[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: topology does work on mac osx with a manual work arround (was Re: [Openvpn-users] topology subnet 2.1beta7 mac osx - ifconfig: ioctl (SIOCAIFADDR): Destination address required

  • Subject: Re: topology does work on mac osx with a manual work arround (was Re: [Openvpn-users] topology subnet 2.1beta7 mac osx - ifconfig: ioctl (SIOCAIFADDR): Destination address required
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Thu, 1 Dec 2005 14:54:09 +0100 (CET)
On Thu, 1 Dec 2005, James Yonan wrote:

On Wed, 30 Nov 2005, Mathias Sundman wrote:

On Wed, 30 Nov 2005, Mathias Sundman wrote:

On Wed, 30 Nov 2005, Jon Bendtsen wrote:

Sundman from #openvpn had some suggestions and they appears to be working.
i had to remove the pull/client statement from the client.conf and run this
manually
	sudo ifconfig tun0 192.168.123.253/24 192.168.123.253
	sudo route add -net 192.168.123.0 192.168.123.253 255.255.255.0

It does work.
I can ping, and if i add a route to the network beyond the VPN network i
can
ping and surf on those hosts as well
	sudo route add -net 192.168.119.0 192.168.123.34 255.255.255.0

So topology does work on mac OSX. 

Alright Jon, try this patch and see if it helps...

It tries to use the following syntax for --dev tun --topology subnet on mac
OSX:

ifconfig tun0 192.168.123.253 192.168.123.253 netmask 255.255.255.0 mtu xxx
up

instead of previous
ifconfig tun0 192.168.123.253 netmask 255.255.255.0 mtu xxx up
that didn't work...


My last patch had a typo, attached is a working one. Jon has verified that
the patch does work on macOSX.

The tun interface now gets its IP and mask set, but to reach the whole
subnet assigned to the tun interface he still had to add a route as above:

route add -net 192.168.123.0 192.168.123.253 255.255.255.0

So, the question is, should we make OpenVPN always add a network route for
the "local network" assigned to the tun interface when in --dev tun,
--topology subnet mode on macOSX, or is it up to the user to push such a
route?

How does other OSs work? If we push such a route, we don't want to break
other OSs...


No, I don't think we should universally push a route, since that will
break platforms which don't need the extra route in the first place (like
Linux or Windows).

I think it would be better if the OpenVPN client generates the "route add"
by itself, on platforms where the tun/tap driver can't accept a netmask in
tun mode.

Okay, attached is a new patch that adds this route automatically. Could you please try it Jon.

James, now I simply called add_route() directly from do_ifconfig(). Perhaps you would have prefered to do the route addition at some other stage or just have added the route to the route add list instead.

--
_____________________________________________________________
Mathias Sundman                  (^)   ASCII Ribbon Campaign
OpenVPN GUI for Windows           X    NO HTML/RTF in e-mail
http://openvpn.se/               / \   NO Word docs in e-mail
diff -urN openvpn-2.1_beta7/route.c openvpn-2.1_beta7-macosx/route.c
--- openvpn-2.1_beta7/route.c	Fri Nov  4 00:03:38 2005
+++ openvpn-2.1_beta7-macosx/route.c	Thu Dec  1 14:29:10 2005
@@ -45,7 +45,6 @@
 
 #include "memdbg.h"
 
-static void add_route (struct route *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es);
 static void delete_route (const struct route *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es);
 static bool get_default_gateway (in_addr_t *ret);
 static void get_bypass_addresses (struct route_bypass *rb, const unsigned int flags);
@@ -741,7 +740,7 @@
     setenv_route (es, &rl->routes[i], i + 1);
 }
 
-static void
+void
 add_route (struct route *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
 {
   struct gc_arena gc;
diff -urN openvpn-2.1_beta7/route.h openvpn-2.1_beta7-macosx/route.h
--- openvpn-2.1_beta7/route.h	Fri Nov  4 00:03:38 2005
+++ openvpn-2.1_beta7-macosx/route.h	Thu Dec  1 14:46:33 2005
@@ -118,6 +118,8 @@
 
 struct route_list *new_route_list (struct gc_arena *a);
 
+void add_route (struct route *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es);
+
 void add_route_to_option_list (struct route_option_list *l,
 			       const char *network,
 			       const char *netmask,
diff -urN openvpn-2.1_beta7/tun.c openvpn-2.1_beta7-macosx/tun.c
--- openvpn-2.1_beta7/tun.c	Fri Nov  4 00:03:38 2005
+++ openvpn-2.1_beta7-macosx/tun.c	Thu Dec  1 14:42:30 2005
@@ -44,6 +44,7 @@
 #include "misc.h"
 #include "socket.h"
 #include "manage.h"
+#include "route.h"
 
 #include "memdbg.h"
 
@@ -746,17 +747,40 @@
 			  tun_mtu
 			  );
       else
-	openvpn_snprintf (command_line, sizeof (command_line),
-			  IFCONFIG_PATH " %s %s netmask %s mtu %d up",
-			  actual,
-			  ifconfig_local,
-			  ifconfig_remote_netmask,
-			  tun_mtu
-			  );
-
+        {
+          if (tt->topology == TOP_SUBNET)
+    	    openvpn_snprintf (command_line, sizeof (command_line),
+			      IFCONFIG_PATH " %s %s %s netmask %s mtu %d up",
+			      actual,
+			      ifconfig_local,
+			      ifconfig_local,
+			      ifconfig_remote_netmask,
+			      tun_mtu
+			      );
+	  else
+    	    openvpn_snprintf (command_line, sizeof (command_line),
+			      IFCONFIG_PATH " %s %s netmask %s mtu %d up",
+			      actual,
+			      ifconfig_local,
+			      ifconfig_remote_netmask,
+			      tun_mtu
+			      );
+	}
       msg (M_INFO, "%s", command_line);
       system_check (command_line, es, S_FATAL, "Mac OS X ifconfig failed");
       tt->did_ifconfig = true;
+
+      /* Add a network route for the local tun interface */
+      if (!tun && tt->topology == TOP_SUBNET)
+	{
+	  struct route r;
+	  CLEAR (r);
+	  r.defined = true;
+	  r.network = tt->local & tt->remote_netmask;
+	  r.netmask = tt->remote_netmask;
+	  r.gateway = tt->local;
+	  add_route (&r, tt, 0, es);
+	}
 
 #elif defined(TARGET_FREEBSD)