Direct route to VPN gateway not set

[nielspeen]

These are actually two separate issues:

On Windows 8 the TAP interface is setup correctly. A new default route is also created correctly. A direct route to the VPN gateway however is not. Traffic loops/stops flowing and causes the second error below.

The GUI correctly detects DTLS setup failed and shows a red traffic sign/disconnected state. It forgets however to remove the default route to the VPN and bring down the TAP interface. This leaves the computer unable to access the Internet.

[nmav]

That could be an issue in the script, as it should always be called on disconnection. I'll try to check it this week.

[nielspeen]

The script configures the TAP interface first, then sets up the direct route to the VPN gateway. Because the interface configuration automatically includes the new default gateway there is a brief moment where traffic loops and DTLS setup can fail.

After moving the direct route creation command up, to be executed prior to the interface configuration, my problem was solved.

[nmav]

Could you send your changes as a patch or pull request?

[nielspeen]

--- /tmp/vpnc-script-win.js     2014-09-10 03:04:29.000000000 +0800
+++ vpnc-script-win.js  2014-09-09 23:43:03.000000000 +0800
@@ -21,7 +21,7 @@
        return;
 }

-function exec(cmd)
+function run(cmd)
  {
        var s = "";
        log.WriteLine("executing: " + cmd);
@@ -42,9 +42,15 @@
        return s;
 }

+function exec(cmd)
+{
+       log.WriteLine("executing: " + cmd);
+       ws.Run(cmd, 7, true);
+}
+
 function getDefaultGateway()
 {
-       if (exec("route print").match(/0\.0\.0\.0 *(0|128)\.0\.0\.0 *([0-9\.]*)/)) {
+       if (run("route print").match(/0\.0\.0\.0 *(0|128)\.0\.0\.0 *([0-9\.]*)/)) {
                return (RegExp.$2);
        }
        return ("");
@@ -55,7 +61,7 @@
        for (var i = 0; i < 5; i++) {
                echo("Waiting for interface to come up...");
                WScript.Sleep(2000);
-               if (exec("route print").match(if_route)) {
+               if (run("route print").match(if_route)) {
                        return true;
                }
        }
@@ -99,6 +105,10 @@
        echo("Internal Gateway: " + internal_gw);
        echo("Interface: \"" + env("TUNDEV") + "\"");

+       // Add direct route for the VPN gateway to avoid routing loops
+       exec("route add " + env("VPNGATEWAY") +
+            " mask 255.255.255.255 " + gw);
+
        if (env("INTERNAL_IP4_MTU")) {
            echo("MTU: " + env("INTERNAL_IP4_MTU"));
            exec("netsh interface ipv4 set subinterface \"" + env("TUNDEV") +
@@ -125,9 +135,6 @@
                        env("INTERNAL_IP4_ADDRESS") + " " + env("INTERNAL_IP4_NETMASK") + " " + internal_gw + " 1");
        }

-       // Add direct route for the VPN gateway to avoid routing loops
-       exec("route add " + env("VPNGATEWAY") +
-            " mask 255.255.255.255 " + gw);

     if (env("INTERNAL_IP4_NBNS")) {
                var wins = env("INTERNAL_IP4_NBNS").split(/ /);

[nielspeen]

Hm. I think my patch will undo your own most recent patch as I based it on a version downloaded earlier today.