Re: recent change to ifconfig breaks OpenVPN?

From: Stefan Bethke <stb_at_lassitu.de> Date: Wed, 29 Jul 2009 20:30:03 +0200 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:52 UTC

Am 29.07.2009 um 20:12 schrieb Julian Elischer:

> Stefan Bethke wrote:
>> I just updated this afternoon (r195941), and after rebooting,  
>> OpenVPN has problems ifconfig'ing a tun interface.
>> With sources from about one week ago, this is working:
>> Jul 29 03:07:15 diesel openvpn_zs64[14785]: /sbin/ifconfig tun1  
>> 44.128.127.2 44.128.127.2 netmask 255.255.255.0 mtu 1500 up
>> Jul 29 03:07:15 diesel openvpn_zs64[14785]: /sbin/route add -net  
>> 44.128.127.0 44.128.127.2 255.255.255.0
>> Jul 29 03:07:15 diesel openvpn_zs64[14785]: /sbin/route add -net  
>> 44.128.64.0 44.128.127.1 255.255.192.0
>> Now, the same sequence fails:
>> Jul 29 17:31:41 diesel openvpn_zs64[1855]: /sbin/ifconfig tun1  
>> 44.128.127.2 44.128.127.2 netmask 255.255.255.0 mtu 1500 up
>> Jul 29 17:31:41 diesel openvpn_zs64[1855]: FreeBSD ifconfig failed:  
>> external program exited with error status: 1
>> Trying the same command manually gets me:
>> /sbin/ifconfig tun1 44.128.127.2 44.128.127.2 netmask 255.255.255.0  
>> mtu
>
>                      ^^^^^^^^^^^^^^^^^^^^^^^^^
>
> have you tried it without using the same address on both ends?

Sure, I changed to a custom up script that configures a different  
address for the other end.  The question is: is this an intended  
change, and does OpenVPN need to be changed?

Note that the addresses OpenVPN passed to ifconfig are determined  
automatically based on various config parameters (both on the client  
and on the server), so it's not a simple configuration change.

It used to be that ifconfig would assign the local address to the p2p  
interface, and would add a route to the VPN block via that one  
address.  This is from a 7-stable machine connected to the same server:

$ ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
	inet 44.128.127.14 --> 44.128.127.14 netmask 0xffffff00
	Opened by PID 760
$ netstat -rnfinet
...
44.128.127.0/24    44.128.127.14      UGS         2      499   tun0
44.128.127.14      44.128.127.14      UH          1        0   tun0
...

I'm guessing that adding that host route is not working anymore, and  
that's why ifconfig is failing.

The end result necessary for an OpenVPN setup like mine ("topology  
subnet") is a tun interface with the local address assigned by the  
server configuration, and a route to the server-configured subnet  
going out via the tun interface.  The remote address on the tun  
interface does not actually matter, and no host route is necessary.

I have a feeling OpenVPN needs to be changed wrt computing the proper  
ifconfig parameters.

Stefan

-- 
Stefan Bethke <stb_at_lassitu.de>   Fon +49 151 14070811