For the SoftEther code changes, I’d suggest looking into libdlpi(3DLPI). It’ll take care of most of the DLPI details for you (including handling both style 1 and style 2 devices — it sounds like it can’t handle style 1 devices — e.g. /dev/net0), it’s also something that’s been around since Solaris 10 IIRC, so there shouldn’t much compatibility concerns.
As for the dladm properties, those are usually set via vmadm(1M) in SmartOS and persisted as part of a zone configuration (look at the various nics.* properties). If you’re trying to do this for interfaces in the global zone, I’m not aware of any method of persisting it for global zone devices (you’d probably just need to script it). From: H. William Welliver III <[email protected]> <[email protected]> Reply: [email protected] <[email protected]> <[email protected]> Date: January 29, 2018 at 5:33:15 PM To: [email protected] <[email protected]> <[email protected]> Subject: Re: [smartos-discuss] softether vpn Good afternoon all, I've come to a temporary solution to the problem I've been having with softether: First, softether uses DLPI to access the network, and there are 2 ways to do attach to an interface. One involves opening the root node of a network device (like /dev/bnx) and then attaching to the device number (0, 1, etc). Unfortunately, that doesn't work with crossbow vnics, which exist only as /dev/net/net0, for example. So when softether was trying to connect to /dev/net, it was attempting to open a directory and silently failing. A permanent fix will require some code changes in Softether. As a side note, I've also seen this problem in some code built using libnet, which just assumes network devices are located at /dev/interfacename. The other part of the problem is that in order to receive data destined for all of the VPN clients that will be connected, the interface will need to receive unicast packets for multiple mac addresses. The datalink property to allow that is called "promisc-filtered", and it's normally set to "on". dladm can be used to change that property, but it isn't persistent across zone restarts, which leads me to my next question: Does anyone know how to get the promisc-filtered=off property to remain across reboots? If I use dladm to turn it off, it comes back on when the zone restarts. It seems that allow_unfiltered_promisc is only allowed for KVM zones... Bill January 28, 2018 10:22 AM, "H. William Welliver III" <[email protected] <%22h.%20william%20welliver%20iii%22%20%[email protected]%3E>> wrote: Yes, I assumed that was necessary, however I’ve confirmed that the interface is running without protections (as shown below). The vpn server logs indicate that it’s trying to fetch an address using DHCP, but I don’t see any DHCP packets going out the interface. Is there something special about VNICs that I’m missing? dladm show-linkprop net0 LINK PROPERTY PERM VALUE DEFAULT POSSIBLE ... *smartos-discuss* | Archives <https://www.listbox.com/member/archive/184463/=now> <https://www.listbox.com/member/archive/rss/184463/28937248-5f745c54> | Modify <https://www.listbox.com/member/?&;> Your Subscription <http://www.listbox.com> ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
