NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/57156: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA



>Number:         57156
>Category:       kern
>Synopsis:       OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jan 03 12:50:00 +0000 2023
>Originator:     BERTRAND Joël
>Release:        10.0_BETA
>Organization:
Systella
>Environment:
NetBSD legendre.systella.fr 10.0_BETA NetBSD 10.0_BETA (CUSTOM) #3: Tue Dec 27 08:46:20 CET 2022  root%legendre.systella.fr@localhost:/usr/src/netbsd-10/obj/sys/arch/amd64/compile/CUSTOM amd64
>Description:
        Let consider an OpenVPN client (VPN interface could be tap0 or
tun0). This client is connected to an OpenVPN server through a physical
Ethernet adapter (in my case, wm0).

        Client IP address : 192.168.1.2
        Server IP address : 192.168.1.1

WAN-----192.168.1.1 (OpenVPN server, Linux)
 |
WAN-----192.168.1.2 (OpenVPN client, NetBSD 10.0_BETA) 192.168.10.128---LAN

        VPN connection is up but :
- OpenVPN server cannot ping client (192.168.1.2);
- OpenVPN client cannot ping server (192.168.1.1).

        If I add a second Ethernet adapter in client (to connect a LAN)
and if I configure npf to nat IP behind client, all workstations on LAN
can ping OpenVPN server.

        Same configuration ran fine with NetBSD-9.3 kernel (and all
kernels since -7).

        tcpdump doesn't show packets. Kernel only seems to drop packets.
>How-To-Repeat:
Configure an OpenVPN client. I have tested with an OpenVPN UDP
configuration, but with tap and tun interface.
>Fix:



Home | Main Index | Thread Index | Old Index