Date: Sat, 01 Nov 2014 19:35:09 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 194745] New: security/openvpn: incorrect self route when using subnet topology Message-ID: <bug-194745-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194745 Bug ID: 194745 Summary: security/openvpn: incorrect self route when using subnet topology Product: Ports Tree Version: Latest Hardware: Any OS: Any Status: Needs Triage Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: mandree@FreeBSD.org Reporter: vsasjason@gmail.com Assignee: mandree@FreeBSD.org Flags: maintainer-feedback?(mandree@FreeBSD.org) OpenVPN set the self address route via the tunnel interface instead of correct - loopback. I'm using topology subnet with 192.168.89.0 255.255.255.0 network. Example below: jason@cli0:~ % ifconfig tun0 tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 fe80::ec4:7aff:fe06:5e%tun0 prefixlen 64 scopeid 0x7 inet 192.168.89.2 --> 192.168.89.2 netmask 0xffffff00 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> Opened by PID 86175 jason@cli0:~ % netstat -rn | fgrep '192.168.89.' 192.168.89.0/24 192.168.89.2 UGS 0 4857954 tun0 192.168.89.2 link#7 UH 0 5 tun0 jason@cli0:~ % ping -c 3 192.168.89.2 PING 192.168.89.2 (192.168.89.2): 56 data bytes --- 192.168.89.2 ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss jason@cli0:~ % ping -c 3 192.168.89.1 PING 192.168.89.1 (192.168.89.1): 56 data bytes 64 bytes from 192.168.89.1: icmp_seq=0 ttl=64 time=30.161 ms 64 bytes from 192.168.89.1: icmp_seq=1 ttl=64 time=30.200 ms 64 bytes from 192.168.89.1: icmp_seq=2 ttl=64 time=30.220 ms --- 192.168.89.1 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 30.161/30.194/30.220/0.024 ms jason@cli0:~ % I tried a workaround on the server: ifconfig tun0 inet 192.168.89.1 192.168.89.255 route add -net 192.168.89.0/24 -iface tun0 So the results are: jason@srv0:~$ ifconfig tun0 tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 fe80::21e:67ff:fead:6ab0%tun0 prefixlen 64 scopeid 0x3 inet 192.168.89.1 --> 192.168.89.255 netmask 0x0 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> Opened by PID 63010 jason@srv0:~$ netstat -rn | fgrep '192.168.89.' 192.168.89.0/24 tun0 US 0 29374111 tun0 192.168.89.1 link#3 UHS 0 213985 lo0 192.168.89.255 link#3 UH 0 0 tun0 jason@srv0:~$ ping -c 3 192.168.89.1 PING 192.168.89.1 (192.168.89.1): 56 data bytes 64 bytes from 192.168.89.1: icmp_seq=0 ttl=64 time=0.050 ms 64 bytes from 192.168.89.1: icmp_seq=1 ttl=64 time=0.093 ms 64 bytes from 192.168.89.1: icmp_seq=2 ttl=64 time=0.016 ms --- 192.168.89.1 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.016/0.053/0.093/0.032 ms jason@srv0:~$ --- Comment #1 from Bugzilla Automation <bugzilla@FreeBSD.org> --- Auto-assigned to maintainer mandree@FreeBSD.org -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-194745-13>