From 347c34f9aec9f4b98dc158ce15ad3b3cef52bff4 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Fri, 1 Mar 2019 05:31:13 +0100
Subject: tunnel: set low metric instead of split default

---
 service/service_tunnel.go | 35 +++++++++++++++++++++++++++++++----
 1 file changed, 31 insertions(+), 4 deletions(-)

(limited to 'service/service_tunnel.go')

diff --git a/service/service_tunnel.go b/service/service_tunnel.go
index 5dae5d50..72fb7ca0 100644
--- a/service/service_tunnel.go
+++ b/service/service_tunnel.go
@@ -201,17 +201,21 @@ func (service *tunnelService) Execute(args []string, r <-chan svc.ChangeRequest,
 				Mask: ipnet.Mask,
 			},
 			NextHop: gateway,
-			Metric:  1,
+			Metric:  0,
 		}
 		routeCount++
 	}
 
+	foundDefault := false
 	for _, peer := range conf.Peers {
 		for _, allowedip := range peer.AllowedIPs {
 			routes[routeCount] = winipcfg.RouteData{
 				Destination: allowedip.IPNet(),
 				NextHop:     *firstGateway,
-				Metric:      1,
+				Metric:      0,
+			}
+			if allowedip.Cidr == 0 {
+				foundDefault = true
 			}
 			routeCount++
 		}
@@ -222,7 +226,7 @@ func (service *tunnelService) Execute(args []string, r <-chan svc.ChangeRequest,
 		err = iface.FlushRoutes()
 		if err == nil {
 			for _, route := range routes {
-				err = iface.AddRoute(&route, true)
+				err = iface.AddRoute(&route, false)
 
 				//TODO: Ignoring duplicate errors like this maybe isn't very reasonable.
 				// instead we should make sure we're not adding duplicates ourselves when
@@ -242,8 +246,31 @@ func (service *tunnelService) Execute(args []string, r <-chan svc.ChangeRequest,
 	if err == nil {
 		err = iface.SetDNS(conf.Interface.Dns)
 	}
+	if err == nil {
+		ipif, err := iface.GetIpInterface(winipcfg.AF_INET)
+		if err == nil {
+			if foundDefault {
+				ipif.UseAutomaticMetric = false
+				ipif.Metric = 0
+			}
+			err = ipif.Set()
+		}
+	}
+	if err == nil {
+		ipif, err := iface.GetIpInterface(winipcfg.AF_INET6)
+		if err == nil {
+			if foundDefault {
+				ipif.UseAutomaticMetric = false
+				ipif.Metric = 0
+			}
+			ipif.DadTransmits = 0
+			ipif.RouterDiscoveryBehavior = winipcfg.RouterDiscoveryDisabled
+			ipif.LinkLocalAddressBehavior = winipcfg.LinkLocalAlwaysOff
+			err = ipif.Set()
+		}
+	}
 	if err != nil {
-		logger.Error.Println("Unable to set interface addresses, routes, or DNSes:", err)
+		logger.Error.Println("Unable to set interface addresses, routes, DNS, or IP settings:", err)
 		changes <- svc.Status{State: svc.StopPending}
 		exitCode = ERROR_NETWORK_BUSY
 		device.Close()
-- 
cgit v1.2.3-59-g8ed1b