From be5b441e58e15d7213e752ff50742eb19fef249d Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Tue, 9 Jun 2020 11:15:58 +0200 Subject: [PATCH] Fix default gateway routes The 128.0.0.0/1 route was missing causing some traffic to go outside the VPN --- edge_utils.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/edge_utils.c b/edge_utils.c index 825b8ef..11a7a7f 100644 --- a/edge_utils.c +++ b/edge_utils.c @@ -2325,10 +2325,12 @@ static int edge_init_routes(n2n_edge_t *eee, n2n_route_t *routes, uint16_t num_r * 2. Add the new default gateway route * * Instead of modifying the system default gateway, we use the trick - * of adding a route to the 0.0.0.0/1 network, which takes precedence - * over the default gateway (0.0.0.0/0). This leaves the default - * gateway unchanged so that after n2n is stopped the cleanup is - * easier. + * of adding a route to the networks 0.0.0.0/1 and 128.0.0.0/1, thus + * covering the whole IPv4 range. Such routes in linux take precedence + * over the default gateway (0.0.0.0/0) since are more specific. + * This leaves the default gateway unchanged so that after n2n is + * stopped the cleanup is easier. + * See https://github.com/zerotier/ZeroTierOne/issues/178#issuecomment-204599227 */ n2n_sock_t sn; n2n_route_t custom_route; @@ -2378,6 +2380,14 @@ static int edge_init_routes(n2n_edge_t *eee, n2n_route_t *routes, uint16_t num_r custom_route.net_bitlen = 1; custom_route.gateway = route->gateway; + if(routectl(RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, &custom_route, eee->device.if_idx) < 0) + return(-1); + + /* ip route add 128.0.0.0/1 via n2n_gateway */ + custom_route.net_addr = 128; + custom_route.net_bitlen = 1; + custom_route.gateway = route->gateway; + if(routectl(RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, &custom_route, eee->device.if_idx) < 0) return(-1); } else {