kern/51301: 7.99.32 has broken IPv6 functionality of pkgsrc/net/openvpn

[paul%whooppee.com@localhost]

>Number:         51301
>Category:       kern
>Synopsis:       7.99.32 has broken IPv6 functionality of pkgsrc/net/openvpn
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jul 02 01:20:00 +0000 2016
>Originator:     Paul Goyette
>Release:        NetBSD 7.99.32
>Organization:
+------------------+--------------------------+------------------------+
| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:      |
| (Retired)        | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com   |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org |
+------------------+--------------------------+------------------------+
>Environment:
	
	
System: NetBSD pokey.whooppee.com 7.99.32 NetBSD 7.99.32 (POKEY 2016-06-30 09:34:28) #0: Thu Jun 30 19:56:16 PHT 2016  paul%pokey.whooppee.com@localhost:/build/netbsd-local/obj/amd64/sys/arch/amd64/compile/POKEY amd64
Architecture: x86_64
Machine: amd64
>Description:
I have a machine at home which has only IPv4 connectivity, and that is
behind a IP-NAT DSL router.  No fixed address is available from the ISP.

I have a globally-routable IPv6 address block allocated to me from
another ISP (a XEN-based virtual machine hosted in the US), so I usually
run net/openvpn to create a tunnel between the XEN machine and my local
machine.

All of this worked when I was running 7.99.30 kernel+userland.

But now that I've updated both kernel and userland to 7.99.32 (from
about 24 hours ago), the tunnel is not passing an IPv6 traffic.  It
still works for IPv4.
 
This is with a simple set-up with the following config files:
 
On the 7.99.32 machine, I have
   
# cat /usr/pkg/etc/openvpn/pokey-vps1.conf
dev tun
tun-ipv6
remote vps1.whooppee.com
ifconfig 172.16.1.2 172.16.1.1
ifconfig-ipv6 2605:2700:1:1043::2/120 2605:2700:1:1043::1
route-ipv6 ::/0
ping 10
<secret>
# 
# 2048 bit OpenVPN static key
# 
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
#


And on the XEN-based machine, I have

# cat /usr/pkg/etc/openvpn/vps1-pokey.conf
dev tun
tun-ipv6
#remote 112.209.159.18
ifconfig 172.16.1.1  172.16.1.2
ifconfig-ipv6 2605:2700:1:1043::1/120 2605:2700:1:1043::2
ping 10
<secret>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
#


If I ping6 from the the XEN machine towards the 7.99.32 machine, the 
packets are received, but no response is sent.  If I enable ipv6 forwarding
on the 7.99.32 machine, it attempts to reply with an ICMP6 Destination
Unreachable, even though there is a route for the destination:

2605:2700:1:1043::/120                  link#3                         UC          -        -      -  tun0
2605:2700:1:1043::2                     tun0                           UHl         -        -      -  tun0

Note, however, that the ::2 address has both Gateway and Interface set to
the tunnel interface. On the XEN-based machine we see

2605:2700:1:1043::/120             link#3             UC          0       22      -  tun0
2605:2700:1:1043::1                link#3             UHL         1        6      -  lo0

where the Gateway is link#3 and the Interface is lo0 !!


This used to work on 7.99.30 .....

	
>How-To-Repeat:
	
>Fix:
	

>Unformatted: