diff options
| author | Matthias Andree <mandree@FreeBSD.org> | 2015-05-22 21:39:37 +0000 |
|---|---|---|
| committer | Matthias Andree <mandree@FreeBSD.org> | 2015-05-22 21:39:37 +0000 |
| commit | 3fe47d4c210b332a4829d6b72f6383e577bd766f (patch) | |
| tree | 2f5e095d7b6d3119952be108196ca85f7cdfcd7a /security/openvpn/files | |
| parent | Remove $FreeBSD$ from patches files everywhere. (diff) | |
Add experimental patch by Gert Döring to fix PR #194745.
Must be enabled through the options framework ("make config").
PR: 194745
Diffstat (limited to 'security/openvpn/files')
| -rw-r--r-- | security/openvpn/files/EF-subnet.patch | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/security/openvpn/files/EF-subnet.patch b/security/openvpn/files/EF-subnet.patch new file mode 100644 index 000000000000..82b48c5081dc --- /dev/null +++ b/security/openvpn/files/EF-subnet.patch @@ -0,0 +1,63 @@ +From b8f70b0f25c44e6d6a17b9f76756de87146a55d9 Mon Sep 17 00:00:00 2001 +From: Gert Doering <gert@greenie.muc.de> +Date: Sun, 26 Apr 2015 18:16:39 +0200 +Subject: [PATCH] Fix FreeBSD ifconfig for topology subnet tunnels. + +For "topology subnet", we only pretend to have a subnet and keep +using the tun if in point-to-point mode - but for that to fully +work, the "remote" address needs to be different from the "local" +address. So just arbitrarily construct one from the on-link +subnet - base+1, if "that is not us", base+2, otherwise. + +Fix trac #481 + +Signed-off-by: Gert Doering <gert@greenie.muc.de> +--- + src/openvpn/tun.c | 24 +++++++++++++++++++++++- + 1 file changed, 23 insertions(+), 1 deletion(-) + +diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c +index 11a6d71..aa7a9f0 100644 +--- a/src/openvpn/tun.c ++++ b/src/openvpn/tun.c +@@ -626,6 +626,28 @@ void delete_route_connected_v6_net(struct tuntap * tt, + } + #endif + ++#if defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY) ++/* we can't use true subnet mode on tun on all platforms, as that ++ * conflicts with IPv6 (wants to use ND then, which we don't do), ++ * but the OSes want "a remote address that is different from ours" ++ * - so we construct one, normally the first in the subnet, but if ++ * this is the same as ours, use the second one. ++ * The actual address does not matter at all, as the tun interface ++ * is still point to point and no layer 2 resolution is done... ++ */ ++ ++char * ++create_arbitrary_remote( struct tuntap *tt, struct gc_arena * gc ) ++{ ++ in_addr_t remote; ++ ++ remote = (tt->local & tt->remote_netmask) +1; ++ ++ if ( remote == tt->local ) remote ++; ++ ++ return print_in_addr_t (remote, 0, &gc); ++} ++#endif + + /* execute the ifconfig command through the shell */ + void +@@ -1150,7 +1172,7 @@ do_ifconfig (struct tuntap *tt, + IFCONFIG_PATH, + actual, + ifconfig_local, +- ifconfig_local, ++ create_arbitrary_remote( tt, &gc ), + tun_mtu, + ifconfig_remote_netmask + ); +-- +2.2.2 + |