Jason Dixon escreveu:
On Wed, May 06, 2009 at 05:38:51PM -0300, Giancarlo Razzolini wrote:
Well, i wasn't OT with my reply. And i use openvpn from the beginning of
the project, even made a plugin for it. So i know i little of it. My
suggestion was to avoid what you might be already suspecting. You will
have to mess with openvpn code and recompile it to do what you want. The
solution i suggested is a viable one, even if already have queueing
policies on that interface. It'll only require a little adaptation on
your altq rules. I guess you won't get far with an attitude like that,
being rude with people that are trying to help you. That said, you might
want to take a look at openvpn source code, mainly tun.c and tun.h files.
Regardless of how much you claim to know about it, the fact remains that
there's no way to have OpenVPN bind to an existing tun device. Thanks
for the roundabout answer.
Well, my rude friend, i guess you'll have to accept my suggestion
because you're simply stuck with it. I shouldn't but, i took a little
time and dove in openvpn source code. This is the piece of code that
does what exactly what you're saying:
#elif defined(TARGET_OPENBSD)
/*
* OpenBSD tun devices appear to be persistent by default. It
seems in order
* to make this work correctly, we need to delete the previous
instance
* (if it exists), and re-ifconfig. Let me know if you know a
better way.
*/
argv_printf (&argv,
"%s %s destroy",
IFCONFIG_PATH,
actual);
argv_msg (M_INFO, &argv);
openvpn_execve_check (&argv, es, 0, NULL);
argv_printf (&argv,
"%s %s create",
IFCONFIG_PATH,
actual);
argv_msg (M_INFO, &argv);
openvpn_execve_check (&argv, es, 0, NULL);
msg (M_INFO, "NOTE: Tried to delete pre-existing tun/tap instance
-- No Problem if failure");
/* example: ifconfig tun2 10.2.0.2 10.2.0.1 mtu 1450 netmask
255.255.255.255 up */
if (tun)
argv_printf (&argv,
"%s %s %s %s mtu %d netmask 255.255.255.255 up",
IFCONFIG_PATH,
actual,
ifconfig_local,
ifconfig_remote_netmask,
tun_mtu
);
else
argv_printf (&argv,
"%s %s %s netmask %s mtu %d broadcast %s link0",
IFCONFIG_PATH,
actual,
ifconfig_local,
ifconfig_remote_netmask,
tun_mtu,
ifconfig_broadcast
);
argv_msg (M_INFO, &argv);
openvpn_execve_check (&argv, es, S_FATAL, "OpenBSD ifconfig failed");
tt->did_ifconfig = true;
Attempt to the comment of the developer. If you change this code,
it'll probably break openvpn and it won't work. Either you accept my
suggestion, that was a good and viable one, or you change this piece of
code. By the way, don't forget to contact James (main openvpn
developer), and tell that you have a better way, as he asks in his
comment. Bet that wasn't roundabout.
My regards,
--
Giancarlo Razzolini
http://lock.razzolini.adm.br
Linux User 172199
Red Hat Certified Engineer no:804006389722501
Verify:https://www.redhat.com/certification/rhce/current/
Moleque Sem Conteudo Numero #002
OpenBSD 4.5
Ubuntu 9.04 Jaunty Jackalope
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
