From owner-freebsd-current@FreeBSD.ORG  Fri Jul 31 12:38:09 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E24AE1065674;
	Fri, 31 Jul 2009 12:38:09 +0000 (UTC) (envelope-from stb@lassitu.de)
Received: from koef.zs64.net (koef.zs64.net [212.12.50.230])
	by mx1.freebsd.org (Postfix) with ESMTP id 7AE328FC1C;
	Fri, 31 Jul 2009 12:38:09 +0000 (UTC) (envelope-from stb@lassitu.de)
Received: from localhost by koef.zs64.net (8.14.3/8.14.3) with ESMTP id
	n6VCc7Sc075462
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO);
	Fri, 31 Jul 2009 14:38:08 +0200 (CEST)
	(envelope-from stb@lassitu.de) (authenticated as stb)
From: Stefan Bethke <stb@lassitu.de>
To: Matthias Andree <matthias.andree@gmx.de>
In-Reply-To: <op.uxwkqxxd1e62zd@merlin.emma.line.org>
References: <B4AA014B-2444-40AA-A3A3-417E4B89DF90@lassitu.de>
	<4A709126.5050102@elischer.org>
	<3A1518B9-2C8C-4F05-9195-82C6017E4902@lassitu.de>
	<op.uxusbswp1e62zd@merlin.emma.line.org>
	<BEE762CA-4282-4BA8-B92B-AFC7AAE3CA9A@lassitu.de>
	<ABCF4747-24D4-4435-952B-EA85A2AE999F@lassitu.de>
	<B583FBF374231F4A89607B4D08578A4304E22D95@bcs-mail03.internal.cacheflow.com>
	<4A721160.5080902@elischer.org>
	<20090730220658.M245@maildrop.int.zabbadoz.net>
	<op.uxwkqxxd1e62zd@merlin.emma.line.org>
Message-Id: <B80ED984-7570-4C00-911C-7F47E25680D6@lassitu.de>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Fri, 31 Jul 2009 14:38:07 +0200
X-Mailer: Apple Mail (2.935.3)
X-Mailman-Approved-At: Sat, 01 Aug 2009 14:37:30 +0000
Cc: freebsd-ports@freebsd.org
Subject: Re: recent change to ifconfig breaks OpenVPN?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2009 12:38:10 -0000

(Moving the discussion to -ports.)

Am 31.07.2009 um 00:57 schrieb Matthias Andree:

> Am 31.07.2009, 00:36 Uhr, schrieb Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net 
> >:
>
>> Yeah that is as great as we are or rather were.
>>
>> So really, fix the openvpn scripts that assign the address to
>> interfaces to do something that would make sense from the ``man ip''
>> (not the literal command) point of view.  Just that it's "working"
>> somewhere or used to work elswhere neither means that it was correct
>> nor made sense at any time before.
>
> It's actually in the C code where it was advertised as FreeBSD fix.
> OpenVPN runs in 'topology subnet' mode here, which is documented as  
> follows:
>
> 	Use a subnet rather than a point-to-point topology by
>        configuring the tun interface with a local IP address and  
> subnet
>        mask,  similar  to  the  topology used in --dev tap and  
> ethernet
>        bridging mode.  This mode allocates a single IP address per  
> con-
>        necting  client [... MS-Windows stuff here ...]
>           When used on *nix, requires that the
>        tun driver supports an ifconfig(8) command which sets  a   
> subnet
>        instead of a remote endpoint IP address.
>
> I wonder if TUNSIFMODE (see tun(4)) is somehow needed and if so,  
> already done, and how the proper ifconfig call would look like in  
> this case. Stefan already uttered some ideas in that direction.


Here's a first draft at a patch for OpenVPN.  With this, the tun  
interface gets set to IFF_BROADCAST mode.  One small piece is still  
missing: OpenVPN tries to install a route for the subnet, but that  
fails because now ifconfig has already inserted that route.  I'll try  
to look into that a bit later on.  I also haven't tested the server  
side yet, or any other mode.

root@freebsd-current:/usr/ports/security/openvpn-devel# cat files/ 
patch-tun.c
--- tun.c.orig	2009-05-30 23:34:13.000000000 +0200
+++ tun.c	2009-07-31 14:22:31.000000000 +0200
@@ -863,11 +863,10 @@
        else {
  	if (tt->topology == TOP_SUBNET)
              argv_printf (&argv,
-                              "%s %s %s %s netmask %s mtu %d up",
+                              "%s %s %s netmask %s mtu %d up",
                                IFCONFIG_PATH,
                                actual,
                                ifconfig_local,
-                              ifconfig_local,
                                ifconfig_remote_netmask,
                                tun_mtu
                                );
@@ -1745,14 +1744,15 @@
  {
    open_tun_generic (dev, dev_type, dev_node, ipv6, true, true, tt);

-  if (tt->fd >= 0)
+  if (tt->fd >= 0 && tt->type == DEV_TYPE_TUN)
      {
        int i = 0;

-      /* Disable extended modes */
+      i = tt->topology == TOP_SUBNET ? IFF_BROADCAST : IFF_POINTOPOINT;
+      i |= IFF_MULTICAST;
+      ioctl (tt->fd, TUNSIFMODE, &i);
+      i = 0;
        ioctl (tt->fd, TUNSLMODE, &i);
-      i = 1;
-      ioctl (tt->fd, TUNSIFHEAD, &i);
      }
  }


Stefan

-- 
Stefan Bethke <stb@lassitu.de>   Fon +49 151 14070811