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com>
Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-Attention: plaisthos <arne-open...@rfc2549.org>
Gerrit-Attention: flichtenheld <fr...@lichtenheld.com>
Gerrit-MessageType: newchange
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
