Date: Sat, 09 Sep 2023 21:51:00 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 273664] ovpn(4) DCO module doesn't support "multihome" option Message-ID: <bug-273664-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273664 Bug ID: 273664 Summary: ovpn(4) DCO module doesn't support "multihome" option Product: Base System Version: 14.0-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: zarychtam@plan-b.pwste.edu.pl For a longer period of time, we have security/openvpn deployed with a "multihome" runtime option for failover and redundancy. With one[1] simple PF rule redundancy is achieved. The tun(4) driver supports this mode still fine in stable/14, whilst ovpn(4) can also send and receive unencrypted packets on the LAN side, the encrypted ones don't show up on the right interface. They appear on the main interface instead of $backup_if and thus the rule[1] is silently ignored. [1] pass in quick on $backup_if reply-to ($backup_if $backup_gw) proto udp to ($backup_if) port $ovpnport -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-273664-227>