On 2013/05/25 12:33, Mattieu Baptiste wrote: > On Wed, Apr 17, 2013 at 3:24 PM, Stuart Henderson <[email protected]> > wrote: > > I think the rtable support is broken though. > > In 2.2.2 it seems to just do the same as running "route -T <table> > exec openvpn $options" so if you don't have a route to the other > endpoint it is unable to connect. > > With the update, the option is parsed ("rtable = 1" in debug > output), > but it appears to just connect as normal via rtable 0. > > But I don't really see the use of this limited rtable support > anyway; > since we now have 'route exec' we can just use that and remove > these > patches. > > > Does someone managed to make OpenVPN work with 'route exec' ? > For me, it freeze just before establishing routes and creating the tun > interface.
Ah - it re-creates the interface, doesn't it... perhaps that fails with an alternative table... As a starting point here's a diff to put the port back the way it was before I removed the rtable patch, but it still needs actually fixing (and probably by somebody who actually uses this..) Index: Makefile =================================================================== RCS file: /cvs/ports/net/openvpn/Makefile,v retrieving revision 1.46 diff -u -p -r1.46 Makefile --- Makefile 1 May 2013 15:40:33 -0000 1.46 +++ Makefile 25 May 2013 13:32:28 -0000 @@ -4,7 +4,7 @@ COMMENT= easy-to-use, robust, and highly DISTNAME= openvpn-2.3.1 CATEGORIES= net security -REVISION= 2 +REVISION= 3 HOMEPAGE= http://openvpn.net/ Index: patches/patch-doc_openvpn_8 =================================================================== RCS file: patches/patch-doc_openvpn_8 diff -N patches/patch-doc_openvpn_8 --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-doc_openvpn_8 25 May 2013 13:32:28 -0000 @@ -0,0 +1,15 @@ +$OpenBSD$ +--- doc/openvpn.8.orig Wed Mar 20 08:28:14 2013 ++++ doc/openvpn.8 Sat May 25 14:31:19 2013 +@@ -1411,6 +1411,11 @@ on both client and server for maximum effect. + Currently defaults to 100. + .\"********************************************************* + .TP ++.B --rtable n ++(OpenBSD only) Set the routing table. ++Defaults to 0. ++.\"********************************************************* ++.TP + .B \-\-shaper n + Limit bandwidth of outgoing tunnel data to + .B n Index: patches/patch-src_openvpn_init_c =================================================================== RCS file: patches/patch-src_openvpn_init_c diff -N patches/patch-src_openvpn_init_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_openvpn_init_c 25 May 2013 13:32:28 -0000 @@ -0,0 +1,11 @@ +$OpenBSD$ +--- src/openvpn/init.c.orig Wed Mar 20 08:28:14 2013 ++++ src/openvpn/init.c Sat May 25 14:31:19 2013 +@@ -2639,6 +2639,7 @@ do_init_socket_1 (struct context *c, const int mode) + c->options.rcvbuf, + c->options.sndbuf, + c->options.mark, ++ c->options.rtable, + sockflags); + } + Index: patches/patch-src_openvpn_options_c =================================================================== RCS file: patches/patch-src_openvpn_options_c diff -N patches/patch-src_openvpn_options_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_openvpn_options_c 25 May 2013 13:32:28 -0000 @@ -0,0 +1,31 @@ +$OpenBSD$ +--- src/openvpn/options.c.orig Fri Mar 22 17:02:30 2013 ++++ src/openvpn/options.c Sat May 25 14:31:19 2013 +@@ -304,6 +304,7 @@ static const char usage_message[] = + " can be matched in policy routing and packetfilter rules.