Merge remote-tracking branch 'origin/route-monitor-openvpn'

Author: dlon

CHANGELOG.md

@@ -55,6 +55,7 @@ Line wrap the file at 100 chars.                                              Th
 #### Linux
 - Make route monitor ignore loopback routes.
 - Increase NetworkManager device readiness timeout to 15 seconds.
+- Set up routes for OpenVPN using the route manager instead of relying on OpenVPN.
 
 ### Fixed
 - Fix missing map animation after selecting a new location in the desktop app.

talpid-core/src/dns/linux/network_manager.rs

@@ -172,21 +172,15 @@ impl NetworkManager {
                 .get(NM_DEVICE, "Ip4Config")
                 .map_err(Error::Dbus)?;
 
-            let device_routes: Vec<Vec<u32>> = self
-                .dbus_connection
-                .with_path(NM_BUS, &device_ip4_config, RPC_TIMEOUT_MS)
-                .get(NM_IP4_CONFIG, "Routes")
-                .map_err(Error::Dbus)?;
-
             let device_route_data: Vec<HashMap<String, Variant<Box<dyn RefArg>>>> = self
                 .dbus_connection
                 .with_path(NM_BUS, &device_ip4_config, RPC_TIMEOUT_MS)
                 .get(NM_IP4_CONFIG, "RouteData")
                 .map_err(Error::Dbus)?;
 
             ipv4_settings.insert("route-metric", Variant(Box::new(0u32)));
-            ipv4_settings.insert("routes", Variant(Box::new(device_routes)));
             ipv4_settings.insert("route-data", Variant(Box::new(device_route_data)));
+            ipv4_settings.remove("routes");
         }
 
         if let Some(ipv6_settings) = settings.get_mut("ipv6") {
@@ -201,21 +195,14 @@ impl NetworkManager {
                 .with_path(NM_BUS, &device_ip6_config, RPC_TIMEOUT_MS)
                 .get(NM_IP6_CONFIG, "Addresses")
                 .map_err(Error::Dbus)?;
-
-            let device_routes6: Vec<(Vec<u8>, u32, Vec<u8>, u32)> = self
-                .dbus_connection
-                .with_path(NM_BUS, &device_ip6_config, RPC_TIMEOUT_MS)
-                .get(NM_IP6_CONFIG, "Routes")
-                .map_err(Error::Dbus)?;
-
             let device_route6_data: Vec<HashMap<String, Variant<Box<dyn RefArg>>>> = self
                 .dbus_connection
                 .with_path(NM_BUS, &device_ip6_config, RPC_TIMEOUT_MS)
                 .get(NM_IP6_CONFIG, "RouteData")
                 .map_err(Error::Dbus)?;
 
             ipv6_settings.insert("route-metric", Variant(Box::new(0u32)));
-            ipv6_settings.insert("routes", Variant(Box::new(device_routes6)));
+            ipv6_settings.remove("routes");
             ipv6_settings.insert("route-data", Variant(Box::new(device_route6_data)));
             // if the link contains link local addresses, addresses shouldn't be reset
             if ipv6_settings

talpid-core/src/process/openvpn.rs

@@ -42,6 +42,9 @@ static BASE_ARGUMENTS: &[&[&str]] = &[
         "vpn_gateway",
         "1",
     ],
+    // The route manager is used to add the routes.
+    #[cfg(target_os = "linux")]
+    &["--route-noexec"],
 ];
 
 static ALLOWED_TLS1_2_CIPHERS: &[&str] = &[

talpid-core/src/tunnel/mod.rs

@@ -160,14 +160,9 @@ impl TunnelMonitor {
 
         match tunnel_parameters {
             #[cfg(not(target_os = "android"))]
-            TunnelParameters::OpenVpn(config) => Self::start_openvpn_tunnel(
-                &config,
-                log_file,
-                resource_dir,
-                on_event,
-                #[cfg(target_os = "linux")]
-                route_manager,
-            ),
+            TunnelParameters::OpenVpn(config) => {
+                Self::start_openvpn_tunnel(&config, log_file, resource_dir, on_event, route_manager)
+            }
             #[cfg(target_os = "android")]
             TunnelParameters::OpenVpn(_) => Err(Error::UnsupportedPlatform),
 
@@ -230,19 +225,13 @@ impl TunnelMonitor {
         log: Option<PathBuf>,
         resource_dir: &Path,
         on_event: L,
-        #[cfg(target_os = "linux")] route_manager: &mut RouteManager,
+        route_manager: &mut RouteManager,
     ) -> Result<Self>
     where
         L: Fn(TunnelEvent) + Send + Sync + 'static,
     {
-        let monitor = openvpn::OpenVpnMonitor::start(
-            on_event,
-            config,
-            log,
-            resource_dir,
-            #[cfg(target_os = "linux")]
-            route_manager,
-        )?;
+        let monitor =
+            openvpn::OpenVpnMonitor::start(on_event, config, log, resource_dir, route_manager)?;
         Ok(TunnelMonitor {
             monitor: InternalTunnelMonitor::OpenVpn(monitor),
         })