Date: Sat, 09 Sep 2023 21:51:00 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 273664] ovpn(4) DCO module doesn't support "multihome" option Message-ID: <bug-273664-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D273664 Bug ID: 273664 Summary: ovpn(4) DCO module doesn't support "multihome" option Product: Base System Version: 14.0-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: zarychtam@plan-b.pwste.edu.pl For a longer period of time, we have security/openvpn deployed with a "multihome" runtime option for failover and redundancy. With one[1] simple = PF rule redundancy is achieved. The tun(4) driver supports this mode still fin= e in stable/14, whilst ovpn(4) can also send and receive unencrypted packets on = the LAN side, the encrypted ones don't show up on the right interface. They app= ear on the main interface instead of $backup_if and thus the rule[1] is silently ignored. [1] pass in quick on $backup_if reply-to ($backup_if $backup_gw) proto udp = to ($backup_if) port $ovpnport --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-273664-227>