From owner-freebsd-net@FreeBSD.ORG  Thu May 12 16:21:54 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8394F106566B
	for <freebsd-net@freebsd.org>; Thu, 12 May 2011 16:21:54 +0000 (UTC)
	(envelope-from lacombar@gmail.com)
Received: from mail-gy0-f182.google.com (mail-gy0-f182.google.com
	[209.85.160.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 3F9798FC0A
	for <freebsd-net@freebsd.org>; Thu, 12 May 2011 16:21:54 +0000 (UTC)
Received: by gyg13 with SMTP id 13so732610gyg.13
	for <freebsd-net@freebsd.org>; Thu, 12 May 2011 09:21:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:in-reply-to:references:date
	:message-id:subject:from:to:cc:content-type
	:content-transfer-encoding;
	bh=QjvhUvpe/w61P1BN1CwJ7eEx3TZCn0+ABk8IGVjysQQ=;
	b=wbrxz6aE9Yfu4m1ZvdZ42lZQZ3I/yWKQJ+BbPglifLaaXicbnafbPKDG5VUGQy/Nf7
	d7ILfo+UwSVngj8RDU2/5DgFUUmg18kn+DOyvXlbGi1E2Agl51pL8x+e3iqf1kCWLeDY
	AyU4oa4lZ6zKy3aaWbHW2GDQy6Yh4bgOmY1ow=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:content-transfer-encoding;
	b=WOP0nvoL/IpQfnatd59TyzkrlhTDVr42UF4e77ila+NVj1l4TvL38Xhx8J1V53KCnK
	EajjlCEfev2iBNIgclHeqd8WUFGlU/oyb5kEZNjgDScj+BCKz4e0E8mc9S/T4z38M/an
	pkF/uvPEpZU9t5oKiFkARdlemoHrZZ/ijfxUE=
MIME-Version: 1.0
Received: by 10.42.152.199 with SMTP id j7mr453892icw.404.1305217313445; Thu,
	12 May 2011 09:21:53 -0700 (PDT)
Received: by 10.42.178.70 with HTTP; Thu, 12 May 2011 09:21:53 -0700 (PDT)
In-Reply-To: <54805.960.2090-2700-1520430731-1305210003@email.cz>
References: <54805.960.2090-2700-1520430731-1305210003@email.cz>
Date: Thu, 12 May 2011 12:21:53 -0400
Message-ID: <BANLkTik8RKD=zXMHCMGCxrvbaL9bPgLn7g@mail.gmail.com>
From: Arnaud Lacombe <lacombar@gmail.com>
To: sample@email.cz
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-net@freebsd.org
Subject: Re: FreeBSD 7 and FreeBSD 8 OpenVPN problem
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 12 May 2011 16:21:54 -0000

Hi,

On Thu, May 12, 2011 at 10:20 AM,  <sample@email.cz> wrote:
> Hi,
>
> I have a problem with the different behavior of OpenVPN under FreeBSD 7 a=
nd FreeBSD 8. Problem is as follows. I have created an OpenVPN server and I=
PSEC tunnel. I have a client which is connecting via OpenVPN to LAN.
>
> This is working properly (client is able to reach all computers inside LA=
N and their services) in both cases - FreeBSD 7 and 8. The problem occurs w=
hen I want to connect (e.g. PING) the LAN interface of FreeBSD - for exampl=
e "em0" with IP 192.168.1.1.
>
> On FreeBSD 7 (server) when I run tcpdump, I see packets coming from the O=
penVPN network on the FreeBSD LAN interface ("em0" with IP 192.168.1.1) - e=
verything works as should.
>
> On FreeBSD 8 (server) - the ping from the client to LAN interface "em0" i=
s working (I get reply from ip 192.168.1.1 (em0) on client PC), but when I =
run tcpdump on the LAN interface (192.168.1.1 - em0), I don't see any ICMP =
packets. (I wonder, what is answering me then?).
>
I wonder if this does not have to do with how OpenVPN re-inject packet
in the kernel, what path it follows, and where the bpf hook are. I am
not sure of what would be expected when sniffing on an interface.
Would you intend to see only the traffic going in and out the physical
interface ? or would you intend to see all the the traffic matching a
parameter associated with an interface (IP address, ...) ?

You should also have an internal route trough `lo0' for local traffic.
I found out that even without that route, local traffic go trough
`lo0', with all the consequences, like IPv4 checksum not being
computed [which does not even seem to be tunable btw.].

 - Arnaud