packages/net/openvpn/files/usr/libexec, branch master

openvpn: add missing host routes

2026-05-22T04:11:38Z

Maintainer: Alexandru Ardelean ping @feckert First of all big thanks to all involved devs, porting this to proto is not a minor task and besides some small quirks it is working well. (Not all that happy with the use of a default route instead of /1 routes, because you loose internet if the tunnel goes down but that is just me nitpicking) However I had problems with default routing as the host routes to the server endpoint were missing. I tracked it down to code in the `openvpn-hotplug` script and made some changes and in my testing it appears to work now. As a bonus I also added code for a future implementation of the `nohostroute` option. Problem: The host routes were created by just using route setup this however does not work. Solution: using `proto_add_host_dependency` seems the better solution. Furthermore the correct guard for IPv6 seems to be `net_gateway_ipv6` instead of `route_ipv6_gateway` however even the correct guard is only working if ipv6 source routing is disabled on wan6, so perhaps we should consider removing the guard entirely. For now I left it in place with a warning. I have tested it on X86 running master build from 5 days ago, both for IPv4 and IPv6 Please have a look and consider implementing. Thanks Signed-off-by: Erik Conijn

openvpn: handler: refine netifd routing and config

2026-04-17T06:48:33Z

Introduce a new `ipv6` proto option for OpenVPN netifd integration and export it to the hotplug environment. IPv6 remains enabled by default, but can now be explicitly disabled per instance. Update the hotplug helper to apply IPv6 addresses and routes only when IPv6 is enabled, allowing cleaner IPv4-only tunnel deployments. Also improve route handling by: - ignoring invalid default gateway values (0.0.0.0 / ::) - replacing fixed `seq` loops with shell-safe while loops - keeping trusted peer host routes conditional on valid gateways Signed-off-by: Chen Minqiang

openvpn: handle netifd setup in hotplug script

2026-03-21T13:47:47Z

- Process 'up'/'down' events to manage interface status. - Add IPv4/IPv6 addresses and routes via netifd-proto. - Parse DNS/search domains from foreign options. - Convert netmasks and CIDR strings with new helpers. - Apply MTU settings from OpenVPN environment. Signed-off-by: Chen Minqiang

openvpn: shellcheck fixes

2026-03-15T06:45:36Z

correct spacing for [] if blocks and var quoting. use json_get_vars to get user-defined scripts so the setenv parameters are appended to the command line. handle ovpnproto as a PROTO_STRING so it is monitored and loaded. follow-up to 337a449c03c597b49f2e18a7fd241d8945288e80 and 647b67e18b6bf857e60e4e2e1874fd04d4138586 Signed-off-by: Paul Donald

openvpn: add hotplug handling back in

2026-03-11T13:22:41Z

This commit adds hotplug handling back in. Fixes: 2607b761 ("openvpn: introduce proto handler") Signed-off-by: Florian Eckert

openvpn: introduce proto handler

2026-02-22T09:54:13Z

openvpn needs a proto handler. Here it is. Removed all of the up/down scripts from the init handler and made those entirely optional (with some ucode examples). The config options have been updated to reflect v 2.6/2.7, with a 'd' flag to denote deprecated. Deprecated flags are gated behind an 'allow_deprecated' config flag, which must be on to use them. Some flags will cease to work in the next version. Users should not be using compression. Openvpn has enough security holes and pitfalls already without using compression. Updated the example configs (left in place as legacy documentation) and removed older cryptos which do not exist in ovpn any longer. A migration script is included -x. /etc/config/openvpn entries become interface entries in /etc/config/network with proto='openvpn'. The source config is retained. Signed-off-by: Paul Donald https://github.com/openwrt/packages/pull/28533

openvpn: import from base

2020-12-01T20:37:37Z

Signed-off-by: Rosen Penev