Am 01.08.2009, 13:37 Uhr, schrieb Stefan Bethke <s...@lassitu.de>:
Am 30.07.2009 um 10:47 schrieb Stefan Bethke:
I'm leaving off freebsd-current, since I believe the problem is in
OpenVPN's tun.c, as pointed out by Matthias below.
Some background on my issue: FreeBSD 8.0-beta2 has apparently
introduced a change where the previously working ifconfig invocation
is now failing. I'm leaving out the discussion on what exactly that
change is and if this effect is desired or not, but concentrate on
what OpenVPN is trying to do. We're strictly talking --topology subnet
here. tap's are not affected. I haven't tested any other topology.
As can be seen in the commit below, ifconfig is invoked with both the
local and the remote IP address set to the server-assigned local
address. If this code could be changed to call ifconfig with the
local address and the server's VPN address (I believe generally .1)
things should be fine. (Also on earlier versions of FreeBSD.) It
might be necessary to install an explicit route for the subnet, since
FreeBSD will only install a host route for the remote end of the
point-
to-point link. Please note that FreeBSD's tun interface is always in
point-to-point mode, and cannot be configured as a broadcast
interface.
Luckily, FreeBSD's tun can be switched from point-to-point mode to
broadcast. The attached patch does this. I've tested this
successfully on FreeBSD 7-stable and 8-beta2, with server and client
in --topology subnet and net30 modes.
I hope to try this on FreeBSD 6.X tomorrow, as that's also a supported
release.
--
Matthias Andree
