Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,joel.bertrand%systella.fr@localhost
Subject: Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA
From: Ryota Ozaki <ozaki-r%netbsd.org@localhost>
Date: Wed, 4 Jan 2023 10:55:01 +0000 (UTC)

The following reply was made to PR kern/57155; it has been noted by GNATS.

From: Ryota Ozaki <ozaki-r%netbsd.org@localhost>
To: =?UTF-8?Q?BERTRAND_Jo=C3=ABl?= <joel.bertrand%systella.fr@localhost>
Cc: gnats-bugs%netbsd.org@localhost, kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, 
	netbsd-bugs%netbsd.org@localhost
Subject: Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA
Date: Wed, 4 Jan 2023 19:51:28 +0900

 On Wed, Jan 4, 2023 at 6:45 PM BERTRAND Jo=C3=ABl <joel.bertrand@systella.f=
 r> wrote:
 >
 >         I have tested your configuration between my VM (OpenVPN client) a=
 nd
 > host that runs this VM (OpenVPN server).
 >
 >         Thus client and server run on the same physical workstation. Serv=
 er in
 > host (Linux devuan/testing), client in KVM guest (NetBSD 10.0). I use
 > TCP to avoid NAT issue. Of course, I have checked that packets are not
 > blocked.
 >
 > Server:
 > Root hilbert:[~] > openvpn --dev tun1 --ifconfig 10.4.0.1 10.4.0.2
 > --verb 10 --proto tcp-server
 >
 > Client:
 > netbsd-test1# openvpn --remote 192.168.10.103 --dev tun1 --ifconfig
 > 10.4.0.2 10.4.0.1 --verb 10 --float --ping 10 --proto tcp-client
 >
 >         I can ping server from client and client from server.
 
 Good. Thank you for testing.
 
 >
 >         Now, I use another OpenVPN server, on a different host.
 >
 > legendre# openvpn --dev tun1 --ifconfig 10.4.0.1 10.4.0.2 --verb 10
 > --proto tcp-server
 >
 >         tcpdump -i wm0 -p port 1194 on client shows packets in both direc=
 tions.
 >
 >         On legendre (NetBSD 10.0), tun1 is up and configured, but OpenVPN
 > client is not accessible:
 >
 > legendre:[~] > ifconfig tun1
 > tun1: flags=3D0x8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
 >         status: active
 >         inet6 fe80::b696:91ff:fe92:776e%tun1/64 ->  flags 0 scopeid 0xb
 >         inet 10.4.0.1/32 -> 10.4.0.2 flags 0
 > legendre:[~] > ping 10.4.0.2
 > PING 10.4.0.2 (10.4.0.2): 56 data bytes
 > ^C
 > ----10.4.0.2 PING Statistics----
 > 5 packets transmitted, 0 packets received, 100.0% packet loss
 > legendre:[~] > route show
 > Routing tables
 > ...
 > 10.4.0.1           tun1               UHl         -        -      - lo0
 > 10.4.0.2           10.4.0.1           UH          -        -      - tun1
 > ...
 
 So packets are sent to a peer and dropped at tun1 (or somewhere)
 on a peer, right? Could you show me the output of ifconfig -v tun1?
 
 If packets are not dropped at tun1, we may be able to see packet drops
 with netstat -s.
 
 Anyway, I'll set up another machine tomorrow.
 
   ozaki-r

Prev by Date: Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA
Next by Date: Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA
Previous by Thread: Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA
Next by Thread: Re: kern/57155: OpenVPN (tap and tun) doesn't run as expected on 10.0_BETA
Indexes:

Home | Main Index | Thread Index | Old Index