The candicates of proto_add_host_dependency should be OR'd instead of AND'd
#24
Comments
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Most VPN protocols implemented by OpenWRT use
proto_add_host_dependencyto enforce the presence of a route to the endpoint as shown in https://github.com/search?q=org%3Aopenwrt+proto_add_host_dependency+language%3AShell&type=code. In addition,resolveipis employed to resolve the endpoint's address if set as a domain. When the endpoint domain resolves to multiple IPs, many protocol implementations iterate over and useproto_add_host_dependencyto add all IPs returned byresolveip. Examples are PPTP: https://github.com/openwrt/openwrt/blob/1a47ce5ff2f2db07fca8fc28801c0a78cbf19fe4/package/network/services/ppp/files/ppp.sh#L298-L301 and L2TP: https://github.com/openwrt/packages/blob/8bbc9c7d796fc4685c9839839bed3b057aa18397/net/xl2tpd/files/l2tp.sh#L33-L36In the multi-IP case, the interface should be brought up when any one of the IPs is reachable, from what I understand. In other words, the IP list added by
proto_add_host_dependencyshould be OR'd. However, its internal implementation appears to require all IPs in the list to be reachable simultaneously, i.e., the IPs are AND'd, which doesn't make much sense to me.In my scenario, the VPN server is in a dual-stack network so its domain has both A and AAAA records. The VPN client (running OpenWRT) is v4-only and has the following setup:
Both the A and AAAA records of example.com are added by
proto_add_host_dependencyinproto_l2tp_setup. Since the client is v4-only, there won't be a route to the v6 address so the L2TP interface is never brought up. The workaround I'm taking is to create a 4.vpn.example.com that has an A record only.I believe this is a general issue and the internal behavior of
proto_add_host_dependencyshould be fixed rather than adding hacks to protocol implementations.Cc: @yousong
The text was updated successfully, but these errors were encountered: