Bug 196385

Summary: OpenVPN can't tear out the routes when it's done?
Product: [Fedora] Fedora Reporter: Scott Baker <scott>
Component: openvpnAssignee: Steven Pritchard <steve>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: extras-qa
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-06-24 21:19:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Scott Baker 2006-06-22 20:40:38 UTC 
Description of problem: OpenVPN errors removing routes when its shut down

Version-Release number of selected component (if applicable): 2.1-0.10.beta14.fc5

--------------------------------------------------------------------

I have a very simple config that works great. All traffic routes down the tunnel
and life is good. When I stop OpenVPN however all my internet stops. After doing
some digging I show that I have no default route. When OpenVPN stops it tears
down the tun0 interface and all the routes that attach to that go with it.
Including my default gateway.

Here is a snippet from the logs.

Jun 21 17:27:22 snakt openvpn[3402]: event_wait : Interrupted system call (code=4)
Jun 21 17:27:22 snakt openvpn[3402]: TCP/UDP: Closing socket
Jun 21 17:27:22 snakt openvpn[3402]: /sbin/ip route del 10.8.0.1/32
Jun 21 17:27:22 snakt openvpn[3402]: ERROR: Linux route delete command failed:
shell command exited with error status: 2
Jun 21 17:27:22 snakt openvpn[3402]: /sbin/ip route del 55.66.77.88/32
Jun 21 17:27:22 snakt openvpn[3402]: ERROR: Linux route delete command failed:
shell command exited with error status: 2
Jun 21 17:27:22 snakt openvpn[3402]: /sbin/ip route del 0.0.0.0/0
Jun 21 17:27:22 snakt openvpn[3402]: ERROR: Linux route delete command failed:
shell command exited with error status: 2
Jun 21 17:27:22 snakt openvpn[3402]: /sbin/ip route add 0.0.0.0/0 via 10.79.79.2
Jun 21 17:27:22 snakt openvpn[3402]: ERROR: Linux route add command failed:
shell command exited with error status: 2
Jun 21 17:27:22 snakt openvpn[3402]: Closing TUN/TAP interface
Jun 21 17:27:22 snakt openvpn[3402]: SIGTERM[hard,] received, process exiting

OpenVPN has no problems CREATING the routes (on start), it only "errors out"
deleting the routes (on shutdown). If I run that SAME commands myself (as root)
it works just fine and my routes are restored. Is it some sort of permission issue?

Any ideas? I can do the "redirect-gateway def1" work around. That fixes the
problem, but it doesn't seem like it addresses the bigger problem.
Comment 1 Scott Baker 2006-06-23 16:32:06 UTC 
It appears this is a chroot issue with OpenVPN? It's been documented in a couple
of places:

http://tinyurl.com/efmjb
http://tinyurl.com/f4ocq
http://tinyurl.com/eacmn
Comment 2 Steven Pritchard 2006-06-24 21:19:18 UTC 
"redirect-gateway def1" isn't a workaround, it is the right way to do it.