From owner-freebsd-current@FreeBSD.ORG Thu Jul 30 06:40:24 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 37B4D10657B9 for ; Thu, 30 Jul 2009 06:40:24 +0000 (UTC) (envelope-from stb@lassitu.de) Received: from koef.zs64.net (koef.zs64.net [212.12.50.230]) by mx1.freebsd.org (Postfix) with ESMTP id 6820A8FC17 for ; Thu, 30 Jul 2009 06:40:23 +0000 (UTC) (envelope-from stb@lassitu.de) Received: from localhost by koef.zs64.net (8.14.3/8.14.3) with ESMTP id n6U6eKQ4030347 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 30 Jul 2009 08:40:20 +0200 (CEST) (envelope-from stb@lassitu.de) (authenticated as stb) Message-Id: From: Stefan Bethke To: Matthias Andree In-Reply-To: Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Date: Thu, 30 Jul 2009 08:40:19 +0200 References: <4A709126.5050102@elischer.org> <3A1518B9-2C8C-4F05-9195-82C6017E4902@lassitu.de> X-Mailer: Apple Mail (2.935.3) Cc: FreeBSD Current Subject: Re: recent change to ifconfig breaks OpenVPN? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jul 2009 06:40:24 -0000 Am 30.07.2009 um 01:46 schrieb Matthias Andree: > Hi everybody, > > If that is the case, then we should go quickly to either make it go > into 8-CURRENT's ports or OpenVPN 2.1, or both. > > I'm not sure I have sufficient context or time to read up to > determine my own role here (I haven't been following -current for > lack of time); can someone summarize the issue for me? I can try to summarize; I don't think I'll have time to come up with a patch this weekend. The problem appears to be that OpenVPN invokes ifconfig with incorrect (but previously working) parameters, namely "ifconfig tun0 local_ip local_ip" instead of "ifconfig tun0 local_ip remote_ip". The problem does not appear to be the SIOCAIFADDR but the RT_ADD that ifconfig does. When I drafted a replacement OpenVPN --up script yesterday, I also noticed that the parameters passed to the script are wrong (netmask instead of remote ip), and environment variables are partially not set (ifconfig_remote is empty). This issue appears to affect tun-mode connections; tap-mode connections appear to continue to work. I'm not sure if that is a more general problem with OpenVPN (at least in --topology subnet mode), or a specific problem in the FreeBSD- specific code. I just looked at a Linux box connected to the same OpenVPN server, and their ifconfig invocation looks different from ours, so the FreeBSD-specific code at least plays some role. I'd still like to know whether the change to the routing code is intentional or a regression. Stefan p.s. log output wrt ifconfig: FreeBSD (working up to last week, continues to work in -stable): /sbin/ifconfig tun1 44.128.127.2 44.128.127.2 netmask 255.255.255.0 mtu 1500 up Linux: /sbin/ifconfig tun4 44.128.127.15 netmask 255.255.255.0 mtu 1500 broadcast 44.128.127.255 It is interesting to note that tun4 on the Linux box has the same local and remote address: /sbin/ifconfig tun4 tun4 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:44.128.127.15 P-t-P:44.128.127.15 Mask: 255.255.255.0 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 -- Stefan Bethke Fon +49 151 14070811