From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4cDBGv5Vrpz30LR for ; Fri, 29 Aug 2025 21:29:11 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1 raw public key) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4cDBGv5FLHz2xP7 for ; Fri, 29 Aug 2025 21:29:11 +0000 (UTC) Received: from people01.haj.ipfire.org (people01.haj.ipfire.org [172.28.1.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "people01.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4cDBGv1FB8z2N for ; Fri, 29 Aug 2025 21:29:11 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1756502951; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=NkiEIffQDwKeigxgns9sUxUDWglMQH2tP5ngec5ruTU=; b=iw3w622z+OyBfWKDlUVYP+1wpDxqASKK7Yey1JYp9RjNL7qd7BNiSbyn8HCkaTEQlzp1Yq nKciRZGZhs0k71Ag== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1756502951; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=NkiEIffQDwKeigxgns9sUxUDWglMQH2tP5ngec5ruTU=; b=QsH8GhPD34EiQY2jBhj28mzGdI+C/PJEbcvGWyrHKk9vmuWG5WSTTnFSP4jfNhFjXCB5qf en+GBqNcuM7NLQeG7eZyCCHMpgWQbqiSFyrbnXCQtwB61mkRmHgT3vi5wml1hUT5mFnR/o /o41qCilmVN2oMokc5+h0V2WmBiKRiaida3bqWuVr6j1SPOaOeFOEoVJEAAZH3CFPPh9QV ALHf3OpmAcAZsEoc9NomN4KejpRu2EMUlnon/eKl0TvOYVpM9rL1WAcCwmBalhH87fQuZj Wo6NpvRDsPMlFtrr7dEBbZRBgx6MwrlZSm+SPYUyC3/DPqLicBVkDH28S+1/2A== Received: by people01.haj.ipfire.org (Postfix, from userid 1000) id 4cDBGt5Vlxz2xx8; Fri, 29 Aug 2025 21:29:10 +0000 (UTC) To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, master, updated. d4eb2e77a9647c6b85a73f3d5695d72c1665f03a X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Oldrev: 351113e21eecd730b33a2d73c1bb74eff9fcb845 X-Git-Newrev: d4eb2e77a9647c6b85a73f3d5695d72c1665f03a Message-Id: <4cDBGt5Vlxz2xx8@people01.haj.ipfire.org> Date: Fri, 29 Aug 2025 21:29:10 +0000 (UTC) From: Michael Tremer Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, master has been updated via d4eb2e77a9647c6b85a73f3d5695d72c1665f03a (commit) from 351113e21eecd730b33a2d73c1bb74eff9fcb845 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d4eb2e77a9647c6b85a73f3d5695d72c1665f03a Author: Michael Tremer Date: Fri Aug 29 21:54:17 2025 +0100 ovpnmain.cgi: Explicitely pass the gateway for static routes OpenVPN seems to fail to use the correct gateway if the client does not use the default pool. In that case, we need to explicitely push the correct gateway. Fixes: #13872 - Warning: route gateway is not reachable on any active network adapters Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: html/cgi-bin/ovpnmain.cgi | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) Difference in files: diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 0b2513174..ccf46fb02 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -605,6 +605,7 @@ sub write_ccd_configs() { foreach my $key (keys %conns) { my $name = $conns{$key}[1]; my $type = $conns{$key}[3]; + my $gateway = ""; # Skip anything that isn't a host connection next unless ($type eq "host"); @@ -631,8 +632,13 @@ sub write_ccd_configs() { # Fetch the network of the pool my $network = &get_cdd_network($pool); + my $netaddr = &Network::get_netaddress($network); my $netmask = &Network::get_netmask($network); + # The gateway is always the first address in the network + # (this is needed to push any routes below) + $gateway = &Network::find_next_ip_address($netaddr, 1); + if (defined $address && defined $network && defined $netmask) { print CONF "# Allocated IP address from $pool\n"; print CONF "ifconfig-push ${address} ${netmask}\n\n"; @@ -708,7 +714,7 @@ sub write_ccd_configs() { next; } - print CONF "push \"route $netaddress $netmask\"\n"; + print CONF "push \"route $netaddress $netmask $gateway\"\n"; } # Newline hooks/post-receive -- IPFire 2.x development tree