Building a new platform image using a fork of smartos-live that uncomments the
option for unfiltered promisc seems to solve the problem. A bit of a
complicated solution to the problem (I guess I am tying myself to a lifetime of
smartos compilations) but it works and seems less of a hack than the
And my final followup:
It appears that "allow_unfiltered_promisc" is silently ignored for non-kvm zone
brands (ref /usr/lib/brand/joyent/statechange). Is there a particular reason
for that? I understand that it's a powerful and dangerous option, but it's
already relatively difficult to enable.
Hi Jason,
Thanks for the tip about libdlpi… the existing approach seems a little brittle
so I’ll have a look at this.
As for the vnic protection flags, I’ve definitely been able to save the
“allow_unflitered_promisc” option using vmadm, but it doesn’t seem to take
effect, despite being presen
of any method of persisting it for global zone devices
(you’d probably just need to script it).
From: H. William Welliver III
Reply: smartos-discuss@lists.smartos.org
Date: January 29, 2018 at 5:33:15 PM
To: smartos-discuss@lists.smartos.org
Subject: Re: [smartos-discuss] softether vpn
Good afternoon all,
I've come to a temporary solution to the problem I've been having with
softether:
First, softether uses DLPI to access the network, and there are 2 ways to do
attach to an interface. One involves opening the root node of a network device
(like /dev/bnx) and then attaching t
Yes, I assumed that was necessary, however I’ve confirmed that the interface is
running without protections (as shown below). The vpn server logs indicate that
it’s trying to fetch an address using DHCP, but I don’t see any DHCP packets
going out the interface. Is there something special about V
You probably need to allow IP or Mac spoofing by the zone in question. See
the relevant properties in vmadm manpage
On 28 Jan. 2018 12:26, "H. William Welliver III"
wrote:
> Just a further clarification: things work against physical nics in the
> global zone but not against a vnic; I’ve verified
Just a further clarification: things work against physical nics in the global
zone but not against a vnic; I’ve verified that all of the protections are
disabled on the vnic but to no avail.
> On Jan 27, 2018, at 7:31 PM, H. William Welliver III
> wrote:
>
> Just a follow-up; I’ve tried softe