Hi, our buildbots had quite some amount of "unexplained failures" on the TAP adapter tests on FreeBSD 12 and FreeBSD 13 recently, which turned out to be "duplicate MAC address" (so when I ran the tests individually, everything worked, and when buildbot fired up all clients in parallel, depending on timing, "tests 4 4a 4b" ran simultaneously -> duplicated MAC -> confusion).
Between 11 and 12, FreeBSD reworked all their "virtual ethernet" drivers
(so "tap" now lives inside "dev tuntap"), and uses this nice function
now...
/*
* Allocate an address from the FreeBSD Foundation OUI. This uses a
* cryptographic hash function on the containing jail's name, UUID and the
* interface name to attempt to provide a unique but stable address.
* Pseudo-interfaces which require a MAC address should use this function to
* allocate non-locally-administered addresses.
*/
void
ether_gen_addr(struct ifnet *ifp, struct ether_addr *hwaddr)
... which generally is "The Right Thing To Do", but *if two machines'
UUID is the same*, the generated MAC address on "tap0" will be the
same, and OpenVPN falls apart.
In the OpenVPN log, all is good in this case, but in FreeBSD dmesg, you
see stuff like this:
tap0: Ethernet address: 58:9c:fc:00:55:75
tap0: link state changed to UP
nd6_na_input: duplicate IP6 address fd00:abcd:207:4::a:24
tap0: DAD detected duplicate IPv6 address fe80:4::5a9c:fcff:fe00:5575: NS
in/out/loopback=0/1/0, NA in=1
tap0: DAD complete for fe80:4::5a9c:fcff:fe00:5575 - duplicate found
tap0: manual intervention required
tap0: possible hardware address duplication detected, disable IPv6
(because, of course, fe80:: addresses are based on MAC...)
Since the start of this e-mail, I went digging deeper - the function
*does* take a host UUID into account, so it *should* create unique
MAC addresses.
>>>>> If you do not create your FreeBSD VMs by cloning them! <<<<<
On first boot, FreeBSD generates the UUID, stores them in kern.hostuuid
for kernel perusal, and in /etc/hostid for persistence on next boot
(querying "kenv -q smbios.system.uuid" for interesting things the
hardware vendor / VM provider might have provided, see /etc/rc.d/hostid*).
Since most of my FreeBSD buildbots started up as clone of something
similar, at least 3 of them had the same hostid -> same MAC addresses.
Short summary: if you hit the problem of OpenVPN running into duplicate
MAC addresses on TAP adapters on FreeBSD, use --laddr *or* check your
/etc/hostid values for duplication.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
