Bug 279988

Summary: Can't delete route from table if IP is endpoint in tun: "delete host ${IP}: gateway tun0 fib 0: gateway uses the same route"
Product: Base System Reporter: Vladimir Druzenko <vvd>
Component: kernAssignee: Gleb Smirnoff <glebius>
Status: New ---    
Severity: Affects Some People    
Priority: ---    
Version: 14.1-RELEASE   
Hardware: Any   
OS: Any   
Bug Depends on:    
Bug Blocks: 279817    

Description Vladimir Druzenko freebsd_committer freebsd_triage 2024-06-25 13:33:16 UTC 
Testing script:
ifconfig tun0 create
ifconfig tun0 10.10.10.10 20.20.20.20
route -n delete -host 20.20.20.20 -interface tun0

3rd line work on 13, but fails on 14 with error:
delete host 20.20.20.20: gateway tun0 fib 0: gateway uses the same route

Background: there is port security/openfortivpn - "Openfortivpn is a client for PPP+SSL VPN tunnel services".

It create tun0:
tun0: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet 10.10.10.10 --> 20.20.20.20 netmask 0xffffffff
        groups: tun
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        Opened by PID 14208

Before connect route table have lines:
default            10.0.0.1           UGS         em0
10.0.0.0/16        link#1             U           em0
127.0.0.1          link#2             UH          lo0
Just after create tun0 added this line:
20.20.20.20        link#3             UHS        tun0

Then it try to remove this line and add another (log from run openfortivpn -v):
DEBUG:  /sbin/route -n delete -host 20.20.20.20 -interface tun0
delete host 20.20.20.20: gateway tun0 fib 0: gateway uses the same route
DEBUG:  ip route show to 20.20.20.20/255.255.255.255 dev !tun0
DEBUG:  netstat_path: /usr/bin/netstat
DEBUG:  Setting route to vpn server...
DEBUG:  ip route show to 20.20.20.20/255.255.255.255 via 10.0.0.1 dev em0
DEBUG:  /sbin/route -n add -host 20.20.20.20 10.0.0.1
add host 20.20.20.20: gateway 10.0.0.1 fib 0: route already in table
INFO:   Tunnel is up and running.

VPN doesn't work - timeout send packets:
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (6 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (6 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (6 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (6 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  ppp ---> gateway (1502 bytes)
DEBUG:  Error reading from SSL connection (Operation timed out).
DEBUG:  Error writing to SSL connection (Connection closed).
INFO:   Cancelling threads...
INFO:   Cleanup, joining threads...
DEBUG:  ppp ---> gateway (54 bytes)
DEBUG:  Disconnecting
INFO:   Setting tun0 interface down.
INFO:   Restoring routes...
DEBUG:  /sbin/route -n delete -host 20.20.20.20 10.0.0.1
delete host 20.20.20.20: gateway 10.0.0.1 fib 0: not in table
DEBUG:  Waiting for ppp to exit...
DEBUG:  waitpid: ppp exit status code 0
DEBUG:  ppp: Successful exit.
INFO:   Terminated ppp.
INFO:   Closed connection to gateway.

Same part of the log from 13:
DEBUG:  /sbin/route -n delete -host 20.20.20.20 -interface tun0
delete host 20.20.20.20: gateway tun0
DEBUG:  ip route show to 20.20.20.20/255.255.255.255 dev !tun0
DEBUG:  netstat_path: /usr/bin/netstat
DEBUG:  Setting route to vpn server...
DEBUG:  ip route show to 20.20.20.20/255.255.255.255 via 10.0.0.1 dev em0
DEBUG:  /sbin/route -n add -host 20.20.20.20 10.0.0.1
add host 20.20.20.20: gateway 10.0.0.1
INFO:   Tunnel is up and running.
DEBUG:  ppp ---> gateway (6 bytes)
DEBUG:  gateway ---> ppp (14 bytes)
DEBUG:  ppp ---> gateway (6 bytes)
DEBUG:  gateway ---> ppp (14 bytes)
DEBUG:  ppp ---> gateway (6 bytes)
DEBUG:  gateway ---> ppp (14 bytes)
DEBUG:  ppp ---> gateway (6 bytes)
DEBUG:  gateway ---> ppp (14 bytes)
DEBUG:  ppp ---> gateway (30 bytes)
DEBUG:  gateway ---> ppp (30 bytes)
DEBUG:  ppp ---> gateway (30 bytes)
DEBUG:  gateway ---> ppp (30 bytes)

Route table after connect have lines:
default            10.0.0.1           UGS         em0
10.0.0.0/16        link#1             U           em0
127.0.0.1          link#2             UH          lo0
20.20.20.20        10.0.0.1           UGHS        em0

And VPN work fine on 13.