Stefan Bethke wrote:
(Moving the discussion to -ports.)
Am 31.07.2009 um 00:57 schrieb Matthias Andree:
Am 31.07.2009, 00:36 Uhr, schrieb Bjoern A. Zeeb
<bzeeb-li...@lists.zabbadoz.net>:
Yeah that is as great as we are or rather were.
So really, fix the openvpn scripts that assign the address to
interfaces to do something that would make sense from the ``man ip''
(not the literal command) point of view. Just that it's "working"
somewhere or used to work elswhere neither means that it was correct
nor made sense at any time before.
It's actually in the C code where it was advertised as FreeBSD fix.
OpenVPN runs in 'topology subnet' mode here, which is documented as
follows:
Use a subnet rather than a point-to-point topology by
configuring the tun interface with a local IP address and subnet
mask, similar to the topology used in --dev tap and ethernet
bridging mode. This mode allocates a single IP address per con-
necting client [... MS-Windows stuff here ...]
When used on *nix, requires that the
tun driver supports an ifconfig(8) command which sets a subnet
instead of a remote endpoint IP address.
I wonder if TUNSIFMODE (see tun(4)) is somehow needed and if so,
already done, and how the proper ifconfig call would look like in this
case. Stefan already uttered some ideas in that direction.
Here's a first draft at a patch for OpenVPN. With this, the tun
interface gets set to IFF_BROADCAST mode. One small piece is still
missing: OpenVPN tries to install a route for the subnet, but that fails
because now ifconfig has already inserted that route. I'll try to look
into that a bit later on. I also haven't tested the server side yet, or
any other mode.
I would have thought that the correct answer would be to set a
different address for the remote end..
it is a p2p link so to make it look like an ethernet is a bit weird.
r...@freebsd-current:/usr/ports/security/openvpn-devel# cat
files/patch-tun.c
--- tun.c.orig 2009-05-30 23:34:13.000000000 +0200
+++ tun.c 2009-07-31 14:22:31.000000000 +0200
@@ -863,11 +863,10 @@
else {
if (tt->topology == TOP_SUBNET)
argv_printf (&argv,
- "%s %s %s %s netmask %s mtu %d up",
+ "%s %s %s netmask %s mtu %d up",
IFCONFIG_PATH,
actual,
ifconfig_local,
- ifconfig_local,
ifconfig_remote_netmask,
tun_mtu
);
@@ -1745,14 +1744,15 @@
{
open_tun_generic (dev, dev_type, dev_node, ipv6, true, true, tt);
- if (tt->fd >= 0)
+ if (tt->fd >= 0 && tt->type == DEV_TYPE_TUN)
{
int i = 0;
- /* Disable extended modes */
+ i = tt->topology == TOP_SUBNET ? IFF_BROADCAST : IFF_POINTOPOINT;
+ i |= IFF_MULTICAST;
+ ioctl (tt->fd, TUNSIFMODE, &i);
+ i = 0;
ioctl (tt->fd, TUNSLMODE, &i);
- i = 1;
- ioctl (tt->fd, TUNSIFHEAD, &i);
}
}
Stefan
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
