[Bug 1886809] Re: Pulse connect VPN exists because unwanted avahi network starts
Helio Loureiro
1886809 at bugs.launchpad.net
Fri Oct 15 11:50:13 UTC 2021
Hi @dbungert,
Sadly the company decided to move out from pulse secure usage, so I
can't help anymore with tests. But I can give some insights.
The main issue is that AVAHI_DAEMON_DETECT_LOCAL set as 0 isn't avoiding
avahi to change routes. It shouldn't happen.
My patch isn't this direction and it is much more specific for the use
case I had that time. My suggestion for long term solution instead is
to just call `return` or `exit 0` once the AVAHI_DAEMON_DETECT_LOCAL
value is 0.
What do you think?
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to avahi in Ubuntu.
https://bugs.launchpad.net/bugs/1886809
Title:
Pulse connect VPN exists because unwanted avahi network starts
Status in avahi package in Ubuntu:
New
Bug description:
Pulse VPNs exists very often because avahi enforces network
192.250.0.0/0 over tun0 interface. The message error is:
rmon.error Unauthorized new route to 169.254.0.0/0.0.0.0 has been
added (conflicts with our route to 0.0.0.0), disconnecting
(routemon.cpp:598)
No matter the options to skip avahi on /etc/default/avahi-daemon, it
always calls /etc/network/if-up.d/avahi-autoipd and raises this
discovery network.
A fix can be done patching /etc/network/if-up.d/avahi-autoipd to skip
any tunnel interface.
--- /etc/network/if-up.d/avahi-autoipd.dpkg-old 2020-07-08 13:25:41.834569800 +0200
+++ /etc/network/if-up.d/avahi-autoipd 2020-07-07 10:07:37.611118581 +0200
@@ -11,6 +11,10 @@
[ -x /usr/sbin/avahi-autoipd ] || exit 0
+case "$IFACE" in
+ tun*) exit 0 ;;
+esac
+
[ "$IFACE" != "lo" ] || exit 0
case "$ADDRFAM" in
inet) ;;
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1886809/+subscriptions
More information about the foundations-bugs
mailing list