[Bug 286263] ovpn(4) DCO module requires legacy IP support

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 286263] ovpn(4) DCO module requires legacy IP support"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 26 Apr 2025 18:14:48 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286263

--- Comment #1 from Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> ---
It looks more like OpenVPN issue, not ovpn(4) module problem. For unknown
reasons, Opnvpn disables DCO for the connection. Here's the difference between
the sessions initiated from the dual-stack-capable kernel and an INET6-only
kernel:

50c50
<   tuntap_options.disable_dco = ENABLED
---
>   tuntap_options.disable_dco = DISABLED
107c107
<   comp.flags = 24
---
>   comp.flags = 152
298c298
< DCO version: FreeBSD 14.3-PRERELEASE #6 (...)MINTAKA6ONLY
---
> DCO version: FreeBSD 14.3-PRERELEASE #24 (...)MINTAKA
335c335
< TUN/TAP device /dev/tun0 opened
---
> DCO device tun0 opened
349,350d348
< Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
< Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
365c363
< Closing TUN/TAP interface
---
> Closing DCO interface

-- 
You are receiving this mail because:
You are the assignee for the bug.