Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA

To: BERTRAND Joël <joel.bertrand%systella.fr@localhost>
Subject: Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA
From: Ryota Ozaki <ozaki-r%netbsd.org@localhost>
Date: Wed, 4 Jan 2023 19:51:28 +0900

On Wed, Jan 4, 2023 at 6:45 PM BERTRAND Joël <joel.bertrand%systella.fr@localhost> wrote:
>
>         I have tested your configuration between my VM (OpenVPN client) and
> host that runs this VM (OpenVPN server).
>
>         Thus client and server run on the same physical workstation. Server in
> host (Linux devuan/testing), client in KVM guest (NetBSD 10.0). I use
> TCP to avoid NAT issue. Of course, I have checked that packets are not
> blocked.
>
> Server:
> Root hilbert:[~] > openvpn --dev tun1 --ifconfig 10.4.0.1 10.4.0.2
> --verb 10 --proto tcp-server
>
> Client:
> netbsd-test1# openvpn --remote 192.168.10.103 --dev tun1 --ifconfig
> 10.4.0.2 10.4.0.1 --verb 10 --float --ping 10 --proto tcp-client
>
>         I can ping server from client and client from server.

Good. Thank you for testing.

>
>         Now, I use another OpenVPN server, on a different host.
>
> legendre# openvpn --dev tun1 --ifconfig 10.4.0.1 10.4.0.2 --verb 10
> --proto tcp-server
>
>         tcpdump -i wm0 -p port 1194 on client shows packets in both directions.
>
>         On legendre (NetBSD 10.0), tun1 is up and configured, but OpenVPN
> client is not accessible:
>
> legendre:[~] > ifconfig tun1
> tun1: flags=0x8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
>         status: active
>         inet6 fe80::b696:91ff:fe92:776e%tun1/64 ->  flags 0 scopeid 0xb
>         inet 10.4.0.1/32 -> 10.4.0.2 flags 0
> legendre:[~] > ping 10.4.0.2
> PING 10.4.0.2 (10.4.0.2): 56 data bytes
> ^C
> ----10.4.0.2 PING Statistics----
> 5 packets transmitted, 0 packets received, 100.0% packet loss
> legendre:[~] > route show
> Routing tables
> ...
> 10.4.0.1           tun1               UHl         -        -      - lo0
> 10.4.0.2           10.4.0.1           UH          -        -      - tun1
> ...

So packets are sent to a peer and dropped at tun1 (or somewhere)
on a peer, right? Could you show me the output of ifconfig -v tun1?

If packets are not dropped at tun1, we may be able to see packet drops
with netstat -s.

Anyway, I'll set up another machine tomorrow.

  ozaki-r

Follow-Ups:
- Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA
  - From: BERTRAND Joël

References:
- Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA
  - From: Ryota Ozaki
- Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA
  - From: BERTRAND Joël

Prev by Date: Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA
Next by Date: Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA
Previous by Thread: Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA
Next by Thread: Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA
Indexes:

Home | Main Index | Thread Index | Old Index