Bug 196385 - OpenVPN can't tear out the routes when it's done?
Summary: OpenVPN can't tear out the routes when it's done?
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: openvpn
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Steven Pritchard
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-06-22 20:40 UTC by Scott Baker
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-06-24 21:19:18 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Scott Baker 2006-06-22 20:40:38 UTC 
Description of problem: OpenVPN errors removing routes when its shut down

Version-Release number of selected component (if applicable): 2.1-0.10.beta14.fc5

--------------------------------------------------------------------

I have a very simple config that works great. All traffic routes down the tunnel
and life is good. When I stop OpenVPN however all my internet stops. After doing
some digging I show that I have no default route. When OpenVPN stops it tears
down the tun0 interface and all the routes that attach to that go with it.
Including my default gateway.

Here is a snippet from the logs.

Jun 21 17:27:22 snakt openvpn[3402]: event_wait : Interrupted system call (code=4)
Jun 21 17:27:22 snakt openvpn[3402]: TCP/UDP: Closing socket
Jun 21 17:27:22 snakt openvpn[3402]: /sbin/ip route del 10.8.0.1/32
Jun 21 17:27:22 snakt openvpn[3402]: ERROR: Linux route delete command failed:
shell command exited with error status: 2
Jun 21 17:27:22 snakt openvpn[3402]: /sbin/ip route del 55.66.77.88/32
Jun 21 17:27:22 snakt openvpn[3402]: ERROR: Linux route delete command failed:
shell command exited with error status: 2
Jun 21 17:27:22 snakt openvpn[3402]: /sbin/ip route del 0.0.0.0/0
Jun 21 17:27:22 snakt openvpn[3402]: ERROR: Linux route delete command failed:
shell command exited with error status: 2
Jun 21 17:27:22 snakt openvpn[3402]: /sbin/ip route add 0.0.0.0/0 via 10.79.79.2
Jun 21 17:27:22 snakt openvpn[3402]: ERROR: Linux route add command failed:
shell command exited with error status: 2
Jun 21 17:27:22 snakt openvpn[3402]: Closing TUN/TAP interface
Jun 21 17:27:22 snakt openvpn[3402]: SIGTERM[hard,] received, process exiting

OpenVPN has no problems CREATING the routes (on start), it only "errors out"
deleting the routes (on shutdown). If I run that SAME commands myself (as root)
it works just fine and my routes are restored. Is it some sort of permission issue?

Any ideas? I can do the "redirect-gateway def1" work around. That fixes the
problem, but it doesn't seem like it addresses the bigger problem.
Comment 1 Scott Baker 2006-06-23 16:32:06 UTC 
It appears this is a chroot issue with OpenVPN? It's been documented in a couple
of places:

http://tinyurl.com/efmjb
http://tinyurl.com/f4ocq
http://tinyurl.com/eacmn
Comment 2 Steven Pritchard 2006-06-24 21:19:18 UTC 
"redirect-gateway def1" isn't a workaround, it is the right way to do it.
Note You need to log in before you can comment on or make changes to this bug.