openmptcprouter icon indicating copy to clipboard operation
openmptcprouter copied to clipboard

Published 20 hours ago verified publisher icon Ysurac

Default gateways are added even if "disable default gateway" is enabled when VPS connection goes down

Open grapexy opened this issue 3 years ago • 0 comments

Expected Behavior

When "Disable default gateway" is checked in Advanced settings and VPS becomes inaccessible, internet should not be reachable from any of the WAN interfaces.

Current Behavior

When VPS goes down, connections are sometimes sent via default WAN interfaces. ip r after killing the VPS:

default via 192.168.111.1 dev WAN_111 metric 14 
default via 192.168.112.1 dev WAN_112 metric 16 
default via 192.168.92.31 dev usb0 metric 18 
10.255.255.1 dev tun0 proto kernel scope link src 10.255.255.2 
10.255.255.2 dev tun0 scope link metric 1200 
127.0.0.0/8 dev lo proto static scope link metric 5 
192.168.92.0/24 dev usb0 scope link metric 18 
192.168.111.0/24 dev WAN_111 scope link metric 14 
192.168.112.0/24 dev WAN_112 scope link metric 16 
{server_ip} via 192.168.112.1 dev WAN_112 metric 1 
{server_ip} via 192.168.111.1 dev WAN_111 metric 14 
{server_ip} via 192.168.112.1 dev WAN_112 metric 16 
{server_ip} via 192.168.92.31 dev usb0 metric 18

This can be verified by getting IP address:

root@OpenMPTCProuter:~# curl ifconfig.me --resolve 'ifconfig.me:80:34.117.59.81'
{WAN_111_IP}

Possible Solution

Steps to Reproduce the Problem

  1. Check "Disable default gateway" in advanced settings.
  2. Shut down VPS.
  3. check ip r and curl ifconfig.me --resolve 'ifconfig.me:80:34.117.59.81' to see that traffic is still going out.

Context (Environment)

As running commercial VPN before OMR effectively disables multipath (everything goes through single interface for some reason), I need to trust OMR that it will not leak my connection to ISP and send packets to VPS ONLY or drop them if VPS is unreachable. For context, OMR is sitting behind a router and two ISP connections are available via VLAN 111 and VLAN 112 on eth0 interface.

Specifications

  • OpenMPTCProuter version: openmptcprouter v0.58.5
  • OpenMPTCProuter VPS version: OpenMPTCProuter VPS 0.1026
  • OpenMPTCProuter VPS provider: OVH
  • OpenMPTCProuter platform: x86_64
  • Country: Irrelevant

grapexy avatar May 27 '22 04:05 grapexy