[Bug 273664] ovpn(4) DCO module doesn't support "multihome" option

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273664] ovpn(4) DCO module doesn't support "multihome" option"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273664] ovpn(4) DCO module doesn't support "multihome" option"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273664] ovpn(4) DCO module doesn't support "multihome" option"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273664] ovpn(4) DCO module doesn't support "multihome" option"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273664] ovpn(4) DCO module doesn't support "multihome" option"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273664] ovpn(4) DCO module doesn't support "multihome" option"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273664] ovpn(4) DCO module doesn't support "multihome" option"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273664] ovpn(4) DCO module doesn't support "multihome" option"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273664] ovpn(4) DCO module doesn't support "multihome" option"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273664] ovpn(4) DCO module doesn't support "multihome" option"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273664] ovpn(4) DCO module doesn't support "multihome" option"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273664] ovpn(4) DCO module doesn't support "multihome" option"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273664] ovpn(4) DCO module doesn't support "multihome" option"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273664] ovpn(4) DCO module doesn't support "multihome" option"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 09 Sep 2023 21:51:00 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273664

            Bug ID: 273664
           Summary: ovpn(4) DCO module doesn't support "multihome" option
           Product: Base System
           Version: 14.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: zarychtam@plan-b.pwste.edu.pl

For a longer period of time, we have security/openvpn deployed with a
"multihome" runtime option for failover and redundancy. With one[1] simple PF
rule redundancy is achieved. The tun(4) driver supports this mode still fine in
stable/14, whilst ovpn(4) can also send and receive unencrypted packets on the
LAN side, the encrypted ones don't show up on the right interface. They appear
on the main interface instead of $backup_if and thus the rule[1] is silently
ignored.

[1] pass in quick on $backup_if reply-to ($backup_if $backup_gw) proto udp to
($backup_if) port $ovpnport

-- 
You are receiving this mail because:
You are the assignee for the bug.