Bug 196385 - OpenVPN can't tear out the routes when it's done?
OpenVPN can't tear out the routes when it's done?
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: openvpn (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Steven Pritchard
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-22 16:40 EDT by Scott Baker
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-06-24 17:19:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Scott Baker 2006-06-22 16:40:38 EDT
Description of problem: OpenVPN errors removing routes when its shut down

Version-Release number of selected component (if applicable): 2.1-0.10.beta14.fc5

--------------------------------------------------------------------

I have a very simple config that works great. All traffic routes down the tunnel
and life is good. When I stop OpenVPN however all my internet stops. After doing
some digging I show that I have no default route. When OpenVPN stops it tears
down the tun0 interface and all the routes that attach to that go with it.
Including my default gateway.

Here is a snippet from the logs.

Jun 21 17:27:22 snakt openvpn[3402]: event_wait : Interrupted system call (code=4)
Jun 21 17:27:22 snakt openvpn[3402]: TCP/UDP: Closing socket
Jun 21 17:27:22 snakt openvpn[3402]: /sbin/ip route del 10.8.0.1/32
Jun 21 17:27:22 snakt openvpn[3402]: ERROR: Linux route delete command failed:
shell command exited with error status: 2
Jun 21 17:27:22 snakt openvpn[3402]: /sbin/ip route del 55.66.77.88/32
Jun 21 17:27:22 snakt openvpn[3402]: ERROR: Linux route delete command failed:
shell command exited with error status: 2
Jun 21 17:27:22 snakt openvpn[3402]: /sbin/ip route del 0.0.0.0/0
Jun 21 17:27:22 snakt openvpn[3402]: ERROR: Linux route delete command failed:
shell command exited with error status: 2
Jun 21 17:27:22 snakt openvpn[3402]: /sbin/ip route add 0.0.0.0/0 via 10.79.79.2
Jun 21 17:27:22 snakt openvpn[3402]: ERROR: Linux route add command failed:
shell command exited with error status: 2
Jun 21 17:27:22 snakt openvpn[3402]: Closing TUN/TAP interface
Jun 21 17:27:22 snakt openvpn[3402]: SIGTERM[hard,] received, process exiting

OpenVPN has no problems CREATING the routes (on start), it only "errors out"
deleting the routes (on shutdown). If I run that SAME commands myself (as root)
it works just fine and my routes are restored. Is it some sort of permission issue?

Any ideas? I can do the "redirect-gateway def1" work around. That fixes the
problem, but it doesn't seem like it addresses the bigger problem.
Comment 1 Scott Baker 2006-06-23 12:32:06 EDT
It appears this is a chroot issue with OpenVPN? It's been documented in a couple
of places:

http://tinyurl.com/efmjb
http://tinyurl.com/f4ocq
http://tinyurl.com/eacmn
Comment 2 Steven Pritchard 2006-06-24 17:19:18 EDT
"redirect-gateway def1" isn't a workaround, it is the right way to do it.

Note You need to log in before you can comment on or make changes to this bug.