Date: Tue, 18 Apr 2017 23:00:00 +0000 From: =?utf-8?Q?Four=20Twelve=20Development?= <sam@fourtwelvedev.com> To: =?utf-8?Q??= <freebsd-questions@freebsd.org> Subject: =?utf-8?Q?Building=20Something=20Beautiful=20in=20Baltimore?= Message-ID: <ef951fb9316ca9bb1a2a01c82.d850706a07.20170418225949.51a89f29e8.6876e4d2@mail12.suw13.rsgsv.net>
next in thread | raw e-mail | index | archive | help
Dear Friends and Family=2C We'd like to welcome you to our journey (http://fourtwelvedev.us15.list-ma= nage.com/track/click?u=3Def951fb9316ca9bb1a2a01c82&id=3D6b94c25fe5&e=3D= d850706a07) . The Birth of Four Twelve Four Twelve Development is a product of the current climate in Baltimore C= ity. It all began with one vacant house... With pennies from our proverbial satchel=2C Four Twelve purchased its firs= t home and spent the better part of a year rehabbing the property. Read (http://fourtwelvedev.us15.list-manage.com/track/click?u=3Def951fb931= 6ca9bb1a2a01c82&id=3Dccc8aecb6d&e=3Dd850706a07) more (http://fourtwe= lvedev.us15.list-manage.com/track/click?u=3Def951fb9316ca9bb1a2a01c82&id= =3Dc3547a3e52&e=3Dd850706a07) .. (http://fourtwelvedev.us15.list-man= age.com/track/click?u=3Def951fb9316ca9bb1a2a01c82&id=3Ddc290d37fa&e=3D= d850706a07) Take a Virtual Tour of our Latest Project (http://fourtwelvedev.us15.list= -manage.com/track/click?u=3Def951fb9316ca9bb1a2a01c82&id=3D02ce31687f&e=3D= d850706a07) http://fourtwelvedev.us15.list-manage.com/track/click?u=3Def951fb9316ca9bb= 1a2a01c82&id=3D2c067df285&e=3Dd850706a07 The Team at Oriole's Opening Day (From left to right) Shea Frederick=2C Sean Ashton Thomas and Sam Frank http://fourtwelvedev.us15.list-manage.com/track/click?u=3Def951fb9316ca9bb= 1a2a01c82&id=3D2f56cef81a&e=3Dd850706a07 Share (http://fourtwelvedev= =2Eus15.list-manage2.com/track/click?u=3Def951fb9316ca9bb1a2a01c82&id=3D2a72= 79b404&e=3Dd850706a07) http://fourtwelvedev.us15.list-manage2.com/track/click?u=3Def951fb9316ca9b= b1a2a01c82&id=3D8958734a8f&e=3Dd850706a07 http%3A%2F%2Fmailchi.mp%2F= b5dfe83fac78%2Fbuilding-something-beautiful-in-baltimore Tweet (http://fou= rtwelvedev.us15.list-manage2.com/track/click?u=3Def951fb9316ca9bb1a2a01c82= &id=3Df516463a31&e=3Dd850706a07 http%3A%2F%2Fmailchi.mp%2Fb5dfe83fac= 78%2Fbuilding-something-beautiful-in-baltimore) http://us15.forward-to-friend.com/forward?u=3Def951fb9316ca9bb1a2a01c82&id= =3D51a89f29e8&e=3Dd850706a07 Forward (http://us15.forward-to-friend.com/forw= ard?u=3Def951fb9316ca9bb1a2a01c82&id=3D51a89f29e8&e=3Dd850706a07) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ** (http://fourtwelvedev.us15.list-manage1.com/track/click?u=3Def951fb9316= ca9bb1a2a01c82&id=3D6b88f6c411&e=3Dd850706a07) ** (http://fourtwelvedev.us15.list-manage.com/track/click?u=3Def951fb9316c= a9bb1a2a01c82&id=3De7120e9138&e=3Dd850706a07) ** (http://fourtwelvedev.us15.list-manage1.com/track/click?u=3Def951fb9316= ca9bb1a2a01c82&id=3D296cf4e51b&e=3Dd850706a07) Copyright =C2=A9 2017 Four Twelve Development=2C All rights reserved. You subscribed to Four Twelve Our mailing address is: Four Twelve Development 412 E Lanvale St Baltimore=2C MD 21202-2937 USA Want to change how you receive these emails? You can ** update your preferences (http://fourtwelvedev.us15.list-manage.