Skip to content

openvpn: handler: refine netifd routing and config#29121

Merged
feckert merged 1 commit intoopenwrt:masterfrom
ptpt52:pr-20260411
Apr 17, 2026
Merged

openvpn: handler: refine netifd routing and config#29121
feckert merged 1 commit intoopenwrt:masterfrom
ptpt52:pr-20260411

Conversation

@ptpt52
Copy link
Copy Markdown
Contributor

@ptpt52 ptpt52 commented Apr 11, 2026
edited
Loading

This commit introduces several improvements to the openvpn proto handler and hotplug script:

  • Add ipv6 boolean option (default: 1) to allow enabling/disabling IPv6 hotplug processing.
  • Increase the maximum number of processed pushed routes from 32 to 128 for both IPv4 and IPv6.
  • Prevent adding host routes for trusted_ip and trusted_ip6 if the gateway is unspecified ("0.0.0.0" or "::").

@feckert

@ptpt52
Copy link
Copy Markdown
Contributor Author

ptpt52 commented Apr 13, 2026

cc @systemcrash @hnyman

@hnyman
Copy link
Copy Markdown
Contributor

hnyman commented Apr 13, 2026

I merged the other PR first, so this needs to be rebased.

systemcrash
systemcrash reviewed Apr 13, 2026
View reviewed changes
Comment thread net/openvpn/Makefile Outdated
feckert
feckert reviewed Apr 15, 2026
View reviewed changes
Comment thread net/openvpn/files/lib/netifd/proto/openvpn.sh
Comment thread net/openvpn/files/usr/libexec/openvpn-hotplug Outdated
@ptpt52
openvpn: handler: refine netifd routing and config
ecf7508 
Introduce a new `ipv6` proto option for OpenVPN netifd integration and
export it to the hotplug environment. IPv6 remains enabled by default,
but can now be explicitly disabled per instance.

Update the hotplug helper to apply IPv6 addresses and routes only when
IPv6 is enabled, allowing cleaner IPv4-only tunnel deployments.

Also improve route handling by:
- ignoring invalid default gateway values (0.0.0.0 / ::)
- replacing fixed `seq` loops with shell-safe while loops
- keeping trusted peer host routes conditional on valid gateways

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
@ptpt52
Copy link
Copy Markdown
Contributor Author

ptpt52 commented Apr 16, 2026

update:

Introduce a new `ipv6` proto option for OpenVPN netifd integration and
export it to the hotplug environment. IPv6 remains enabled by default,
but can now be explicitly disabled per instance.

Update the hotplug helper to apply IPv6 addresses and routes only when
IPv6 is enabled, allowing cleaner IPv4-only tunnel deployments.

Also improve route handling by:
- ignoring invalid default gateway values (0.0.0.0 / ::)
- replacing fixed `seq` loops with shell-safe while loops
- keeping trusted peer host routes conditional on valid gateways

@feckert
Copy link
Copy Markdown
Member

feckert commented Apr 17, 2026

LGTM
Thanks merged!

@feckert feckert merged commit bb02e8b into openwrt:master Apr 17, 2026
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@feckert feckert feckert left review comments

+1 more reviewer

@systemcrash systemcrash systemcrash left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ptpt52 @hnyman @feckert @systemcrash