Signed-off-by: Gert Doering <gert@greenie.muc.de>
Gert Doering authored on 2010/08/08 19:34:00... | ... |
@@ -315,3 +315,21 @@ Sun Mar 7 19:17:33 CET 2010 |
315 | 315 |
is older than 9.7, log warning and disable IPv6 (won't work anyway). |
316 | 316 |
|
317 | 317 |
* release as patch 20100307-1 |
318 |
+ |
|
319 |
+Sat Jul 10 14:37:52 CEST 2010 |
|
320 |
+ |
|
321 |
+ * TEST SUCCESS: point-to-point tun mode with --ifconfig-ipv6 between |
|
322 |
+ Solaris10/sparc and Linux (Michal Ludvig) |
|
323 |
+ (using the whiteboard tun driver on Solaris, otherwise "no IPv6") |
|
324 |
+ |
|
325 |
+Sun Aug 8 12:30:44 CEST 2010 |
|
326 |
+ |
|
327 |
+ * route.c: split NetBSD and OpenBSD parts of add_route_ipv6() and |
|
328 |
+ delete_route_ipv6(), implement OpenBSD variant |
|
329 |
+ (needs "-prefixlen nn" while NetBSD uses "/nn") |
|
330 |
+ |
|
331 |
+ * tun.c: implement IPv6 ifconfig for OpenBSD |
|
332 |
+ |
|
333 |
+ * tun.c: destroy tunX interface at tun_close() on OpenBSD (cleanup) |
|
334 |
+ |
|
335 |
+ * TEST SUCCESS: OpenBSD 4.7: client-tun/net30, v4+v6 |
... | ... |
@@ -1407,17 +1407,23 @@ add_route_ipv6 (struct route_ipv6 *r6, const struct tuntap *tt, unsigned int fla |
1407 | 1407 |
argv_msg (D_ROUTE, &argv); |
1408 | 1408 |
status = openvpn_execve_check (&argv, es, 0, "ERROR: MacOS X route add -inet6 command failed"); |
1409 | 1409 |
|
1410 |
-#elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) |
|
1410 |
+#elif defined(TARGET_OPENBSD) |
|
1411 | 1411 |
|
1412 |
- /* GERT-TODO: this needs real-world testing on OpenBSD, but it should work |
|
1413 |
- */ |
|
1412 |
+ argv_printf (&argv, "%s add -inet6 %s -prefixlen %d %s", |
|
1413 |
+ ROUTE_PATH, |
|
1414 |
+ network, r6->netbits, gateway ); |
|
1415 |
+ |
|
1416 |
+ argv_msg (D_ROUTE, &argv); |
|
1417 |
+ status = openvpn_execve_check (&argv, es, 0, "ERROR: OpenBSD route add -inet6 command failed"); |
|
1418 |
+ |
|
1419 |
+#elif defined(TARGET_NETBSD) |
|
1414 | 1420 |
|
1415 | 1421 |
argv_printf (&argv, "%s add -inet6 %s/%d %s", |
1416 | 1422 |
ROUTE_PATH, |
1417 | 1423 |
network, r6->netbits, gateway ); |
1418 | 1424 |
|
1419 | 1425 |
argv_msg (D_ROUTE, &argv); |
1420 |
- status = openvpn_execve_check (&argv, es, 0, "ERROR: NetBSD/OpenBSD route add -inet6 command failed"); |
|
1426 |
+ status = openvpn_execve_check (&argv, es, 0, "ERROR: NetBSD route add -inet6 command failed"); |
|
1421 | 1427 |
|
1422 | 1428 |
#else |
1423 | 1429 |
msg (M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on this operating system. Try putting your routes in a --route-up script"); |
... | ... |
@@ -1677,17 +1683,23 @@ delete_route_ipv6 (const struct route_ipv6 *r6, const struct tuntap *tt, unsigne |
1677 | 1677 |
argv_msg (D_ROUTE, &argv); |
1678 | 1678 |
openvpn_execve_check (&argv, es, 0, "ERROR: *BSD route delete -inet6 command failed"); |
1679 | 1679 |
|
1680 |
-#elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) |
|
1680 |
+#elif defined(TARGET_OPENBSD) |
|
1681 | 1681 |
|
1682 |
- /* GERT-TODO: this needs real-world testing on OpenBSD, but it should work |
|
1683 |
- */ |
|
1682 |
+ argv_printf (&argv, "%s delete -inet6 %s -prefixlen %d %s", |
|
1683 |
+ ROUTE_PATH, |
|
1684 |
+ network, r6->netbits, gateway ); |
|
1685 |
+ |
|
1686 |
+ argv_msg (D_ROUTE, &argv); |
|
1687 |
+ openvpn_execve_check (&argv, es, 0, "ERROR: OpenBSD route delete -inet6 command failed"); |
|
1688 |
+ |
|
1689 |
+#elif defined(TARGET_NETBSD) |
