On Fri, 2010-01-22 at 00:32 +0100, Bernhard Schmidt wrote: > > we just stumbled about a weird bug in OpenConnect in conjunction with > the vpnc-script from > http://git.infradead.org/users/dwmw2/vpnc-scripts.git. Possibly caused > by a misconfiguration on our side, but I think it could be solved pretty > easily in vpnc-script > > Our ASA is at the IP address x.x.254.40. It returns > > X-CSTP-Address: x.x.48.207 > X-CSTP-Netmask: 255.255.0.0 > > i.e. a wrong netmask. What happens now is do_connect() in vpnc-script > invokes do_ifconfig(), which configures a route to > x.x.48.207/255.255.0.0 = x.x.0.0/16 to the tun interface. After that > do_connect() invokes set_vpngateway_route(), which retrieves the route > for x.x.254.40 (at this moment already pointing to tun0) and sets a > hostroute. And we have a very pretty endless recursion. > > Proposed solution: reorder do_ifconfig() and set_vpngateway_route(), > since setting the hostroute to the gateway should always operate on the > previous routingtable. > > Very basic git patch attached. Looks sensible to me. I've applied it to the git repository; thanks. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation
