- cleanup TUN/TAP devices at program end ("ifconfig ... destroy")
- make TUN device setup for "topology subnet" work together with IPv6
(setup correct netmask and route, but do not use IFF_BROADCAST)
There's one catch for FreeBSD 8.2 if you use pf(4): it will block IPv6
fragments by default, so the standard t_client.sh test sets fail unless
you specifically add "pass in on tun1 fragment" rules - but there's
nothing OpenVPN can do about it.
Tested with IPv4 and IPv6 on 7.4-RELEASE/amd64 and 8.2-RELEASE/amd64
Signed-off-by: Gert Doering <gert@greenie.muc.de>
URL: http://thread.gmane.org/gmane.network.openvpn.devel/5303
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
... | ... |
@@ -1098,6 +1098,18 @@ do_ifconfig (struct tuntap *tt, |
1098 | 1098 |
ifconfig_remote_netmask, |
1099 | 1099 |
tun_mtu |
1100 | 1100 |
); |
1101 |
+ else if ( tt->topology == TOP_SUBNET ) |
|
1102 |
+ { |
|
1103 |
+ argv_printf (&argv, |
|
1104 |
+ "%s %s %s %s mtu %d netmask %s up", |
|
1105 |
+ IFCONFIG_PATH, |
|
1106 |
+ actual, |
|
1107 |
+ ifconfig_local, |
|
1108 |
+ ifconfig_local, |
|
1109 |
+ tun_mtu, |
|
1110 |
+ ifconfig_remote_netmask |
|
1111 |
+ ); |
|
1112 |
+ } |
|
1101 | 1113 |
else |
1102 | 1114 |
argv_printf (&argv, |
1103 | 1115 |
"%s %s %s netmask %s mtu %d up", |
... | ... |
@@ -2246,10 +2258,8 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu |
2246 | 2246 |
|
2247 | 2247 |
if (tt->fd >= 0 && tt->type == DEV_TYPE_TUN) |
2248 | 2248 |
{ |
2249 |
- int i = 0; |
|
2249 |
+ int i = IFF_POINTOPOINT | IFF_MULTICAST; |
|
2250 | 2250 |
|
2251 |
- i = tt->topology == TOP_SUBNET ? IFF_BROADCAST : IFF_POINTOPOINT; |
|
2252 |
- i |= IFF_MULTICAST; |
|
2253 | 2251 |
if (ioctl (tt->fd, TUNSIFMODE, &i) < 0) { |
2254 | 2252 |
msg (M_WARN | M_ERRNO, "ioctl(TUNSIFMODE): %s", strerror(errno)); |
2255 | 2253 |
} |
... | ... |
@@ -2260,12 +2270,33 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu |
2260 | 2260 |
} |
2261 | 2261 |
} |
2262 | 2262 |
|
2263 |
+/* tun(4): "These network interfaces persist until the if_tun.ko module is |
|
2264 |
+ * unloaded, or until removed with the ifconfig(8) command." |
|
2265 |
+ * (verified for FreeBSD 6.3, 7.4, 8.2 and 9, same for tap(4)) |
|
2266 |
+ * |
|
2267 |
+ * so, to avoid lingering tun/tap interfaces after OpenVPN quits, |
|
2268 |
+ * we need to call "ifconfig ... destroy" for cleanup |
|
2269 |
+ */ |
|
2263 | 2270 |
void |
2264 | 2271 |
close_tun (struct tuntap *tt) |
2265 | 2272 |
{ |
2266 | 2273 |
if (tt) |
2267 | 2274 |
{ |
2275 |
+ struct gc_arena gc = gc_new (); |
|
2276 |
+ struct argv argv; |
|
2277 |
+ |
|
2278 |
+ /* setup command, close tun dev (clears tt->actual_name!), run command |
|
2279 |
+ */ |
|
2280 |
+ |
|
2281 |
+ argv_init (&argv); |
|
2282 |
+ argv_printf (&argv, "%s %s destroy", |
|
2283 |
+ IFCONFIG_PATH, tt->actual_name); |
|
2284 |
+ |
|
2268 | 2285 |
close_tun_generic (tt); |
2286 |
+ |
|
2287 |
+ argv_msg (M_INFO, &argv); |
|
2288 |
+ openvpn_execve_check (&argv, NULL, 0, "FreeBSD 'destroy tun interface' failed (non-critical)"); |
|
2289 |
+ |
|
2269 | 2290 |
free (tt); |
2270 | 2291 |
} |
2271 | 2292 |
} |