From owner-freebsd-current@FreeBSD.ORG  Thu Jul 30 00:13:17 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3203B106567A
	for <freebsd-current@freebsd.org>; Thu, 30 Jul 2009 00:13:17 +0000 (UTC)
	(envelope-from matthias.andree@gmx.de)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by mx1.freebsd.org (Postfix) with SMTP id 1CF0C8FC27
	for <freebsd-current@freebsd.org>; Thu, 30 Jul 2009 00:13:15 +0000 (UTC)
	(envelope-from matthias.andree@gmx.de)
Received: (qmail invoked by alias); 29 Jul 2009 23:46:33 -0000
Received: from g226234020.adsl.alicedsl.de (EHLO mandree.no-ip.org)
	[92.226.234.20]
	by mail.gmx.net (mp034) with SMTP; 30 Jul 2009 01:46:33 +0200
X-Authenticated: #428038
X-Provags-ID: V01U2FsdGVkX19MVytfzG1Mu60E7UnhQr6e0yPYynCjA1wWysNcqW
	vq8NXIvn8D0lPe
Received: from merlin.emma.line.org (localhost [127.0.0.1])
	by merlin.emma.line.org (Postfix) with ESMTP id 88A3794B01;
	Thu, 30 Jul 2009 01:46:31 +0200 (CEST)
Date: Thu, 30 Jul 2009 01:46:30 +0200
To: "Stefan Bethke" <stb@lassitu.de>
From: "Matthias Andree" <matthias.andree@gmx.de>
Content-Type: text/plain; format=flowed; delsp=yes; charset=utf-8
MIME-Version: 1.0
References: <B4AA014B-2444-40AA-A3A3-417E4B89DF90@lassitu.de>
	<4A709126.5050102@elischer.org>
	<3A1518B9-2C8C-4F05-9195-82C6017E4902@lassitu.de>
Content-Transfer-Encoding: 7bit
Organization: 
Message-ID: <op.uxusbswp1e62zd@merlin.emma.line.org>
In-Reply-To: <3A1518B9-2C8C-4F05-9195-82C6017E4902@lassitu.de>
User-Agent: Opera Mail/9.64 (Linux)
X-Y-GMX-Trusted: 0
X-FuHaFi: 0.49
X-Mailman-Approved-At: Thu, 30 Jul 2009 03:31:11 +0000
Cc: FreeBSD Current <freebsd-current@freebsd.org>,
	Julian Elischer <julian@elischer.org>
Subject: Re: recent change to ifconfig breaks OpenVPN?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2009 00:13:18 -0000

Am 29.07.2009, 20:30 Uhr, schrieb Stefan Bethke <stb@lassitu.de>:

> Am 29.07.2009 um 20:12 schrieb Julian Elischer:
>
>> Stefan Bethke wrote:
>>> I just updated this afternoon (r195941), and after rebooting, OpenVPN  
>>> has problems ifconfig'ing a tun interface.
>>> With sources from about one week ago, this is working:
>>> Jul 29 03:07:15 diesel openvpn_zs64[14785]: /sbin/ifconfig tun1  
>>> 44.128.127.2 44.128.127.2 netmask 255.255.255.0 mtu 1500 up
>>> Jul 29 03:07:15 diesel openvpn_zs64[14785]: /sbin/route add -net  
>>> 44.128.127.0 44.128.127.2 255.255.255.0
>>> Jul 29 03:07:15 diesel openvpn_zs64[14785]: /sbin/route add -net  
>>> 44.128.64.0 44.128.127.1 255.255.192.0
>>> Now, the same sequence fails:
>>> Jul 29 17:31:41 diesel openvpn_zs64[1855]: /sbin/ifconfig tun1  
>>> 44.128.127.2 44.128.127.2 netmask 255.255.255.0 mtu 1500 up
>>> Jul 29 17:31:41 diesel openvpn_zs64[1855]: FreeBSD ifconfig failed:  
>>> external program exited with error status: 1
>>> Trying the same command manually gets me:
>>> /sbin/ifconfig tun1 44.128.127.2 44.128.127.2 netmask 255.255.255.0 mtu
>>
>>                      ^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>> have you tried it without using the same address on both ends?
>
> Sure, I changed to a custom up script that configures a different  
> address for the other end.  The question is: is this an intended change,  
> and does OpenVPN need to be changed?
>
> Note that the addresses OpenVPN passed to ifconfig are determined  
> automatically based on various config parameters (both on the client and  
> on the server), so it's not a simple configuration change.
>
> It used to be that ifconfig would assign the local address to the p2p  
> interface, and would add a route to the VPN block via that one address.   
> This is from a 7-stable machine connected to the same server:
>
> $ ifconfig tun0
> tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
> 	inet 44.128.127.14 --> 44.128.127.14 netmask 0xffffff00
> 	Opened by PID 760
> $ netstat -rnfinet
> ...
> 44.128.127.0/24    44.128.127.14      UGS         2      499   tun0
> 44.128.127.14      44.128.127.14      UH          1        0   tun0
> ...
>
> I'm guessing that adding that host route is not working anymore, and  
> that's why ifconfig is failing.
>
> The end result necessary for an OpenVPN setup like mine ("topology  
> subnet") is a tun interface with the local address assigned by the  
> server configuration, and a route to the server-configured subnet going  
> out via the tun interface.  The remote address on the tun interface does  
> not actually matter, and no host route is necessary.
>
> I have a feeling OpenVPN needs to be changed wrt computing the proper  
> ifconfig parameters.

Hi everybody,

If that is the case, then we should go quickly to either make it go into  
8-CURRENT's ports or OpenVPN 2.1, or both.

I'm not sure I have sufficient context or time to read up to determine my  
own role here (I haven't been following -current for lack of time); can  
someone summarize the issue for me?

Thanks & best regards
Matthias