Solved! Or, since I don't really understand what is going on: "solved".. I switched the roles for bge(4) and url(4) and all of a sudden everything started to work.
I haven't tried to switch back to the non-working setup to verify, but please let me know if that would be of interest! Happy holidays! Cheers, Erling On Sat, Dec 24, 2011 at 12:32:00AM +0100, Erling Westenvik wrote: > Thanks. The last post on the thread of your supplied link, stated: > > "when a packet comes from ral0 ---> 10.0.0.1, the bridge changes > the received interface to vr0, which has IFCAP_CSUM_IPv4. So > when the icmp layer is about to test the checksum, it assumes > the output interface is the same one which the packet came in > (in our case, vr0, and not ral0). So the checksum does not get > calculated." > > and that sounded familiar. On my attempts to analyze tcpdump(8) output > from pf(4) on acx(4) and tun(4), I think (...) I noticed that packages > received on acx were tagged as coming in on bge(4), not tun as I would > expect. Am I understanding the potential problem correct? I believe my > setup is a little different: > > > WLAN > | > acx(4) > ------ > tun(4) > bridge > bge(4) > ------ > bge(4) url(4) -- INTERNET > | > LAN > > > Fortunatly I still have the 5.0 machine available (I did the re-install > with 4.7 on a different machine) but it is a laptop and I cannot replace > bge. However, I can switch the setup and use either url(4, USB-adapter) > or ep(4, PCMCIA) in place of bge, but I'm not sure if any of those won't > do "cksum offloading"? > > ep1 == pcmcia1 "3Com Corporation, 3C589, TP/BNC LAN Card Ver. 2a" > url0 == uhub0 port 1 "USBKR100 USB 10/100 LAN" rev 1.10/1.00 > > > On Fri, Dec 23, 2011 at 05:26:07PM -0200, Christiano F. Haesbaert wrote: > > I didn't think this much through yet, but it can be a manifestation of: > > > > http://marc.info/?l=openbsd-misc&m=132234363030132&w=2 > > > > Could try replacing the bge with some cheap card, one that doesn't do > > cksum offloading ? > > If not, I'll check the driver to disable it this weekend. > > > > > > On 22 December 2011 21:32, Erling Westenvik <[email protected]> > > wrote: > > > On Thu, Dec 22, 2011 at 09:40:47AM +0100, Janne Johansson wrote: > > >> 2011/12/22 Erling Westenvik <[email protected]>: > > >> > Sorry for bumping this here @ misc when my question propably belong to > > >> > some OpenVPN forum, but it seems like no-one out there can say much on > > >> > OpenVPN issues that appears to be OpenBSD spesific. > > >> > > > >> > What puzzles me is that I cannot make the tun-interface show up in the > > >> > route table on the server: > > >> > > > >> > Destination Gateway Flags Refs Use Mtu Prio Iface > > >> > default AAA.BB.CCC.D UGS 3 1101 - 8 url0 > > >> > 127/8 127.0.0.1 UGRS 0 0 33196 8 lo0 > > >> > 127.0.0.1 127.0.0.1 UH 2 0 33196 4 lo0 > > >> > 192.168.2/24 link#5 UC 1 0 - 4 acx0 > > >> > 192.168.2.200 00:16:ea:b3:65:d0 UHLc 1 400 - 4 acx0 > > >> > 192.168.3/24 link#2 UC 2 0 - 4 bge0 > > >> > 192.168.3.106 00:1e:4f:95:19:1d UHLc 1 1582 - 4 bge0 > > >> > 192.168.3.200 fe:e1:ba:d7:c3:24 UHLc 0 28 - 4 bge0 > > >> > 193.90.160/20 link#6 UC 1 0 - 4 url0 > > >> > AAA.BB.CCC.D 00:90:1a:42:6d:81 UHLc 1 0 - 4 url0 > > >> > AAA.BB.CCC.DDD 127.0.0.1 UGHS 0 0 33196 8 lo0 > > >> > 224/4 127.0.0.1 URS 0 0 33196 8 lo0 > > >> > > > >> > /etc/hostname.tun0 <<< > > >> > link0 > > >> > up > > >> > !/usr/local/sbin/openvpn --config /etc/openvpn/server.conf > > >> >>>> > > >> > > > >> > /etc/hostname.bridge0 <<< > > >> > add bge0 > > >> > add acx0 > > >> > up > > >> >>>> > > >> > > >> What does ifconfig tun0 say? > > >> > > >> When I did openvpn before I mostly didn't start openvpn from the tun > > >> config file myself, but rather start openvpn and make that one bring > > >> up tuns for me, but I would assume that if the tunnel goes up and then > > >> down and if it takes the tun0 down until the tunnel can be taken up > > >> again, the network that tun0 belonged to would not show in the routing > > >> table until it gets back up again. Any interface that has an address > > >> and that is up would somehow make an entry in the routing tables. > > >> > > > > > > Thanks, but I gave up, re-installed OpenBSD 4.7 and now everything is > > > working. Beats me why but I'm pretty sure it had something to do with > > > routing when running OpenVPN in bridged mode. > > > > > > For identical configurations as far as pf-, tun-, bridge- and OpenVPN > > > files are concerned, this works: > > > > > > server: OpenBSD 4.7/OpenVPN 2.1.0 (using keys from 2.1.4) > > > client: OpenBSD 5.0/OpenVPN 2.1.4 > > > > > > while this don't: > > > > > > server: OpenBSD 5.0/OpenVPN 2.1.4 > > > client: OpenBSD 5.0/OpenVPN 2.1.4 > > > > > > I will try with OpenBSD 4.8 and 4.9 during the holidays. > > > > > > -- > > > Cheers, > > > Erling > > > > > -- > Cheers, > Erling > > -- In terra pax hommnibus bonae voluntatis
