Re: Fwd: 10-BETA : some network issues

To: Michael van Elst <mlelstv%serpens.de@localhost>
Subject: Re: Fwd: 10-BETA : some network issues
From: BERTRAND Joël <joel.bertrand%systella.fr@localhost>
Date: Mon, 2 Jan 2023 10:17:39 +0100

Michael van Elst a écrit :
> On Sun, Jan 01, 2023 at 04:56:12PM +0100, BERTRAND Joël wrote:
>>> Looks like it, while lagg registers as an ethernet device (which
>>> adds a packet tap), it doesn't emit packages itself, but relays
>>> it only to the output routine of a member interface. It needs to
>>> invoke the tap routine itself, so that tcpdump (and other packet
>>> filters like npf) can see the packets.
>>
>> 	I have installed a VM with -10 to test tap device.
> 
> Something like this might help (sorry, can't test now):
> 
> Index: sys/net/lagg/if_lagg.c
> ===================================================================
> RCS file: /cvsroot/src/sys/net/lagg/if_lagg.c,v
> retrieving revision 1.48
> diff -p -u -r1.48 if_lagg.c
> --- sys/net/lagg/if_lagg.c      26 Jun 2022 17:55:24 -0000      1.48
> +++ sys/net/lagg/if_lagg.c      1 Jan 2023 18:06:38 -0000
> @@ -1051,6 +1051,8 @@ lagg_output(struct lagg_softc *sc, struc
>         len = m->m_pkthdr.len;
>         mflags = m->m_flags;
>  
> +       bpf_mtap(ifp, m, BPF_D_OUT);
> +
>         error = lagg_port_xmit(lp, m);
>         if (error) {
>                 /* mbuf is already freed */

	Thanks Michael, I shall test as soon as possible.

	I have configured this morning my NetBSD-10 VM. Network configuration
is very simple: only one network adapter (wm0) and a OpenVPN
configuration (VPN/UDP). This VM tries to connect to the same OpenVPN
server. I have only added a new SSL key.

	Connection to server os done without trouble and client receives this
IP address (192.168.1.4) and a script adds an IPv6 address.

	Log grom server:

Jan  2 10:09:20 rayleigh ovpn-server_udp[3768644]:
huygens/62.212.98.88:47357 SIGUSR1[soft,ping-restart] received,
client-instance restarting
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]: 62.212.98.88:47357
VERIFY OK: depth=1, C=FR, ST=FR, L=Paris, O=Systella, CN=Systella CA,
emailAddress=joel.bertrand%systella.fr@localhost
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]: 62.212.98.88:47357
VERIFY OK: depth=0, C=FR, ST=FR, L=Paris, O=Systella, CN=huygens,
emailAddress=joel.bertrand%systella.fr@localhost
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]: 62.212.98.88:47357
peer info: IV_VER=2.5.8
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]: 62.212.98.88:47357
peer info: IV_PLAT=netbsd
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]: 62.212.98.88:47357
peer info: IV_PROTO=6
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]: 62.212.98.88:47357
peer info: IV_NCP=2
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]: 62.212.98.88:47357
peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]: 62.212.98.88:47357
peer info: IV_LZ4=1
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]: 62.212.98.88:47357
peer info: IV_LZ4v2=1
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]: 62.212.98.88:47357
peer info: IV_LZO=1
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]: 62.212.98.88:47357
peer info: IV_COMP_STUB=1
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]: 62.212.98.88:47357
peer info: IV_COMP_STUBv2=1
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]: 62.212.98.88:47357
peer info: IV_TCPNL=1
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]: 62.212.98.88:47357
WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500',
remote='tun-mtu 1532'
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]: 62.212.98.88:47357
Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer
certificate: 1024 bit RSA, signature: RSA-SHA1
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]: 62.212.98.88:47357
[huygens] Peer Connection Initiated with [AF_INET]62.212.98.88:47357
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]:
huygens/62.212.98.88:47357 MULTI: no dynamic or static remote--ifconfig
address is available for huygens/62.212.98.88:47357
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]:
huygens/62.212.98.88:47357 Data Channel: using negotiated cipher
'AES-256-GCM'
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]:
huygens/62.212.98.88:47357 Outgoing Data Channel: Cipher 'AES-256-GCM'
initialized with 256 bit key
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]:
huygens/62.212.98.88:47357 Incoming Data Channel: Cipher 'AES-256-GCM'
initialized with 256 bit key
Jan  2 10:09:35 rayleigh ovpn-server_udp[3768644]:
huygens/62.212.98.88:47357 SENT CONTROL [huygens]: 'PUSH_REPLY,ping
5,ping-restart 30,peer-id 1,cipher AES-256-GCM' (status=1)

	On client side, ifconfig returns wm0, of course lo0 and tap0 (with
flags <DETACHED>).

	Of course, from client, I can ping local tap0 address (192.168.1.4) but
not server (192.168.1.1, through VPN).

	Best regards,

	JB

Follow-Ups:
- Re: Fwd: 10-BETA : some network issues
  - From: BERTRAND Joël

References:
- Re: Fwd: 10-BETA : some network issues
  - From: BERTRAND Joël
- Re: Fwd: 10-BETA : some network issues
  - From: Gert Doering
- Re: Fwd: 10-BETA : some network issues
  - From: BERTRAND Joël
- Re: Fwd: 10-BETA : some network issues
  - From: BERTRAND Joël
- Re: Fwd: 10-BETA : some network issues
  - From: Michael van Elst
- Re: Fwd: 10-BETA : some network issues
  - From: BERTRAND Joël
- Re: Fwd: 10-BETA : some network issues
  - From: Michael van Elst
- Re: Fwd: 10-BETA : some network issues
  - From: BERTRAND Joël
- Re: Fwd: 10-BETA : some network issues
  - From: Michael van Elst
- Re: Fwd: 10-BETA : some network issues
  - From: BERTRAND Joël
- Re: Fwd: 10-BETA : some network issues
  - From: Michael van Elst

Prev by Date: Re: Fwd: 10-BETA : some network issues
Next by Date: Re: Fwd: 10-BETA : some network issues
Previous by Thread: Re: Fwd: 10-BETA : some network issues
Next by Thread: Re: Fwd: 10-BETA : some network issues
Indexes:

Home | Main Index | Thread Index | Old Index