= com/profile?u=3Def951fb9316ca9bb1a2a01c82&id=3Da8d28056f4&e=3Dd850706a07) or ** unsubscribe from this list (http://fourtwelvedev.us15.list-manage.co= m/unsubscribe?u=3Def951fb9316ca9bb1a2a01c82&id=3Da8d28056f4&e=3Dd850706a07&c= =3D51a89f29e8) Email Marketing Powered by MailChimp http://www.mailchimp.com/monkey-rewards/?utm_source=3Dfreemium_newsletter&= utm_medium=3Demail&utm_campaign=3Dmonkey_rewards&aid=3Def951fb9316ca9bb1a2= a01c82&afl=3D1 From owner-freebsd-questions@freebsd.org Wed Apr 19 01:12:15 2017 Return-Path: <owner-freebsd-questions@freebsd.org> Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DAE36D4445D for <freebsd-questions@mailman.ysv.freebsd.org>; Wed, 19 Apr 2017 01:12:15 +0000 (UTC) (envelope-from bsd@stuckat99.com) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B11B99F7 for <freebsd-questions@freebsd.org>; Wed, 19 Apr 2017 01:12:15 +0000 (UTC) (envelope-from bsd@stuckat99.com) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 562FD20B3B for <freebsd-questions@freebsd.org>; Tue, 18 Apr 2017 21:12:14 -0400 (EDT) Received: from web6 ([10.202.2.216]) by compute5.internal (MEProxy); Tue, 18 Apr 2017 21:12:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stuckat99.com; h=content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=mJqUxqO08wkyFPHeJe7qX9eXLmq7fAyCtmRmGMOostA=; b=C7SA53bi HxIFS8DjAmCS6dkvjjNrQRbTcshz+ZQwKL/pIbfJFX4DRHXMxoxuT3XSHsYd6GdP h0cVj/EsKoPifAvSq8gspGQbS1aWCpZ2nFSkAz74fZNVMNMsKep5cS063hpMPEDQ ka2C+87nNyz1zLmphmMU/iAhx8KGrUn8X2Hcd6Vyy3QZf8Jo4BjuUSoYCfZ8OARd rEj/B//+d1wNoXYPpeGY/vaco/imFYipCTxDdDwk04PS/tjdhc8KHxm80ZncpDfp v2LC/SYLPCuimOwTNZEBWiVz0RqYdW1iE37AaLyZ5Yr5cgasZCLwoew8tFMylPgN 0B84sgyb1M99Rg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=mJqUxqO08wkyFPHeJe7qX9eXLmq7f AyCtmRmGMOostA=; b=AON+l5I1iRqvqipzYL40H/5a2g6lwcyR+GHPDdaSmp16+ OcH0C6G/dYDr3ERO1FoA3v/MQ/bAO6AOs8PTc0GDTVnR5BQEsNX9GiHSRVO2i/x6 YPozq1dWz1KO8qx0/9tN5xIQRBBGYy4DEUoT64ZF6BOYCsnunsn8HLxeMIML/7XZ /SepUs1tvSxcgvJbouqxUUmVg3YKHYEJtQ/JfneNa5UgcEFpvGACYePeFftBUeuv Wq4LF7LCXa/PrE1z5OGM2KC777EgwWrBNrbjRXW9UB0qvJCdtBa4MAdfqSTPND8a q8w3Zj/fnsr3cy4T1QGDLD1uGLcOZEfVPVoAfcd/g== X-ME-Sender: <xms:brn2WD7K2Xd3LXDxQ3csQGB54WT1xXOKSw6txgKM7Na2QnfsqsjZng> Received: by mailuser.nyi.internal (Postfix, from userid 99) id 22EBE48004; Tue, 18 Apr 2017 21:12:14 -0400 (EDT) Message-Id: <1492564334.1388098.948742560.5E2E6A2A@webmail.messagingengine.com> From: bsd <bsd@stuckat99.com> To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" X-Mailer: MessagingEngine.com Webmail Interface - ajax-0b509d77 Date: Tue, 18 Apr 2017 18:12:14 -0700 Subject: Openvpn broken when using net.add_addr_allfibs=0, routes are not adding X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions <freebsd-questions.