Repair topology subnet on OpenBSD

Turns out that "topology subnet" never worked totally right on
OpenBSD - the "netmask" parameter to ifconfig is ignored, and one
needs to add a subnet route  (and this issue is hidden if an
encompassing route is pushed, like, by using --redirect-gateway).

While add it, apply the hack used for FreeBSD where "an arbitrary
address from the subnet" is used to set the "remote" end of the
tunnel, and point the route to that - so if OpenBSD decides to
change their kernel routing structure the same way, our code still
works (copying from commit 433b3813d8c38b4, trac #425 and commit
60fd44e501f2002, trac #481).

Tested on OpenBSD 6.0 and 4.9

Trac: #710
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20161109201932.80991-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12983.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
(cherry picked from commit 7f444dee52321c0f0294e99695150a7f69522715)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 9bb586db517d71159b7c18c1fb94b1aa89043327..ca1218093cd37d10e214fbe748319b1b5aa17988 100644 (file)
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -625,7 +625,8 @@ void delete_route_connected_v6_net(struct tuntap * tt,
 }
 #endif
 
-#if defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)
+#if defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)||\
+    defined(TARGET_OPENBSD)
 /* we can't use true subnet mode on tun on all platforms, as that
  * conflicts with IPv6 (wants to use ND then, which we don't do),
  * but the OSes want "a remote address that is different from ours"
@@ -916,6 +917,8 @@ do_ifconfig (struct tuntap *tt,
 
 #elif defined(TARGET_OPENBSD)
 
+      in_addr_t remote_end;            /* for "virtual" subnet topology */
+
       /*
        * On OpenBSD, tun interfaces are persistent if created with
        * "ifconfig tunX create", and auto-destroyed if created by
@@ -935,12 +938,13 @@ do_ifconfig (struct tuntap *tt,
       else
        if ( tt->topology == TOP_SUBNET )
        {
+           remote_end = create_arbitrary_remote( tt );
            argv_printf (&argv,
                          "%s %s %s %s mtu %d netmask %s up -link0",
                          IFCONFIG_PATH,
                          actual,
                          ifconfig_local,
-                         ifconfig_local,
+                         print_in_addr_t (remote_end, 0, &gc),
                          tun_mtu,
                          ifconfig_remote_netmask
                          );
@@ -957,6 +961,19 @@ do_ifconfig (struct tuntap *tt,
                          );
       argv_msg (M_INFO, &argv);
       openvpn_execve_check (&argv, es, S_FATAL, "OpenBSD ifconfig failed");
+
+      /* Add a network route for the local tun interface */
+      if (!tun && tt->topology == TOP_SUBNET)
+        {
+          struct route_ipv4 r;
+          CLEAR (r);
+          r.flags = RT_DEFINED;
+          r.network = tt->local & tt->remote_netmask;
+          r.netmask = tt->remote_netmask;
+          r.gateway = remote_end;
+          add_route (&r, tt, 0, NULL, es);
+        }
+
       if ( do_ipv6 )
        {
          argv_printf (&argv,