From owner-freebsd-current@FreeBSD.ORG Thu Jul 30 17:08:56 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1B3781065675 for ; Thu, 30 Jul 2009 17:08:56 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outT.internet-mail-service.net (outt.internet-mail-service.net [216.240.47.243]) by mx1.freebsd.org (Postfix) with ESMTP id E91E38FC18 for ; Thu, 30 Jul 2009 17:08:55 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 505C1B98E6; Thu, 30 Jul 2009 10:09:53 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id C0B322D6013; Thu, 30 Jul 2009 10:08:54 -0700 (PDT) Message-ID: <4A71D3AB.2070504@elischer.org> Date: Thu, 30 Jul 2009 10:08:59 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605) MIME-Version: 1.0 To: "Li, Qing" References: <4A709126.5050102@elischer.org><3A1518B9-2C8C-4F05-9195-82C6017E4902@lassitu.de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Qing Li , "Bjoern A. Zeeb" , Stefan Bethke , Matthias Andree , FreeBSD Current Subject: Re: recent change to ifconfig breaks OpenVPN? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jul 2009 17:08:56 -0000 Li, Qing wrote: > I will look into it. > > -- Qing > > >> -----Original Message----- >> From: owner-freebsd-current@freebsd.org [mailto:owner-freebsd- >> current@freebsd.org] On Behalf Of Stefan Bethke >> Sent: Thursday, July 30, 2009 9:46 AM >> To: Qing Li; Bjoern A. Zeeb >> Cc: Matthias Andree; FreeBSD Current >> Subject: Re: recent change to ifconfig breaks OpenVPN? >> >> Am 30.07.2009 um 08:40 schrieb Stefan Bethke: >> >>> Am 30.07.2009 um 01:46 schrieb Matthias Andree: >>> >>>> Hi everybody, >>>> >>>> If that is the case, then we should go quickly to either make it go >>>> into 8-CURRENT's ports or OpenVPN 2.1, or both. >>>> >>>> I'm not sure I have sufficient context or time to read up to >>>> determine my own role here (I haven't been following -current for >>>> lack of time); can someone summarize the issue for me? >>> I can try to summarize; I don't think I'll have time to come up with >>> a patch this weekend. >>> >>> The problem appears to be that OpenVPN invokes ifconfig with >>> incorrect (but previously working) parameters, namely "ifconfig tun0 >>> local_ip local_ip" instead of "ifconfig tun0 local_ip remote_ip". >>> The problem does not appear to be the SIOCAIFADDR but the RT_ADD >>> that ifconfig does. When I drafted a replacement OpenVPN --up >>> script yesterday, I also noticed that the parameters passed to the >>> script are wrong (netmask instead of remote ip), and environment >>> variables are partially not set (ifconfig_remote is empty). >>> >>> This issue appears to affect tun-mode connections; tap-mode >>> connections appear to continue to work. It seems that it doesn't like if both ends of a p2p have the same address. This is a numbering scheme sometimes used in routers, but it has funny side effects on hosts. For example both hosts would respond to ssh 'local_ip'. I'm in two minds as to whether one would want to allow this. >>> >>> I'm not sure if that is a more general problem with OpenVPN (at >>> least in --topology subnet mode), or a specific problem in the >>> FreeBSD-specific code. I just looked at a Linux box connected to >>> the same OpenVPN server, and their ifconfig invocation looks >>> different from ours, so the FreeBSD-specific code at least plays >>> some role. >>> >>> I'd still like to know whether the change to the routing code is >>> intentional or a regression. >> I did at least have time to figure out the commit that changed it: >> 195914 >> >>> Author: qingli >>> Date: Mon Jul 27 17:08:06 2009 >>> New Revision: 195914 >>> URL: http://svn.freebsd.org/changeset/base/195914 >>> >>> Log: >>> This patch does the following: >>> >>> - Allow loopback route to be installed for address assigned to >>> interface of IFF_POINTOPOINT type. >>> - Install loopback route for an IPv4 interface addreess when > the >>> "useloopback" sysctl variable is enabled. Similarly, install >>> loopback route for an IPv6 interface address when the sysctl >>> variable >>> "nd6_useloopback" is enabled. Deleting loopback routes for >>> interface >>> addresses is unconditional in case these sysctl variables > were >>> disabled after an interface address has been assigned. >> >> Setting net.link.ether.inet.useloopback=0 does not restore the >> previous behavior. >> >> >> Stefan >> >> -- >> Stefan Bethke Fon +49 151 14070811 >> >> >> >> >> _______________________________________________ >> freebsd-current@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-current >> To unsubscribe, send any mail to "freebsd-current- >> unsubscribe@freebsd.org" > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"