https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273664
Bug ID: 273664
Summary: ovpn(4) DCO module doesn't support "multihome" option
Product: Base System
Version: 14.0-STABLE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: b...@freebsd.org
Reporter: zarych...@plan-b.pwste.edu.pl
For a longer period of time, we have security/openvpn deployed with a
"multihome" runtime option for failover and redundancy. With one[1] simple PF
rule redundancy is achieved. The tun(4) driver supports this mode still fine in
stable/14, whilst ovpn(4) can also send and receive unencrypted packets on the
LAN side, the encrypted ones don't show up on the right interface. They appear
on the main interface instead of $backup_if and thus the rule[1] is silently
ignored.
[1] pass in quick on $backup_if reply-to ($backup_if $backup_gw) proto udp to
($backup_if) port $ovpnport
--
You are receiving this mail because:
You are the assignee for the bug.
