Am 29.07.2009, 20:30 Uhr, schrieb Stefan Bethke <stb_at_lassitu.de>: > Am 29.07.2009 um 20:12 schrieb Julian Elischer: > >> Stefan Bethke wrote: >>> I just updated this afternoon (r195941), and after rebooting, OpenVPN >>> has problems ifconfig'ing a tun interface. >>> With sources from about one week ago, this is working: >>> Jul 29 03:07:15 diesel openvpn_zs64[14785]: /sbin/ifconfig tun1 >>> 44.128.127.2 44.128.127.2 netmask 255.255.255.0 mtu 1500 up >>> Jul 29 03:07:15 diesel openvpn_zs64[14785]: /sbin/route add -net >>> 44.128.127.0 44.128.127.2 255.255.255.0 >>> Jul 29 03:07:15 diesel openvpn_zs64[14785]: /sbin/route add -net >>> 44.128.64.0 44.128.127.1 255.255.192.0 >>> Now, the same sequence fails: >>> Jul 29 17:31:41 diesel openvpn_zs64[1855]: /sbin/ifconfig tun1 >>> 44.128.127.2 44.128.127.2 netmask 255.255.255.0 mtu 1500 up >>> Jul 29 17:31:41 diesel openvpn_zs64[1855]: FreeBSD ifconfig failed: >>> external program exited with error status: 1 >>> Trying the same command manually gets me: >>> /sbin/ifconfig tun1 44.128.127.2 44.128.127.2 netmask 255.255.255.0 mtu >> >> ^^^^^^^^^^^^^^^^^^^^^^^^^ >> >> have you tried it without using the same address on both ends? > > Sure, I changed to a custom up script that configures a different > address for the other end. The question is: is this an intended change, > and does OpenVPN need to be changed? > > Note that the addresses OpenVPN passed to ifconfig are determined > automatically based on various config parameters (both on the client and > on the server), so it's not a simple configuration change. > > It used to be that ifconfig would assign the local address to the p2p > interface, and would add a route to the VPN block via that one address. > This is from a 7-stable machine connected to the same server: > > $ ifconfig tun0 > tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 > inet 44.128.127.14 --> 44.128.127.14 netmask 0xffffff00 > Opened by PID 760 > $ netstat -rnfinet > ... > 44.128.127.0/24 44.128.127.14 UGS 2 499 tun0 > 44.128.127.14 44.128.127.14 UH 1 0 tun0 > ... > > I'm guessing that adding that host route is not working anymore, and > that's why ifconfig is failing. > > The end result necessary for an OpenVPN setup like mine ("topology > subnet") is a tun interface with the local address assigned by the > server configuration, and a route to the server-configured subnet going > out via the tun interface. The remote address on the tun interface does > not actually matter, and no host route is necessary. > > I have a feeling OpenVPN needs to be changed wrt computing the proper > ifconfig parameters. Hi everybody, If that is the case, then we should go quickly to either make it go into 8-CURRENT's ports or OpenVPN 2.1, or both. I'm not sure I have sufficient context or time to read up to determine my own role here (I haven't been following -current for lack of time); can someone summarize the issue for me? Thanks & best regards MatthiasReceived on Wed Jul 29 2009 - 22:13:17 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:52 UTC