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>; List-Post: <mailto:freebsd-questions@freebsd.org> List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=subscribe> X-List-Received-Date: Wed, 19 Apr 2017 01:12:16 -0000 I am trying to use OpenVPN and multiple fibs on FreeBSD 11-p9. The issue is, when I use net.add_addr_allfibs=0 instead of net.add_addr_allfibs=1 in my /boot/loader.conf, OpenVPN fails to be able to add the routes properly and the VPN will not function properly. OpenVPN works 100% fine when I use net.add_addr_allfibs=1 but my requirements need this to be set to 0 to turn off it's behavior of adding routes to all fibs. # /boot/loader.conf net.fibs=3 net.add_addr_allfibs=0 Since I am using net.add_addr_allfibs=0, I have a clean routing table and I have to add the initial route and gateway for my router manually to get fib 1 routeable to the internet. # setfib 1 route add -net 192.168.0.0/24 -iface ue0 # setfib 1 route add default 192.168.0.1 For some odd reason I must also bring up a tun device manually otherwise OpenVPN cannot. I have set my config to use tun10 for this test. # sysrc openvpn_if="tun10" # ifconfig tun10 up My routing table before I start # setfib 1 netstat -rn Routing tables (fib: 1) Internet: Destination Gateway Flags Netif Expire default 192.168.0.1 UGS ue0 127.0.0.1 lo0 UHS lo0 192.168.0.0/24 b8:27:eb:fd:22:10 US ue0 Internet6: Destination Gateway Flags Netif Expire ::/96 ::1 UGRS lo0 ::1 lo0 UHS lo0 ::ffff:0.0.0.0/96 ::1 UGRS lo0 fe80::/10 ::1 UGRS lo0 fe80::%lo0/64 link#1 U lo0 ff02::/16 ::1 UGRS lo0 [sean@rpi2 ~]$ Let's try to conect OpenVPN # setfib 1 openvpn dallas.ovpn Thu Oct 27 12:11:32 2016 OpenVPN 2.3.11 armv6-portbld-freebsd11.0 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on J un 25 2016 Thu Oct 27 12:11:32 2016 library versions: OpenSSL 1.0.2j-freebsd 26 Sep 2016, LZO 2.09 Thu Oct 27 12:11:32 2016 Control Channel Authentication: tls-auth using INLINE static key file Thu Oct 27 12:11:32 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC a uthentication Thu Oct 27 12:11:32 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC a uthentication Thu Oct 27 12:11:32 2016 Socket Buffers: R=[42080->42080] S=[9216->9216] Thu Oct 27 12:11:32 2016 UDPv4 link local: [undef] Thu Oct 27 12:11:32 2016 UDPv4 link remote: [AF_INET]107.183.238.186:443 Thu Oct 27 12:11:32 2016 TLS: Initial packet from [AF_INET]107.183.238.186:443, sid=c8b24ffa a8737d61 Thu Oct 27 12:11:32 2016 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddr ess=info@airvpn.org Thu Oct 27 12:11:32 2016 Validating certificate key usage Thu Oct 27 12:11:32 2016 ++ Certificate has key usage 00a0, expects 00a0 Thu Oct 27 12:11:32 2016 VERIFY KU OK Thu Oct 27 12:11:32 2016 Validating certificate extended key usage Thu Oct 27 12:11:32 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Au thentication Thu Oct 27 12:11:32 2016 VERIFY EKU OK Thu Oct 27 12:11:32 2016 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=inf o@airvpn.org Thu Oct 27 12:11:36 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Oct 27 12:11:36 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Oct 27 12:11:36 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Oct 27 12:11:36 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Oct 27 12:11:36 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Thu Oct 27 12:11:36 2016 [server] Peer Connection Initiated with [AF_INET]107.183.238.186:443 Thu Oct 27 12:11:39 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Oct 27 12:11:39 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-op tion DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.17. 