After the upgrade to 11.0-RELEASE my openvpn setup seems to be broken.
I'm using OpenVPN with the topology subnet config directive, which should make it possible for clients to ping each other. My setup worked fine in 10.2-RELEASE. The first client can connect and send traffic. Subsequent client can connect, but not send traffic.
Looks like the problem is the misconfiguration of the tunnel interface by openvpn. The tunnel is configured as a PtP connection between two ip's. While in topology subnet mode, this should not happen.
Server Config file:
I'm using OpenVPN with the topology subnet config directive, which should make it possible for clients to ping each other. My setup worked fine in 10.2-RELEASE. The first client can connect and send traffic. Subsequent client can connect, but not send traffic.
Looks like the problem is the misconfiguration of the tunnel interface by openvpn. The tunnel is configured as a PtP connection between two ip's. While in topology subnet mode, this should not happen.
Code:
root@troopy:~ # ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet6 fe80::d0fe:8c25:1941:a1c3%tun0 prefixlen 64 scopeid 0x4
inet 172.16.11.1 --> 172.16.11.2 netmask 0xffffff00
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: tun
Opened by PID 900
Server Config file:
Code:
port 1194
proto udp
dev tun
ca ca.crt
cert troopy.crt
key troopy.key
dh dh1024.pem
server 172.16.11.0 255.255.255.0
topology subnet
ifconfig-pool-persist ipp.txt
keepalive 30 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
Code:
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 185.x.24.21 UGS vtnet0
127.0.0.1 link#2 UH lo0
172.16.11.0/24 172.16.11.1 UGS lo0
172.16.11.1 link#4 UHS lo0
172.16.11.2 link#4 UH tun0
185.x.24.0/24 link#1 U vtnet0
185.x.24.21 link#1 UHS lo0
Code:
root@troopy:~ # openvpn --version
OpenVPN 2.3.12 amd64-portbld-freebsd11.0 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Oct 5 2016
library versions: OpenSSL 1.0.2j-freebsd 26 Sep 2016, LZO 2.09