Thanks. The last post on the thread of your supplied link, stated:
"when a packet comes from ral0 ---> 10.0.0.1, the bridge changes
the received interface to vr0, which has IFCAP_CSUM_IPv4. So
when the icmp layer is about to test the checksum, it assumes
the output interface is the same one which the packet came in
(in our case, vr0, and not ral0). So the checksum does not get
calculated."
and that sounded familiar. On my attempts to analyze tcpdump(8) output
from pf(4) on acx(4) and tun(4), I think (...) I noticed that packages
received on acx were tagged as coming in on bge(4), not tun as I would
expect. Am I understanding the potential problem correct? I believe my
setup is a little different:
WLAN
|
acx(4)
------
tun(4)
bridge
bge(4)
------
bge(4) url(4) -- INTERNET
|
LAN
Fortunatly I still have the 5.0 machine available (I did the re-install
with 4.7 on a different machine) but it is a laptop and I cannot replace
bge. However, I can switch the setup and use either url(4, USB-adapter)
or ep(4, PCMCIA) in place of bge, but I'm not sure if any of those won't
do "cksum offloading"?
ep1 == pcmcia1 "3Com Corporation, 3C589, TP/BNC LAN Card Ver. 2a"
url0 == uhub0 port 1 "USBKR100 USB 10/100 LAN" rev 1.10/1.00
On Fri, Dec 23, 2011 at 05:26:07PM -0200, Christiano F. Haesbaert wrote:
> I didn't think this much through yet, but it can be a manifestation of:
>
> http://marc.info/?l=openbsd-misc&m=132234363030132&w=2
>
> Could try replacing the bge with some cheap card, one that doesn't do
> cksum offloading ?
> If not, I'll check the driver to disable it this weekend.
>
>
> On 22 December 2011 21:32, Erling Westenvik <[email protected]>
> wrote:
> > On Thu, Dec 22, 2011 at 09:40:47AM +0100, Janne Johansson wrote:
> >> 2011/12/22 Erling Westenvik <[email protected]>:
> >> > Sorry for bumping this here @ misc when my question propably belong to
> >> > some OpenVPN forum, but it seems like no-one out there can say much on
> >> > OpenVPN issues that appears to be OpenBSD spesific.
> >> >
> >> > What puzzles me is that I cannot make the tun-interface show up in the
> >> > route table on the server:
> >> >
> >> > Destination Gateway Flags Refs Use Mtu Prio Iface
> >> > default AAA.BB.CCC.D UGS 3 1101 - 8 url0
> >> > 127/8 127.0.0.1 UGRS 0 0 33196 8 lo0
> >> > 127.0.0.1 127.0.0.1 UH 2 0 33196 4 lo0
> >> > 192.168.2/24 link#5 UC 1 0 - 4 acx0
> >> > 192.168.2.200 00:16:ea:b3:65:d0 UHLc 1 400 - 4 acx0
> >> > 192.168.3/24 link#2 UC 2 0 - 4 bge0
> >> > 192.168.3.106 00:1e:4f:95:19:1d UHLc 1 1582 - 4 bge0
> >> > 192.168.3.200 fe:e1:ba:d7:c3:24 UHLc 0 28 - 4 bge0
> >> > 193.90.160/20 link#6 UC 1 0 - 4 url0
> >> > AAA.BB.CCC.D 00:90:1a:42:6d:81 UHLc 1 0 - 4 url0
> >> > AAA.BB.CCC.DDD 127.0.0.1 UGHS 0 0 33196 8 lo0
> >> > 224/4 127.0.0.1 URS 0 0 33196 8 lo0
> >> >
> >> > /etc/hostname.tun0 <<<
> >> > link0
> >> > up
> >> > !/usr/local/sbin/openvpn --config /etc/openvpn/server.conf
> >> >>>>
> >> >
> >> > /etc/hostname.bridge0 <<<
> >> > add bge0
> >> > add acx0
> >> > up
> >> >>>>
> >>
> >> What does ifconfig tun0 say?
> >>
> >> When I did openvpn before I mostly didn't start openvpn from the tun
> >> config file myself, but rather start openvpn and make that one bring
> >> up tuns for me, but I would assume that if the tunnel goes up and then
> >> down and if it takes the tun0 down until the tunnel can be taken up
> >> again, the network that tun0 belonged to would not show in the routing
> >> table until it gets back up again. Any interface that has an address
> >> and that is up would somehow make an entry in the routing tables.
> >>
> >
> > Thanks, but I gave up, re-installed OpenBSD 4.7 and now everything is
> > working. Beats me why but I'm pretty sure it had something to do with
> > routing when running OpenVPN in bridged mode.
> >
> > For identical configurations as far as pf-, tun-, bridge- and OpenVPN
> > files are concerned, this works:
> >
> > server: OpenBSD 4.7/OpenVPN 2.1.0 (using keys from 2.1.4)
> > client: OpenBSD 5.0/OpenVPN 2.1.4
> >
> > while this don't:
> >
> > server: OpenBSD 5.0/OpenVPN 2.1.4
> > client: OpenBSD 5.0/OpenVPN 2.1.4
> >
> > I will try with OpenBSD 4.8 and 4.9 during the holidays.
> >
> > --
> > Cheers,
> > Erling
> >
--
Cheers,
Erling
-- In terra pax hommnibus bonae voluntatis
