From ceac73b04fe9b70ed798afc07ddb9737c97b7a5d Mon Sep 17 00:00:00 2001
From: Gert Doering <gert@greenie.muc.de>
Date: Wed, 9 Nov 2016 21:19:32 +0100
Subject: [PATCH] Repair topology subnet on OpenBSD

Turns out that "topology subnet" never worked totally right on
OpenBSD - the "netmask" parameter to ifconfig is ignored, and one
needs to add a subnet route  (and this issue is hidden if an
encompassing route is pushed, like, by using --redirect-gateway).

While add it, apply the hack used for FreeBSD where "an arbitrary
address from the subnet" is used to set the "remote" end of the
tunnel, and point the route to that - so if OpenBSD decides to
change their kernel routing structure the same way, our code still
works (copying from commit 433b3813d8c38b4, trac #425 and commit
60fd44e501f2002, trac #481).

Tested on OpenBSD 6.0 and 4.9

Trac: #710
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20161109201932.80991-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12983.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
(cherry picked from commit 7f444dee52321c0f0294e99695150a7f69522715)
---
 src/openvpn/tun.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 9bb586db5..ca1218093 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -625,7 +625,8 @@ void delete_route_connected_v6_net(struct tuntap * tt,
 }
 #endif
 
-#if defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)
+#if defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)||\
+    defined(TARGET_OPENBSD)
 /* we can't use true subnet mode on tun on all platforms, as that
  * conflicts with IPv6 (wants to use ND then, which we don't do),
  * but the OSes want "a remote address that is different from ours"
@@ -916,6 +917,8 @@ do_ifconfig (struct tuntap *tt,
 
 #elif defined(TARGET_OPENBSD)
 
+      in_addr_t remote_end;		/* for "virtual" subnet topology */
+
       /*
        * On OpenBSD, tun interfaces are persistent if created with
        * "ifconfig tunX create", and auto-destroyed if created by
@@ -935,12 +938,13 @@ do_ifconfig (struct tuntap *tt,
       else
 	if ( tt->topology == TOP_SUBNET )
 	{
+	    remote_end = create_arbitrary_remote( tt );
 	    argv_printf (&argv,
 			  "%s %s %s %s mtu %d netmask %s up -link0",
 			  IFCONFIG_PATH,
 			  actual,
 			  ifconfig_local,
-			  ifconfig_local,
+			  print_in_addr_t (remote_end, 0, &gc),
 			  tun_mtu,
 			  ifconfig_remote_netmask
 			  );
@@ -957,6 +961,19 @@ do_ifconfig (struct tuntap *tt,
 			  );
       argv_msg (M_INFO, &argv);
       openvpn_execve_check (&argv, es, S_FATAL, "OpenBSD ifconfig failed");
+
+      /* Add a network route for the local tun interface */
+      if (!tun && tt->topology == TOP_SUBNET)
+        {
+          struct route_ipv4 r;
+          CLEAR (r);
+          r.flags = RT_DEFINED;
+          r.network = tt->local & tt->remote_netmask;
+          r.netmask = tt->remote_netmask;
+          r.gateway = remote_end;
+          add_route (&r, tt, 0, NULL, es);
+        }
+
       if ( do_ipv6 )
 	{
 	  argv_printf (&argv,
-- 
2.47.2