Am 29.06.2022 um 19:40 schrieb Kristof Provost:
On 29 Jun 2022, at 17:15, Arne Schwabe wrote:
Am 28.06.22 um 18:28 schrieb Kristof Provost via Openvpn-devel:
Hi,
Here's the most recent version of the FreeBSD DCO patch.
This is based on top of the dco branch, at
480fa1c983aba9b0790ea94df209e1686f08336b.
Relatedly, the kernel side of that support has just landed in FreeBSD's
repo:
https://cgit.freebsd.org/src/commit/?id=ab91feabcc6f9da21d5c75028153af16d06e679a
I tested this on top of Antonios branch but got an error when connecting from a
test client:
2022-06-29 17:10:57 us=506086 lethe/192.168.188.134:61923 dco_new_peer: peer-id
0, fd 7
2022-06-29 17:10:57 us=506125 lethe/192.168.188.134:61923 Failed to create new
peer 51
2022-06-29 17:10:57 us=506137 lethe/192.168.188.134:61923 Cannot add peer to
DCO: Operation not permitted
Any idea why I might get a permission denied from the kernel there?
The first thing to note here is that the ‘Operation not permitted’ error is
misleading. That’s produced based on the return value of dco_new_peer(), which
is going to be -1. The line above it has the errno, which is 51 or ENETUNREACH.
I suspect this is happening because you’re using ipv6_ipv4mapping (or sysctl
net.inet6.ip6.v6only=0). Presumably that indicates a bug on my side, but can
you see if disabling that helps?
Yes. That is the default that OpenVPN uses. It will ignore the sysctl
since we use the socket option per default on v6 sockets. (search the
man page for ipv6only). Adding --proto udp4 fixes the problem but that
is something at least needs a better error mesage.
Arne
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