25 255.255.0.0' Thu Oct 27 12:11:39 2016 OPTIONS IMPORT: timers and/or timeouts modified Thu Oct 27 12:11:39 2016 OPTIONS IMPORT: LZO parms modified Thu Oct 27 12:11:39 2016 OPTIONS IMPORT: --ifconfig/up options modified Thu Oct 27 12:11:39 2016 OPTIONS IMPORT: route options modified Thu Oct 27 12:11:39 2016 OPTIONS IMPORT: route-related options modified Thu Oct 27 12:11:39 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Thu Oct 27 12:11:39 2016 ROUTE_GATEWAY 192.168.0.1 Thu Oct 27 12:11:39 2016 TUN/TAP device tun10 exists previously, keep at program end Thu Oct 27 12:11:39 2016 TUN/TAP device /dev/tun10 opened Thu Oct 27 12:11:39 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Thu Oct 27 12:11:39 2016 /sbin/ifconfig tun10 10.4.17.25 10.4.0.1 mtu 1500 netmask 255.255.0.0 up Thu Oct 27 12:11:39 2016 /sbin/route add -net 10.4.0.0 10.4.17.25 255.255.0.0 route: writing to routing socket: Network is unreachable add net 10.4.0.0: gateway 10.4.17.25 fib 1: Network is unreachable Thu Oct 27 12:11:39 2016 ERROR: FreeBSD route add command failed: external program exited with error status: 1 Thu Oct 27 12:11:44 2016 /sbin/route add -net 107.183.238.186 192.168.0.1 255.255.255.255 add net 107.183.238.186: gateway 192.168.0.1 fib 1 Thu Oct 27 12:11:44 2016 /sbin/route add -net 0.0.0.0 10.4.0.1 128.0.0.0 route: writing to routing socket: Network is unreachable add net 0.0.0.0: gateway 10.4.0.1 fib 1: Network is unreachable Thu Oct 27 12:11:44 2016 ERROR: FreeBSD route add command failed: external program exited with error status: 1 Thu Oct 27 12:11:44 2016 /sbin/route add -net 128.0.0.0 10.4.0.1 128.0.0.0 route: writing to routing socket: Network is unreachable add net 128.0.0.0: gateway 10.4.0.1 fib 1: Network is unreachable Thu Oct 27 12:11:44 2016 ERROR: FreeBSD route add command failed: external program exited with error status: 1 Thu Oct 27 12:11:44 2016 Initialization Sequence Completed The routes are failing to add and the VPN is not configured properly in the end. My routing table now. We can see that the VPN did not configure properly. The desired behavior is that it woul d set the VPN to be the default gateway and route all traffic over it, but only for FIB 1. # setfib 1 netstat -rn Routing tables (fib: 1) Internet: Destination Gateway Flags Netif Expire default 192.168.0.1 UGS ue0 107.183.238.186/32 192.168.0.1 UGS ue0 127.0.0.1 lo0 UHS lo0 192.168.0.0/24 b8:27:eb:fd:22:10 US ue0 Internet6: Destination Gateway Flags Netif Expire ::/96 ::1 UGRS lo0 ::1 lo0 UHS lo0 ::ffff:0.0.0.0/96 ::1 UGRS lo0 fe80::/10 ::1 UGRS lo0 fe80::%lo0/64 link#1 U lo0 ff02::/16 ::1 UGRS lo0 Is this a bug or have I missed something?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ef951fb9316ca9bb1a2a01c82.d850706a07.20170418225949.51a89f29e8.6876e4d2>