On 29 Jun 2022, at 17:15, Arne Schwabe wrote: > Am 28.06.22 um 18:28 schrieb Kristof Provost via Openvpn-devel: >> Hi, >> >> Here's the most recent version of the FreeBSD DCO patch. >> This is based on top of the dco branch, at >> 480fa1c983aba9b0790ea94df209e1686f08336b. >> >> Relatedly, the kernel side of that support has just landed in FreeBSD's >> repo: >> https://cgit.freebsd.org/src/commit/?id=ab91feabcc6f9da21d5c75028153af16d06e679a > > I tested this on top of Antonios branch but got an error when connecting from > a test client: > > 2022-06-29 17:10:57 us=506086 lethe/192.168.188.134:61923 dco_new_peer: > peer-id 0, fd 7 > 2022-06-29 17:10:57 us=506125 lethe/192.168.188.134:61923 Failed to create > new peer 51 > 2022-06-29 17:10:57 us=506137 lethe/192.168.188.134:61923 Cannot add peer to > DCO: Operation not permitted > > > Any idea why I might get a permission denied from the kernel there? > The first thing to note here is that the ‘Operation not permitted’ error is misleading. That’s produced based on the return value of dco_new_peer(), which is going to be -1. The line above it has the errno, which is 51 or ENETUNREACH.
I suspect this is happening because you’re using ipv6_ipv4mapping (or sysctl net.inet6.ip6.v6only=0). Presumably that indicates a bug on my side, but can you see if disabling that helps? Br, Kristof _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
