Hi,
On Wed, Aug 10, 2022 at 11:46:05AM +0200, Frank Lichtenheld wrote:
> diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
> index 4f40255e..8aa7e896 100644
> --- a/src/openvpn/dco.c
> +++ b/src/openvpn/dco.c
> @@ -438,10 +438,6 @@ dco_p2p_add_new_peer(struct context *c)
> }
> remote_addr4 = &remote_ip4;
> }
> - else if (c->options.ifconfig_local)
> - {
> - msg(M_INFO, "DCO peer init: Need a peer VPN addresss to setup IPv4
> (set --route-gateway)");
> - }
Looking more closely, this is a really nice gem you found here :-)
The kernel should not care at all for remote_addr4 or remote_addr6 in
p2p mode ("it is never used for anything") *but* it does - so, if you
twist openvpn into setting up an ipv4-only tunnel, with topology subnet,
and no --route-gateway in the config (which would trigger the message
above), DCO actually refuses to bring up the interface:
2022-08-10 21:09:31 dco_new_peer: netlink reports error (-7): Invalid input
data or parameter
2022-08-10 21:09:31 dco_new_peer: failed to send netlink message: Invalid
argument (-22)
2022-08-10 21:09:31 Cannot add peer to DCO: Invalid argument (-22)
... we did not see this in the t_client tests, as this needs *v4-only*,
and I never tested this ("3a" does now), and the kernel was happy with
"either v4 or v6, as long as I can ignore one of them"...
So, I think that for p2p, the whole remote_addr4/remote_addr6 thing
can be removed - more than just the message :-) - but first the kernel
needs to understand this as well.
FreeBSD DCO is happy with v4 and no route-gateway...
gert
PS:
# Test 3a: UDP / p2mp tun, topology subnet, IPv4-only inside, over IPv6
# (no route-gateway, explicit gateway on routes)
#
# triggers (Linux) DCO mishap "needs v4 or v6 remote VPN address even on p2p"
#
RUN_TITLE_3a="udp / p2pm / top subnet / IPv4-only, no 'route-gateway'"
OPENVPN_CONF_3a="$OPENVPN_BASE_P2MP --dev tun --proto udp --remote $REMOTE
--port 51195 --pull-filter ignore ifconfig-ipv6 --pull-filter ignore route-ipv6
--pull-filter ignore route-gateway --route 10.194.0.0 255.255.0.0 10.194.3.1"
EXPECT_IFCONFIG4_3a=$EXPECT_IFCONFIG4_3
EXPECT_IFCONFIG6_3a=-
PING4_HOSTS_3a="10.194.3.1 10.194.0.1"
PING6_HOSTS_3a=
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
