From owner-freebsd-ports@FreeBSD.ORG  Sat Aug  1 15:36:38 2009
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 346DF106566B
	for <freebsd-ports@freebsd.org>; Sat,  1 Aug 2009 15:36:38 +0000 (UTC)
	(envelope-from julian@elischer.org)
Received: from outB.internet-mail-service.net (outb.internet-mail-service.net
	[216.240.47.225])
	by mx1.freebsd.org (Postfix) with ESMTP id 113768FC1B
	for <freebsd-ports@freebsd.org>; Sat,  1 Aug 2009 15:36:37 +0000 (UTC)
	(envelope-from julian@elischer.org)
Received: from idiom.com (mx0.idiom.com [216.240.32.160])
	by out.internet-mail-service.net (Postfix) with ESMTP id B2284D4E0;
	Sat,  1 Aug 2009 08:24:45 -0700 (PDT)
X-Client-Authorized: MaGic Cook1e
X-Client-Authorized: MaGic Cook1e
X-Client-Authorized: MaGic Cook1e
Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38])
	by idiom.com (Postfix) with ESMTP id 8D7E02D6012;
	Sat,  1 Aug 2009 08:24:44 -0700 (PDT)
Message-ID: <4A745E41.2040608@elischer.org>
Date: Sat, 01 Aug 2009 08:24:49 -0700
From: Julian Elischer <julian@elischer.org>
User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605)
MIME-Version: 1.0
To: Stefan Bethke <stb@lassitu.de>
References: <B4AA014B-2444-40AA-A3A3-417E4B89DF90@lassitu.de>	<4A709126.5050102@elischer.org>	<3A1518B9-2C8C-4F05-9195-82C6017E4902@lassitu.de>	<op.uxusbswp1e62zd@merlin.emma.line.org>	<BEE762CA-4282-4BA8-B92B-AFC7AAE3CA9A@lassitu.de>	<ABCF4747-24D4-4435-952B-EA85A2AE999F@lassitu.de>	<B583FBF374231F4A89607B4D08578A4304E22D95@bcs-mail03.internal.cacheflow.com>	<4A721160.5080902@elischer.org>	<20090730220658.M245@maildrop.int.zabbadoz.net>	<op.uxwkqxxd1e62zd@merlin.emma.line.org>
	<B80ED984-7570-4C00-911C-7F47E25680D6@lassitu.de>
In-Reply-To: <B80ED984-7570-4C00-911C-7F47E25680D6@lassitu.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Matthias Andree <matthias.andree@gmx.de>, freebsd-ports@freebsd.org
Subject: Re: recent change to ifconfig breaks OpenVPN?
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Aug 2009 15:36:38 -0000

Stefan Bethke wrote:
> (Moving the discussion to -ports.)
> 
> Am 31.07.2009 um 00:57 schrieb Matthias Andree:
> 
>> Am 31.07.2009, 00:36 Uhr, schrieb Bjoern A. Zeeb 
>> <bzeeb-lists@lists.zabbadoz.net>:
>>
>>> Yeah that is as great as we are or rather were.
>>>
>>> So really, fix the openvpn scripts that assign the address to
>>> interfaces to do something that would make sense from the ``man ip''
>>> (not the literal command) point of view.  Just that it's "working"
>>> somewhere or used to work elswhere neither means that it was correct
>>> nor made sense at any time before.
>>
>> It's actually in the C code where it was advertised as FreeBSD fix.
>> OpenVPN runs in 'topology subnet' mode here, which is documented as 
>> follows:
>>
>>     Use a subnet rather than a point-to-point topology by
>>        configuring the tun interface with a local IP address and subnet
>>        mask,  similar  to  the  topology used in --dev tap and ethernet
>>        bridging mode.  This mode allocates a single IP address per con-
>>        necting  client [... MS-Windows stuff here ...]
>>           When used on *nix, requires that the
>>        tun driver supports an ifconfig(8) command which sets  a  subnet
>>        instead of a remote endpoint IP address.
>>
>> I wonder if TUNSIFMODE (see tun(4)) is somehow needed and if so, 
>> already done, and how the proper ifconfig call would look like in this 
>> case. Stefan already uttered some ideas in that direction.
> 
> 
> Here's a first draft at a patch for OpenVPN.  With this, the tun 
> interface gets set to IFF_BROADCAST mode.  One small piece is still 
> missing: OpenVPN tries to install a route for the subnet, but that fails 
> because now ifconfig has already inserted that route.  I'll try to look 
> into that a bit later on.  I also haven't tested the server side yet, or 
> any other mode.

I would have thought that the correct answer would be to set a 
different address for the remote end..
it is a p2p link so to make it look like an ethernet is a bit weird.

> 
> root@freebsd-current:/usr/ports/security/openvpn-devel# cat 
> files/patch-tun.c
> --- tun.c.orig    2009-05-30 23:34:13.000000000 +0200
> +++ tun.c    2009-07-31 14:22:31.000000000 +0200
> @@ -863,11 +863,10 @@
>        else {
>      if (tt->topology == TOP_SUBNET)
>              argv_printf (&argv,
> -                              "%s %s %s %s netmask %s mtu %d up",
> +                              "%s %s %s netmask %s mtu %d up",
>                                IFCONFIG_PATH,
>                                actual,
>                                ifconfig_local,
> -                              ifconfig_local,
>                                ifconfig_remote_netmask,
>                                tun_mtu
>                                );
> @@ -1745,14 +1744,15 @@
>  {
>    open_tun_generic (dev, dev_type, dev_node, ipv6, true, true, tt);
> 
> -  if (tt->fd >= 0)
> +  if (tt->fd >= 0 && tt->type == DEV_TYPE_TUN)
>      {
>        int i = 0;
> 
> -      /* Disable extended modes */
> +      i = tt->topology == TOP_SUBNET ? IFF_BROADCAST : IFF_POINTOPOINT;
> +      i |= IFF_MULTICAST;
> +      ioctl (tt->fd, TUNSIFMODE, &i);
> +      i = 0;
>        ioctl (tt->fd, TUNSLMODE, &i);
> -      i = 1;
> -      ioctl (tt->fd, TUNSIFHEAD, &i);
>      }
>  }
> 
> 
> Stefan
>