https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266999
--- Comment #5 from Seyed Pouria Mousavizadeh Tehrani <p.mousaviza...@protonmail.com> --- - openvpn-client is using tun257 and tun258, it is in its own vnet: No. openvpn-clients are in *host* and not in *jail* so their are not using vnet. host rc.conf: """ openvpn_client_enable="YES" openvpn_client_fib="1" openvpn_client_configfile="/usr/local/etc/openvpn/client.conf" openvpn_client2_enable="YES" openvpn_client2_fib="2" openvpn_client2_configfile="/usr/local/etc/openvpn/client2.conf" """ Here is the client configurations: % grep dev /usr/local/etc/openvpn/client.conf dev tun257 % grep dev /usr/local/etc/openvpn/client2.conf dev tun258 - The two ocserv jails also each have their own vnets, and use whatever tun interfaces they get from opening /dev/tun: Exactly. one of my ocserv jail configurations: """ ... export jail_overlay_vnet_enable="YES" export jail_overlay_vnet_interface="epair0b epair1b" export jail_overlay_exec_prestart0="service netif cloneup epair0 epair1 || echo interfaces are already exists" export jail_overlay_exec_prestart1="service routing static inet || echo static routes are already exists" export jail_overlay_exec_prestart2="service openvpn_client restart" export jail_overlay_exec_poststop0="/sbin/route del -net *.*.*.0/24 -gateway *.*.*7.2" export jail_overlay_exec_poststop1="/sbin/route del -net *.*.*.0/24 -gateway *.*.*8.2 -fib 1" export jail_overlay_exec_poststop2="/sbin/ifconfig epair0a destroy" export jail_overlay_exec_poststop3="/sbin/ifconfig epair1a destroy" """ cloned interfaces in rc.conf: """ ... cloned_interfaces="lo1 gre0 gre1 tun257 tun258 epair5 epair4 epair3 epair2 epair1 epair0" ifconfig_epair0a="inet *.*.*7.1/30 -tso -rxcsum descr vnet-overlay" ifconfig_epair0b="-tso -rxcsum descr vnet-overlay" ifconfig_epair1a="inet *.*.*8.1/30 fib 1 -tso -rxcsum descr vnet-overlay-fib-1" ifconfig_epair1b="fib 1 -tso -rxcsum descr vnet-overlay-fib-1" ... """ Errata in previous comment: *Special Control Device* -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.
