GitList

Browse code

Repair topology subnet on FreeBSD 11

We used to add "route for this subnet" by using our own address as
the gateway address, which used to mean "connected to the interface,
no gateway". FreeBSD commit 293159 changed the kernel side of that
assumption so "my address" is now always bound to "lo0" - thus, our
subnet route also ended up pointing to "lo0", breaking connectivity
for all hosts in the subnet except the one we used as "remote".

commit 60fd44e501f200 already introduced a "remote address" we use
for the "ifconfig tunX <us> <remote>" part - extend that to be used
as gateway address for the "tunX subnet" as well, and things will
work more robustly.

Tested on FreeBSD 11.0-RELEASE and 7.4-RELEASE (client and server)
(this particular issue is not present before 11.0, but "adding the
subnet route" never worked right, not even in 7.4 - 11.0 just made
the problem manifest more clearly)

Trac #425
URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207831

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20161108124506.32559-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12950.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit a433b3813d8c38b491d2baa7b433973f2d6cd7c6)

Gert Doering authored on 2016/11/08 21:45:06
Showing 1 changed files

src/openvpn/tun.c

History View file @ 446ef5b

@@ -635,8 +635,8 @@ void delete_route_connected_v6_net(struct tuntap * tt,
                       * is still point to point and no layer 2 resolution is done...
                       */
                     -const char *
                     -create_arbitrary_remote( struct tuntap *tt, struct gc_arena * gc )
                     +in_addr_t
                     +create_arbitrary_remote( struct tuntap *tt )
+                     {
                        in_addr_t remote;
@@ -644,7 +644,7 @@ create_arbitrary_remote( struct tuntap *tt, struct gc_arena * gc )
                        if ( remote == tt->local ) remote ++;
                     -  return print_in_addr_t (remote, 0, gc);
                     +  return remote;
+                     }
                      #endif
@@ -1126,6 +1126,8 @@ do_ifconfig (struct tuntap *tt,
                      #elif defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)
                     +      in_addr_t remote_end;		/* for "virtual" subnet topology */
+                    +
                            /* example: ifconfig tun2 10.2.0.2 10.2.0.1 mtu 1450 netmask 255.255.255.255 up */
                            if (tun)
                      	argv_printf (&argv,
@@ -1138,12 +1140,13 @@ do_ifconfig (struct tuntap *tt,
                      			  );
                            else if ( tt->topology == TOP_SUBNET )
+                     	{
                     +	    remote_end = create_arbitrary_remote( tt );
                      	    argv_printf (&argv,
                      			  "%s %s %s %s mtu %d netmask %s up",
                      			  IFCONFIG_PATH,
                      			  actual,
                      			  ifconfig_local,
                     -			  create_arbitrary_remote( tt, &gc ),
                     +			  print_in_addr_t (remote_end, 0, &gc),
                      			  tun_mtu,
                      			  ifconfig_remote_netmask
                      			  );
@@ -1170,7 +1173,7 @@ do_ifconfig (struct tuntap *tt,
                                r.flags = RT_DEFINED;
                                r.network = tt->local & tt->remote_netmask;
                                r.netmask = tt->remote_netmask;
                     -          r.gateway = tt->local;
                     +          r.gateway = remote_end;
                                add_route (&r, tt, 0, NULL, es);
+                             }