I'm leaving off freebsd-current, since I believe the problem is in
OpenVPN's tun.c, as pointed out by Matthias below.
Some background on my issue: FreeBSD 8.0-beta2 has apparently
introduced a change where the previously working ifconfig invocation
is now failing. I'm leaving out the discussion on what exactly that
change is and if this effect is desired or not, but concentrate on
what OpenVPN is trying to do. We're strictly talking --topology subnet
here. tap's are not affected. I haven't tested any other topology.
As can be seen in the commit below, ifconfig is invoked with both the
local and the remote IP address set to the server-assigned local
address. If this code could be changed to call ifconfig with the
local address and the server's VPN address (I believe generally .1)
things should be fine. (Also on earlier versions of FreeBSD.) It
might be necessary to install an explicit route for the subnet, since
FreeBSD will only install a host route for the remote end of the point-
to-point link. Please note that FreeBSD's tun interface is always in
point-to-point mode, and cannot be configured as a broadcast interface.
A cursory read of tun.c and tun.h shows that struct tuntap doesn't
have the server's VPN address, and it appears the server does not push
it. Is this available somewhere, or would it be OK to calculate it?
(First address in the cidr block the local address is in modulo the
netmask.)
Thanks,
Stefan
Am 30.07.2009 um 10:11 schrieb Matthias Andree:
And it appears that exactly this patch may be the culprit. This is
from the OpenVPN 2.1 source repository:
------------------------------------------------------------------------
r986 | james | 2006-04-05 08:28:19 +0200 (Wed, 05 Apr 2006) | 2 lines
Changed paths:
M /branches/BETA21/openvpn/tun.c
"topology subnet" fix for FreeBSD (Benoit Bourdin).
------------------------------------------------------------------------
Index: tun.c
===================================================================
--- tun.c (Revision 985)
+++ tun.c (Revision 986)
@@ -795,19 +795,42 @@
ifconfig_remote_netmask,
tun_mtu
);
- else
- openvpn_snprintf (command_line, sizeof (command_line),
+ else {
+ if (tt->topology == TOP_SUBNET)
+ openvpn_snprintf (command_line, sizeof (command_line),
+ IFCONFIG_PATH " %s %s %s netmask %s
mtu %d up",
+ actual,
+ ifconfig_local,
+ ifconfig_local,
+ ifconfig_remote_netmask,
+ tun_mtu
+ );
+ else
+ openvpn_snprintf (command_line, sizeof (command_line),
IFCONFIG_PATH " %s %s netmask %s mtu %d up",
actual,
ifconfig_local,
ifconfig_remote_netmask,
tun_mtu
);
+ }
msg (M_INFO, "%s", command_line);
system_check (command_line, es, S_FATAL, "FreeBSD ifconfig
failed");
tt->did_ifconfig = true;
+ /* Add a network route for the local tun interface */
+ if (!tun && tt->topology == TOP_SUBNET)
+ {
+ struct route r;
+ CLEAR (r);
+ r.defined = true;
+ r.network = tt->local & tt->remote_netmask;
+ r.netmask = tt->remote_netmask;
+ r.gateway = tt->local;
+ add_route (&r, tt, 0, es);
+ }
+
#elif defined (WIN32)
{
/*
--
Matthias Andree
--
Stefan Bethke <s...@lassitu.de> Fon +49 151 14070811