[Bug 248172] if_tuntap(4): OpenVPN configuring tun/tap devices ends up with IFDISABLED interfaces

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Jul 23 10:59:40 UTC 2020 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248172

--- Comment #19 from Gert Doering <gert at greenie.muc.de> ---
(In reply to Andrey V. Elsukov from comment #17)

Thanks for the explanation.

I wonder if there is an easy way to trace these scripts, to see when exactly
something was ifconfig'ed?

I've sprinkled the pccard_ether script with "logger" commands now, and I can
see that it will not touch the tun0 interface "if it is already up" (in
pccard_ether_start()).  In that case, I have no IFDISABLE.

If I do "ifconfig tun0 create" by hand, I see it enters quietstart, and I do
get IFDISABLE.

The added "logger" commands do modify the timing, so it's indeed a race
condition.  If I have no loggers in the script *before* the decisions about "is
this interface already up or not" are made, I can see it go to quietstart, and
OpenVPN and the kernel message confirm "now it's IFDISABLED".

Jul 23 12:50:09 fbsd-tc root[74575]: pccard_ether_start, ifn=tun0
Jul 23 12:50:09 fbsd-tc root[74579]: pccard_ether_start, quietstart
Jul 23 12:50:10 fbsd-tc kernel: nd6_dad_timer: cancel DAD on tun0 because of
ND6_IFF_IFDISABLED.


This is good news, actually, because it turns out to be "very likely not a
kernel bug".  Apologies for jumping to a conclusion here.

On the other hand it's bad news, because I do not know how to fix this "for
good".  If an OpenVPN user does not have IPv6 enabled on his regular LAN
interfaces, he might not have ipv6_activate_all_interfaces="YES" set.

Even for someone who *has* IPv6 active (like, me, on that test box) that
setting might not be set - because having "ifconfig_em0_ipv6" and
"ipv6_defaultrouter" are perfectly fine to get what I want ("a static v6
address + default route").

But they want IPv6 to work inside the tunnel, if their VPN server has working
v6 (it might be their only way to reach the IPv6 Internet).


So what should I do?  Stick to "sleep(1); ifconfig tun0 inet6 -ifdisabled"?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the freebsd-net mailing list