On 29 Jun 2022, at 21:08, Arne Schwabe wrote: > Am 29.06.2022 um 19:40 schrieb Kristof Provost: >> On 29 Jun 2022, at 17:15, Arne Schwabe wrote: >>> Am 28.06.22 um 18:28 schrieb Kristof Provost via Openvpn-devel: >>>> Hi, >>>> >>>> Here's the most recent version of the FreeBSD DCO patch. >>>> This is based on top of the dco branch, at >>>> 480fa1c983aba9b0790ea94df209e1686f08336b. >>>> >>>> Relatedly, the kernel side of that support has just landed in FreeBSD's >>>> repo: >>>> https://cgit.freebsd.org/src/commit/?id=ab91feabcc6f9da21d5c75028153af16d06e679a >>> I tested this on top of Antonios branch but got an error when connecting >>> from a test client: >>> >>> 2022-06-29 17:10:57 us=506086 lethe/192.168.188.134:61923 dco_new_peer: >>> peer-id 0, fd 7 >>> 2022-06-29 17:10:57 us=506125 lethe/192.168.188.134:61923 Failed to create >>> new peer 51 >>> 2022-06-29 17:10:57 us=506137 lethe/192.168.188.134:61923 Cannot add peer >>> to DCO: Operation not permitted >>> >>> >>> Any idea why I might get a permission denied from the kernel there? >>> >> The first thing to note here is that the ‘Operation not permitted’ error is >> misleading. That’s produced based on the return value of dco_new_peer(), >> which is going to be -1. The line above it has the errno, which is 51 or >> ENETUNREACH. >> >> I suspect this is happening because you’re using ipv6_ipv4mapping (or sysctl >> net.inet6.ip6.v6only=0). Presumably that indicates a bug on my side, but can >> you see if disabling that helps? > Yes. That is the default that OpenVPN uses. It will ignore the sysctl since > we use the socket option per default on v6 sockets. (search the man page for > ipv6only). Adding --proto udp4 fixes the problem but that is something at > least needs a better error mesage. > I’ll do some digging in the next couple of days. I’m hopeful it can just be made to work.
Kristof _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