\n" + #endif + "--txqueuelen n : Set the tun/tap TX queue length to n (Linux only).\n" ++ "--rtable n : Set the routing table (default=0, OpenBSD only)\n" + #ifdef ENABLE_MEMSTATS + "--memstats file : Write live usage stats to memory mapped binary file.\n" + #endif +@@ -1502,6 +1503,7 @@ show_settings (const struct options *o) + #endif + SHOW_INT (rcvbuf); + SHOW_INT (sndbuf); ++ SHOW_INT (rtable); + #if defined(TARGET_LINUX) && HAVE_DECL_SO_MARK + SHOW_INT (mark); + #endif +@@ -4782,6 +4784,11 @@ add_option (struct options *options, + { + VERIFY_PERMISSION (OPT_P_SOCKBUF); + options->sndbuf = positive_atoi (p[1]); ++ } ++ else if (streq (p[0], "rtable") && p[1]) ++ { ++ VERIFY_PERMISSION (OPT_P_SOCKFLAGS); ++ options->rtable = positive_atoi (p[1]); + } + else if (streq (p[0], "mark") && p[1]) + { Index: patches/patch-src_openvpn_options_h =================================================================== RCS file: patches/patch-src_openvpn_options_h diff -N patches/patch-src_openvpn_options_h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_openvpn_options_h 25 May 2013 13:32:28 -0000 @@ -0,0 +1,13 @@ +$OpenBSD$ +--- src/openvpn/options.h.orig Wed Mar 20 08:28:14 2013 ++++ src/openvpn/options.h Sat May 25 14:31:20 2013 +@@ -321,6 +321,9 @@ struct options + int rcvbuf; + int sndbuf; + ++ /* routing domain */ ++ int rtable; ++ + /* mark value */ + int mark; + Index: patches/patch-src_openvpn_socket_c =================================================================== RCS file: patches/patch-src_openvpn_socket_c diff -N patches/patch-src_openvpn_socket_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_openvpn_socket_c 25 May 2013 13:32:28 -0000 @@ -0,0 +1,42 @@ +$OpenBSD$ +--- src/openvpn/socket.c.orig Fri Mar 15 13:30:58 2013 ++++ src/openvpn/socket.c Sat May 25 14:31:20 2013 +@@ -586,6 +586,20 @@ socket_set_mark (int sd, int mark) + #endif + } + ++static void ++socket_set_rtable (int sd, int rtable) ++{ ++#ifdef TARGET_OPENBSD ++ if (rtable > 0) ++ { ++ if (setsockopt (sd, IPPROTO_IP, SO_RTABLE, &rtable, sizeof(rtable)) == -1) ++ msg (M_WARN, "Socket flags: SO_RTABLE=%d failed, cannot bind on specified routing domain", rtable); ++ else ++ dmsg (D_SOCKET_DEBUG, "Socket flags: SO_RTABLE=%d succeeded", rtable); ++ } ++#endif ++} ++ + static bool + socket_set_flags (int sd, unsigned int sockflags) + { +@@ -1367,6 +1381,7 @@ link_socket_init_phase1 (struct link_socket *sock, + int mtu_discover_type, + int rcvbuf, + int sndbuf, ++ int rtable, + int mark, + unsigned int sockflags) + { +@@ -1481,6 +1496,9 @@ link_socket_init_phase1 (struct link_socket *sock, + else if (mode != LS_MODE_TCP_ACCEPT_FROM) + { + create_socket (sock); ++ ++ /* set the routing domain for the socket */ ++ socket_set_rtable (sock->sd, rtable); + + /* set socket buffers based on --sndbuf and --rcvbuf options */ + socket_set_buffers (sock->sd, &sock->socket_buffer_sizes); Index: patches/patch-src_openvpn_socket_h =================================================================== RCS file: patches/patch-src_openvpn_socket_h diff -N patches/patch-src_openvpn_socket_h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_openvpn_socket_h 25 May 2013 13:32:28 -0000 @@ -0,0 +1,11 @@ +$OpenBSD$ +--- src/openvpn/socket.h.orig Fri Mar 15 13:30:58 2013 ++++ src/openvpn/socket.h Sat May 25 14:31:20 2013 +@@ -327,6 +327,7 @@ link_socket_init_phase1 (struct link_socket *sock, + int mtu_discover_type, + int rcvbuf, + int sndbuf, ++ int rtable, + int mark, + unsigned int sockflags); +
