Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for --iroute #96

Closed
lstipakov opened this issue Nov 25, 2024 · 4 comments
Closed

Support for --iroute #96

lstipakov opened this issue Nov 25, 2024 · 4 comments
Assignees
@lstipakov
Labels
multipeer

Comments

@lstipakov
Copy link
Member

Figure out if it is possible to get system routing information by WDF driver. If not, routes should be added to the driver and manual lookup has to be performed, like in userspace.
@lstipakov lstipakov self-assigned this Nov 25, 2024
lstipakov added a commit that referenced this issue Jan 14, 2025
@lstipakov
multipeer: support for iroute
30aa73c 
This introduces support for iroute functionality,
enabling per-peer routing of specific subnets.

 - Added a trie-based routing table structure (IPTrie) to
 efficiently store and manage IPv4 and IPv6 routes.

 - Implemented InsertRoute, FindRoute, and RemoveRoute methods to
 add, look up, and delete routes.

 - Integrated OvpnPeerContext management with reference counting to
 ensure proper resource cleanup during route deletions.

 - Added thread-safe synchronization using read/write spinlocks to
 allow concurrent route lookups while protecting writes.

Fixes #96

Signed-off-by: Lev Stipakov <lev@openvpn.net>
@cacamille3
Copy link

Hi, I have tried your last OpenVPN 2.7.0 installer with DCO-Win 2.5.0.
In my setup iroute is not working with DCO but working with TAP adapter.
The remote device being the router is currently a Linux with OpenVPN 2.6.12 without DCO

@lstipakov
Copy link
Member Author

Hi, thanks for the feedback! For start, could you please provide the server logs with verb 6?

@lstipakov
Copy link
Member Author

@cacamille3 I found an issue, was due to RPF in the driver RX path. The new version is coming today.

@lstipakov lstipakov reopened this Jan 22, 2025
@lstipakov
Copy link
Member Author

lstipakov commented Jan 22, 2025
edited
Loading

@cacamille3 Please give this a try. Here is my network diagram:

          +-------------------------------+
          | VPN Server (Windows 10)       |
          | 10.8.0.1                      |
          +-------------------------------+
                  |
   -----------------------------------------
   |                                       |
+-----------------------+         +------------------------+
| Peer A (Windows 11)   |         | Peer B (Ubuntu 22.04)  |
| 10.8.0.2              |         | 10.8.0.5              |
+-----------------------+         +------------------------+
       |
   +---------------------------------+
   | Subnet Behind Peer A            |
   | 100.64.0.0/12                   |
   +---------------------------------+
            |
   +----------------+
   | Host           |
   | 100.64.0.1     |
   +----------------+

On the server:

  • there is ccd file for peer A with the content: iroute 100.64.0.0 255.240.0.0
  • in the server config there are lines:
push "route 100.64.0.0 255.240.0.0"
route 100.64.0.0 255.240.0.0

With that, I am able to ping a subnet host 100.64.0.1 from peer B.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lstipakov lstipakov

Labels
multipeer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lstipakov @cacamille3