[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 tunneling
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 tunneling"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 tunneling"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 tunneling"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 tunneling"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 tunneling"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 tunneling"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 tunneling"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 tunneling"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 tunneling"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 Traffic Class for tunneled packets"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 Traffic Class for tunneled packets"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 Traffic Class for tunneled packets"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 Traffic Class for tunneled packets"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 Traffic Class for tunneled packets"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 Traffic Class for tunneled packets"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 Traffic Class for tunneled packets"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 25 Sep 2022 11:33:44 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266598
Bug ID: 266598
Summary: if_ovpn(4) DCO module not supporting correctly IPv6
tunneling
Product: Base System
Version: CURRENT
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs@FreeBSD.org
Reporter: zarychtam@plan-b.pwste.edu.pl
Created attachment 236804
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=236804&action=edit
Traffic sniffed at DCO side
In the beginning, let me thank and express my sincere appreciation to anyone
involved in creating if_ovpn.ko and updating security/openvpn-devel with regard
to testing DCO support, especially kp@, cron2 and mandree@.
I have spent some time this weekend testing this and found two flaws in
tunneling IPv6 traffic when DCO is used. After reverting to standard tun(4),
everything works as expected.
1. I am not able to establish an ssh session using IPv6 over the tunnel. It
looks like a problem with large TCP segments, known ie. when MTU discovery
fails.
2. Sniffing traffic with tcpdump(1) on tun(4), when observed at DCO endpoint,
reveals only packets originating from the tunnel are visible, not ones sent
over the tunnel.
In the attached files, the IPv6 address 2001:db8:1:c0:2::1 belongs to a FreeBSD
client with DCO enabled.
--
You are receiving this mail because:
You are the assignee for the bug.