Package: dhcp3-client
Version: 3.1.1-6+lenny3
Severity: important
*** Please type your report below this line ***
As I watched the various wireless security protocols get cracked,
I decided to give up on wireless security, there's a better and
simpler solution, openvpn. It takes a whole lot less work to set up
openvpn-client/openvpn-server than a supplicant/radius-hostap (which I
used to use with TKIP/AES settings). Not to mention, remote access and
wireless access management is consolidated into one place
(openvpn-server) vs the radius and openvpn-servers.
When my system connects to a wireless router, it runs a dhclient to set
up the wireless interface wlan0. Openvpn supplies my real connection thru
the tap0 virtual network device. The firewall is set up to only allow dhcp
traffic and openvpn traffic on the wireless link (wlan0). This also has the
added virtue of allowing me to use any of several wireless routers, yet
always have the same network IP address as the wired network connection,
thereby eliminating the need for a dynamic dns server.
When using this set up, after initial connection, the default route is
switched to the openvpn tap0 device (aka default route moves from wlan0
to tap0).
The problem is that /sbin/dhclient-script has some 'naughty' code in it.
Specifically, under BOUND|RENEW|REBIND|REBOOT) and TIMEOUT) one finds:
for router in $new_routers; do
route add default dev $interface gw $router $metric_arg
done
The problem with this, is that the default route is *unconditionally*
set. Which is why the system gets two default routes in the routing table,
and stops working.
There needs to be a check added to make sure that the default route isn't
already set. If the default route is set, then the naughty code should
NOT be run. Something along the lines of:
if [ "`ip route show | egrep -c '^default'`" -eq 0 ]; then
for router in $new_routers; do
route add default dev $interface gw $router $metric_arg
done
fi
This would preserve backwards compatiblity with those needing the default
route set by the dhclient, and stop breaking network set ups where the
default route is already set.
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages dhcp3-client depends on:
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii debianutils 2.30 Miscellaneous utilities specific t
ii dhcp3-common 3.1.1-6+lenny3 common files used by all the dhcp3
ii libc6 2.7-18 GNU C Library: Shared libraries
dhcp3-client recommends no packages.
Versions of packages dhcp3-client suggests:
pn avahi-autoipd <none> (no description available)
ii resolvconf 1.42 name server information handler
-- debconf information:
dhcp3-client/dhclient-needs-restarting:
dhcp3-client/dhclient-script_moved:
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
