Package: vpnc-scripts
Version: 0.1~git20190117-1
Severity: normal
Dear Maintainer,
When VPN server (Cisco in my case) provides a list of sub-nets that should not
be routed through VPN, the script creates a bunch of corresponding routes but
omits the provided netmasks, thus effectively ignoring the feature. Moreover,
on termination of VPN connection the script is not able to properly remove
created routes because they use invalid netmask (/32 by default).
I traced the problem down to the 'route add' command executed inside
set_exclude_route(). The following hack fixes the issue for me:
cmd="$IPROUTE route add `$IPROUTE route get "$NETWORK/$NETMASKLEN"
| fix_ip_get_output`"
cmd=`echo $cmd | sed -e 's@ via @'"/$NETMASKLEN via @"` # add proper netmask
$cmd
(A similar change is needed for set_ipv6_exclude_route() if you use IPv6.)
I noticed the issue after upgrade from Stretch to Buster. I don't know whether
it worked before, or just was not supported, and whether it could be caused by
a potential change in 'ip route get' output format or not.
-- System Information:
Debian Release: 10.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages vpnc-scripts depends on:
ii iproute2 4.20.0-2
ii net-tools 1.60+git20180626.aebd88e-1
vpnc-scripts recommends no packages.
Versions of packages vpnc-scripts suggests:
pn dnsmasq <none>
ii openssh-server 1:7.9p1-10
pn resolvconf <none>
-- no debconf information
--
...Bye..Dmitry.
