diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | openvpn.8 | 16 | ||||
-rw-r--r-- | route.c | 14 |
3 files changed, 29 insertions, 4 deletions
@@ -5,6 +5,9 @@ $Id$ 2005.11.xx -- Version 2.1-beta7 +* Fixed bug in Linux get_default_gateway function + introduced in 2.0.4, which would cause redirect-gateway + on Linux clients to fail. * Moved easy-rsa 2.0 scripts to easy-rsa/2.0 to be compatible with 2.0.x distribution. @@ -2949,7 +2949,21 @@ of OpenVPN's client mode. This directive is equivalent to: This option must be used on a client which is connecting to a multi-client server. It indicates to OpenVPN that it should accept options pushed by the server, provided they -are part of the legal set of pushable options. +are part of the legal set of pushable options (note that the +.B --pull +option is implied by +.B --client +). + +In particular, +.B --pull +allows the server to push routes to the client, so you should +not use +.B --pull +or +.B --client +in situations where you don't trust the server to have control +over the client's routing table. .\"********************************************************* .TP .B --auth-user-pass [up] @@ -347,6 +347,10 @@ init_route_list (struct route_list *rl, setenv_route_addr (es, "net_gateway", rl->spec.net_gateway, -1); dmsg (D_ROUTE_DEBUG, "ROUTE DEBUG: default_gateway=%s", print_in_addr_t (rl->spec.net_gateway, 0, &gc)); } + else + { + dmsg (D_ROUTE_DEBUG, "ROUTE DEBUG: default_gateway=UNDEF"); + } if (rl->flags & RG_ENABLE) { @@ -1342,9 +1346,10 @@ show_routes (int msglev) #elif defined(TARGET_LINUX) static bool -get_default_gateway (in_addr_t *ret) +get_default_gateway (in_addr_t *gateway) { struct gc_arena gc = gc_new (); + bool ret = false; FILE *fp = fopen ("/proc/net/route", "r"); if (fp) { @@ -1392,7 +1397,10 @@ get_default_gateway (in_addr_t *ret) fclose (fp); if (best_gw) - *ret = best_gw; + { + *gateway = best_gw; + ret = true; + } dmsg (D_ROUTE_DEBUG, "GDG: best=%s[%d] lm=%u", print_in_addr_t ((in_addr_t) best_gw, 0, &gc), @@ -1401,7 +1409,7 @@ get_default_gateway (in_addr_t *ret) } gc_free (&gc); - return false; + return ret; } #elif defined(TARGET_FREEBSD) |