GP: Fix the issue of a 0.0.0.0/0 "split"-include route by swapping the "split" route with the default netmask. (!118) · Merge requests · OpenConnect VPN projects / OpenConnect

Daniel Lenski requested to merge GP_demangle_default_route_as_split_route into master May 24, 2020

GlobalProtect VPNs always or almost always send <netmask>255.255.255.255</netmask> (host route). If they wish to include a true IPv4 default route (0.0.0.0/0), they send it as a "split"-include route.

This interferes with NetworkManager users’ ability to use the "Use only for resources on this connection" feature of NM's VPN plugins. (Which basically tells NM to use only split routes from the connection, and ignore a default route.)

This patch detects the case of a 0.0.0.0/0 IPv4 "split"-include route, and swaps it to become the default default route.

See: https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/merge_requests/12#note_818780

Signed-off-by: Daniel Lenski dlenski@gmail.com

Edited Nov 10, 2020 by Daniel Lenski

GP: Fix the issue of a 0.0.0.0/0 "split"-include route by swapping the "split" route with the default netmask.

Merge request reports