(Moving the discussion to -ports.) Am 31.07.2009 um 00:57 schrieb Matthias Andree: > Am 31.07.2009, 00:36 Uhr, schrieb Bjoern A. Zeeb <bzeeb-lists_at_lists.zabbadoz.net > >: > >> Yeah that is as great as we are or rather were. >> >> So really, fix the openvpn scripts that assign the address to >> interfaces to do something that would make sense from the ``man ip'' >> (not the literal command) point of view. Just that it's "working" >> somewhere or used to work elswhere neither means that it was correct >> nor made sense at any time before. > > It's actually in the C code where it was advertised as FreeBSD fix. > OpenVPN runs in 'topology subnet' mode here, which is documented as > follows: > > Use a subnet rather than a point-to-point topology by > configuring the tun interface with a local IP address and > subnet > mask, similar to the topology used in --dev tap and > ethernet > bridging mode. This mode allocates a single IP address per > con- > necting client [... MS-Windows stuff here ...] > When used on *nix, requires that the > tun driver supports an ifconfig(8) command which sets a > subnet > instead of a remote endpoint IP address. > > I wonder if TUNSIFMODE (see tun(4)) is somehow needed and if so, > already done, and how the proper ifconfig call would look like in > this case. Stefan already uttered some ideas in that direction. Here's a first draft at a patch for OpenVPN. With this, the tun interface gets set to IFF_BROADCAST mode. One small piece is still missing: OpenVPN tries to install a route for the subnet, but that fails because now ifconfig has already inserted that route. I'll try to look into that a bit later on. I also haven't tested the server side yet, or any other mode. root_at_freebsd-current:/usr/ports/security/openvpn-devel# cat files/ patch-tun.c --- tun.c.orig 2009-05-30 23:34:13.000000000 +0200 +++ tun.c 2009-07-31 14:22:31.000000000 +0200 _at__at_ -863,11 +863,10 _at__at_ else { if (tt->topology == TOP_SUBNET) argv_printf (&argv, - "%s %s %s %s netmask %s mtu %d up", + "%s %s %s netmask %s mtu %d up", IFCONFIG_PATH, actual, ifconfig_local, - ifconfig_local, ifconfig_remote_netmask, tun_mtu ); _at__at_ -1745,14 +1744,15 _at__at_ { open_tun_generic (dev, dev_type, dev_node, ipv6, true, true, tt); - if (tt->fd >= 0) + if (tt->fd >= 0 && tt->type == DEV_TYPE_TUN) { int i = 0; - /* Disable extended modes */ + i = tt->topology == TOP_SUBNET ? IFF_BROADCAST : IFF_POINTOPOINT; + i |= IFF_MULTICAST; + ioctl (tt->fd, TUNSIFMODE, &i); + i = 0; ioctl (tt->fd, TUNSLMODE, &i); - i = 1; - ioctl (tt->fd, TUNSIFHEAD, &i); } } Stefan -- Stefan Bethke <stb_at_lassitu.de> Fon +49 151 14070811Received on Fri Jul 31 2009 - 10:38:09 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:53 UTC