git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Gert Doering <gert@greenie.muc.de>
	Wed, 12 Oct 2022 14:59:14 +0000 (16:59 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Wed, 19 Oct 2022 06:22:45 +0000 (08:22 +0200)
commit	94db32616597497e57eb2fa6fab05297da314a53
tree	812ef7960607e2fed3bfaeb7944c02392de5b70f	tree
parent	92db3227b682518ff8c5dc691ee15a1641899729	commit \| diff

FreeBSD: for topology subnet, put tun interface into IFF_BROADCAST mode

For reasons unknown, OpenVPN has always put FreeBSD tun(4) interfaces
into point-to-point mode (IFF_POINTOPOINT), which means "local and
remote address, no on-link subnet".

"--topology subnet" was emulated by adding a subnet-route to the "remote"
(which was just picking a free address from the subnet).

This works well enough for classic tun(4) interfaces that have no
next-hop resolution, and routes pointing to "that fake remote" only
(because all routing is done inside OpenVPN and it does not matter how
packets get there) - but for ovpn(4) interfaces, it breaks iroute setup,
where the route next-hop must be an on-link address.

Thus, change interface to IFF_BROADCAST mode, and get rid of all the
special code needed to "fake" subnet mode.

Tested with tun(4) and ovpn(4) on FreeBSD 14, client and server, and
with tun(4) on FreeBSD 12 and 7.4

To actually work with ovpn(4) / FreeBSD DCO, a followup patch for
kernel ovpn(4) and OpenVPN dco_freebsd.c is needed.

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Kristof Provost <kprovost@netgate.com>
Message-Id: <20221012145915.25810-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25396.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Changes.rst		diff \| blob \| blame \| history
src/openvpn/tun.c		diff \| blob \| blame \| history