Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA

[Ryota Ozaki <ozaki-r%netbsd.org@localhost>]

The following reply was made to PR kern/57155; it has been noted by GNATS.

From: Ryota Ozaki <ozaki-r%netbsd.org@localhost>
To: =?UTF-8?Q?BERTRAND_Jo=C3=ABl?= <joel.bertrand%systella.fr@localhost>
Cc: gnats-bugs%netbsd.org@localhost, kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, 
	netbsd-bugs%netbsd.org@localhost
Subject: Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA
Date: Wed, 4 Jan 2023 19:28:52 +0900

 On Wed, Jan 4, 2023 at 4:57 PM Ryota Ozaki <ozaki-r%netbsd.org@localhost> wrote:
 >
 > On Wed, Jan 4, 2023 at 4:30 PM BERTRAND Jo=C3=ABl <joel.bertrand@systella=
 .fr> wrote:
 > >
 > > Ryota Ozaki a =C3=A9crit :
 > > >  I've installed NetBSD 10 on Linux KVM and tested with them.  The gue=
 st
 > > >  is under NAT in my setup.  OpenVPN is installed via pkg_add.
 > >
 > >         I have seen this issue on my main server (that was installed wi=
 th 7.2
 > > if I remember and upgraded until 10_BETA) and on a fresh install in a V=
 M
 > > (KVM). I have built openvpn from pkgsrc.
 > >
 > > >  netbsd10# uname -a
 > > >  NetBSD netbsd10 10.0_BETA NetBSD 10.0_BETA (GENERIC) #0: Sat Dec 31
 > > >  04:55:53 UTC 2022
 > > >  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC
 > > >  amd64
 > > >  netbsd10# pkg_info openvpn |head -1
 > > >  Information for openvpn-2.5.7nb1:
 > >
 > >         Mine is OpenVPN 2.5.8 (on both systems).
 > >
 > > >  With the simple openvpn setups below, ping between the client and th=
 e serve=3D
 > > >  r
 > > >  works for me.
 > > >
 > > >  [host]
 > > >  openvpn --remote 192.168.122.11 --dev tun1 --ifconfig 10.4.0.1 10.4.=
 0.2 --v=3D
 > > >  erb 1
 > > >
 > > >  [guest]
 > > >  openvpn --remote 192.168.0.100 --dev tun1 --ifconfig 10.4.0.2 10.4.0=
 .1
 > > >  --verb 1 --float --ping 10
 > > >
 > > >  [ping from guest]
 > > >  netbsd10# ping -n -c 1 10.4.0.1
 > > >  PING 10.4.0.1 (10.4.0.1): 56 data bytes
 > > >  64 bytes from 10.4.0.1: icmp_seq=3D3D0 ttl=3D3D64 time=3D3D1.250718 =
 ms
 > > >
 > > >  ----10.4.0.1 PING Statistics----
 > > >  1 packets transmitted, 1 packets received, 0.0% packet loss
 > > >  round-trip min/avg/max/stddev =3D3D 1.250718/1.250718/1.250718/0.000=
 000 ms
 > >
 > >         Client configuration:
 > >
 > > rport 1194
 > > lport 1194
 > > proto udp
 > > dev tun (or dev tap)
 > > remote xxx.yyy.zzz.ttt
 > > float
 > > client
 > > tls-client
 > > remote-cert-tls server
 > > ca ...
 > > cert ...
 > > key ...
 > > comp-lzo adaptative
 > > verb 3
 > > keepalive 5 30
 > > passtos
 > >
 > >         Note that
 > >
 > > >  The difference of the results may come from differences between my a=
 nd your
 > > >  environments.  My NetBSD 10 is fresh and doesn't enable networking
 > > >  services/daemons that affect the result other than openvpn.
 > >
 > >         I can understand daemons can produce this issue, but in my VM, =
 I only
 > > have installed a system from official BETA 10.0 iso and only added open=
 vpn.
 >
 > ok, I'm trying to set up the same openvpn configuration as yours.
 
 I've set up and tested.
 
 The configurations of client/server are like those:
 
 [server]
 
 port 1194
 proto udp
 dev tun
 
 ca ca.crt
 cert servername.crt
 key servername.key
 dh none
 
 server 10.4.0.0 255.255.255.0
 keepalive 10 120
 tls-server
 
 verb 3
 
 [client]
 
 rport 1194
 lport 1194
 proto udp
 dev tun
 remote 192.168.0.100
 float
 client
 tls-client
 remote-cert-tls server
 ca ca.crt
 cert client1.crt
 key client1.key
 #comp-lzo adaptative
 verb 3
 keepalive 5 30
 passtos
 
 
 The configuration doesn't set up fixed IP addresses for client/server.
 so end-point addresses of tun interfaces are not symmetric.
 
 server: 10.4.0.1 -> 10.4.0.2
 client: 10.4.0.6 -> 10.4.0.5
 
 Anyway the client can ping to 10.4.0.1 and the server can ping to 10.4.0.6.
 
   ozaki-r