2011/2/6 <cr...@hush.com>:
> Okay, so I am almost positive that the issue lies within the
> creation of tun0 at the time of OpenVPN startup:
>
> /sbin/ifconfig tun0 10.100.1.112 netmask 255.255.255.0 mtu 1500
> broadcast 10.100.1.255 link0
>
> The 'link0' section that OpenVPN adds on is layer 2, while tun
> devices are layer 3. For some reason OpenBSD is forcing OpenVPN to
> do 'link0' and there is no way to stop it, no matter how many
> options I specified in OpenVPN to use tun/tun0 as layer 3.
I had the same problem once. Not sure why OpenVPN does it this way on
OpenBSD, but you can easily do whatever you want in startup script(s).
Something like this:
/usr/local/sbin/openvpn --dev tun0 --route-noexec --ifconfig-noexec \
--up /etc/openvpn/updown --down /etc/openvpn/updown ...
and then in updown things like:
if [ ${script_type} = "up" -a ${script_context} = "init" ]; then
...
/sbin/ifconfig $dev $ifconfig_local $trusted_ip \
mtu $tun_mtu netmask ...
/sbin/route ...
/sbin/pfctl ...
...
fi
if [ ${script_context} = "restart" ]; then
...
fi
if [ ${script_type} = "down" -a ${script_context} = "init" ]; then
...
fi
You have a lot of variables available, already set to the values you
need for your commands. Just add an "env" to the script on a first run
to get all the variables logged.
> Does anyone know how to disable this behavior in OpenBSD for
> OpenVPN? Even if I manually remove the link0 flag with ifconfig,
> upon OpenVPN startup it destroys/re-creates the tun0 device with
> link0 by default. This behavior is only consistent with OpenBSD. If
> I remove the link0 flag from tun0 after I am connected to the VPN,
> it promptly brings down the status tun0 entirely.
