always exclude TUNDEV when finding/setting gateway route

The previous commit didn't fix #20, because 'ip route get' doesn't preserve the onlink flag.
(See https://gitlab.com/openconnect/vpnc-scripts/-/issues/20#note_542783676)

We should just use the 'ip route show' version across-the-board; it's more complex, but appears
to be quite robus. If we have to use it to get the gateway route correctly, then we simply
remove the redundancy in the code. *BSD code ('route'-based) can be similarly simplified.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/vpnc-script b/vpnc-script
index 681bb5e7b4888816591933498ff8a038d4a5fdc6..1027e368a70d1bfd2b87e7a0352989e996a1b689 100755 (executable)
--- a/vpnc-script
+++ b/vpnc-script
@@ -253,11 +253,6 @@ if [ -n "$IPROUTE" ]; then
        }
 
        set_vpngateway_route() {
-               $IPROUTE route add `$IPROUTE route get "$VPNGATEWAY" | fix_ip_get_output`
-               $IPROUTE route flush cache 2>/dev/null
-       }
-
-       set_vpngateway_route_attempt_reconnect() {
                # We'll attempt to add a host route to the gateway through every route that matches
                # its address (excluding those through TUNDEV because the goal is to avoid loopback).
 
@@ -402,11 +397,7 @@ else # use route command
                # - keep lines starting with 'default' or '0.0.0.0', but exclude bogus routes '0.0.0.0/nn' where nn != 0
                # - remove lines containing IPv6 addresses (':')
                # - remove lines for link-local routes (https://superuser.com/a/1067742)
-               netstat -r -n | awk '/:/ { next; } /link#/ { next; } /^(default|0\.0\.0\.0([[:space:]]|\/0))/ { print $2; exit; }'
-       }
-
-       get_default_gw_excl_tunnel() {
-               # Get rid of lines containing $TUNDEV (we don't want loopback)
+               # - remove lines containing $TUNDEV (we don't want loopback)
                netstat -r -n | awk '/:/ { next; } /link#/ { next; } /[[:space:]]'"$TUNDEV"'([[:space:]]|$)/ { next; } /^(default|0\.0\.0\.0([[:space:]]|\/0))/ { print $2; exit; }'
        }
 
@@ -420,13 +411,6 @@ else # use route command
                esac
        }
 
-       set_vpngateway_route_attempt_reconnect() {
-               case "$VPNGATEWAY" in
-               *:*)    route add $route_syntax_inet6_host "$VPNGATEWAY" $route_syntax_gw "`get_ipv6_default_gw_excl_tunnel`";;
-               *)      route add -host "$VPNGATEWAY" $route_syntax_gw "`get_default_gw_excl_tunnel`";;
-               esac
-       }
-
        del_vpngateway_route() {
                case "$VPNGATEWAY" in
                *:*)    route $route_syntax_del $route_syntax_inet6_host "$VPNGATEWAY" $route_syntax_gw "`get_ipv6_default_gw`";;
@@ -501,12 +485,9 @@ else # use route command
                # Intended behavior, starting with `netstat -r -n` IPv6 output:
                # - keep lines starting with 'default' or '::'
                # - append %$interface to link-local routes (fe80::/10)
-               # - remove lines for loopback interface (lo)
+               # - remove lines for loopback interface (lo)
+               # - remove lines containing $TUNDEV (we don't want loopback)
                # FIXME: is there a better way to exclude loopback routes than filtering interface /^lo/?
-               netstat -r -n $netstat_syntax_ipv6 | awk '/^(default|::\/0)/ { if ($NF!~/^lo/) { print ($2~/^fe[89ab]/ ? $2"%"$NF : $2); } }'
-       }
-
-       get_ipv6_default_gw_excl_tunnel() {
                netstat -r -n $netstat_syntax_ipv6 | awk '/^(default|::\/0)/ { if ($NF!~/^lo/ && /$NF!~/'"$TUNDEV"'([[:space:]]|$)/) { print ($2~/^fe[89ab]/ ? $2"%"$NF : $2); } }'
        }
 
@@ -1134,7 +1115,7 @@ do_disconnect() {
 }
 
 do_attempt_reconnect() {
-       set_vpngateway_route_attempt_reconnect
+       set_vpngateway_route
 }
 
 #### Main