|
1684 | 1690 |
|
1685 | 1691 |
argv_printf (&argv, "%s delete -inet6 %s/%d %s", |
1686 | 1692 |
ROUTE_PATH, |
1687 | 1693 |
network, r6->netbits, gateway ); |
1688 | 1694 |
|
1689 | 1695 |
argv_msg (D_ROUTE, &argv); |
1690 |
- openvpn_execve_check (&argv, es, 0, "ERROR: NetBSD/OpenBSD route delete -inet6 command failed"); |
|
1696 |
+ openvpn_execve_check (&argv, es, 0, "ERROR: NetBSD route delete -inet6 command failed"); |
|
1691 | 1697 |
|
1692 | 1698 |
#else |
1693 | 1699 |
msg (M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on this operating system. Try putting your routes in a --route-down script"); |
... | ... |
@@ -573,7 +573,7 @@ init_tun_post (struct tuntap *tt, |
573 | 573 |
} |
574 | 574 |
|
575 | 575 |
#if defined(TARGET_WIN32) || \ |
576 |
- defined(TARGET_DARWIN) || defined(TARGET_NETBSD) |
|
576 |
+ defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) |
|
577 | 577 |
|
578 | 578 |
/* some of the platforms will auto-add a "network route" pointing |
579 | 579 |
* to the interface on "ifconfig tunX 2001:db8::1/64", others need |
... | ... |
@@ -880,7 +880,18 @@ do_ifconfig (struct tuntap *tt, |
880 | 880 |
openvpn_execve_check (&argv, es, S_FATAL, "OpenBSD ifconfig failed"); |
881 | 881 |
if ( do_ipv6 ) |
882 | 882 |
{ |
883 |
- msg( M_FATAL, "can't configure IPv6 on OpenBSD yet - unimplemented" ); |
|
883 |
+ argv_printf (&argv, |
|
884 |
+ "%s %s inet6 %s/%d", |
|
885 |
+ IFCONFIG_PATH, |
|
886 |
+ actual, |
|
887 |
+ ifconfig_ipv6_local, |
|
888 |
+ tt->netbits_ipv6 |
|
889 |
+ ); |
|
890 |
+ argv_msg (M_INFO, &argv); |
|
891 |
+ openvpn_execve_check (&argv, es, S_FATAL, "OpenBSD ifconfig inet6 failed"); |
|
892 |
+ |
|
893 |
+ /* and, hooray, we explicitely need to add a route... */ |
|
894 |
+ add_route_connected_v6_net(tt, es); |
|
884 | 895 |
} |
885 | 896 |
tt->did_ifconfig = true; |
886 | 897 |
|
... | ... |
@@ -941,7 +952,7 @@ do_ifconfig (struct tuntap *tt, |
941 | 941 |
tt->netbits_ipv6 |
942 | 942 |
); |
943 | 943 |
argv_msg (M_INFO, &argv); |
944 |
- openvpn_execve_check (&argv, es, S_FATAL, "NetBSD ifconfig failed"); |
|
944 |
+ openvpn_execve_check (&argv, es, S_FATAL, "NetBSD ifconfig inet6 failed"); |
|
945 | 945 |
|
946 | 946 |
/* and, hooray, we explicitely need to add a route... */ |
947 | 947 |
add_route_connected_v6_net(tt, es); |
... | ... |
@@ -1910,12 +1921,31 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu |
1910 | 1910 |
} |
1911 | 1911 |
} |
1912 | 1912 |
|
1913 |
+/* the current way OpenVPN handles tun devices on OpenBSD leads to |
|
1914 |
+ * lingering tunX interfaces after close -> for a full cleanup, they |
|
1915 |
+ * need to be explicitely destroyed |
|
1916 |
+ */ |
|
1917 |
+ |
|
1913 | 1918 |
void |
1914 | 1919 |
close_tun (struct tuntap* tt) |
1915 | 1920 |
{ |
1916 | 1921 |
if (tt) |
1917 | 1922 |
{ |
1923 |
+ struct gc_arena gc = gc_new (); |
|
1924 |
+ struct argv argv; |
|
1925 |
+ |
|
1926 |
+ /* setup command, close tun dev (clears tt->actual_name!), run command |
|
1927 |
+ */ |
|
1928 |
+ |
|
1929 |
+ argv_init (&argv); |
|
1930 |
+ argv_printf (&argv, "%s %s destroy", |
|
1931 |
+ IFCONFIG_PATH, tt->actual_name); |
|
1932 |
+ |
|
1918 | 1933 |
close_tun_generic (tt); |
1934 |
+ |
|
1935 |
+ argv_msg (M_INFO, &argv); |
|
1936 |
+ openvpn_execve_check (&argv, NULL, 0, "OpenBSD 'destroy tun interface' failed (non-critical)"); |
|
1937 |
+ |
|
1919 | 1938 |
free (tt); |
1920 | 1939 |
} |
1921 | 1940 |
} |