[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

Re: topology does work on mac osx with a manual work arround (wasRe: [Openvpn-users] topology subnet 2.1beta7 mac osx - ifconfig: ioctl (SIOCAIFADDR): Destination address required

Subject: Re: topology does work on mac osx with a manual work arround (wasRe: [Openvpn-users] topology subnet 2.1beta7 mac osx - ifconfig: ioctl (SIOCAIFADDR): Destination address required
From: Mathias Sundman <mathias@xxxxxxxxxx>
Date: Mon, 5 Dec 2005 10:21:54 +0100 (CET)

On Sun, 4 Dec 2005, James Yonan wrote:

On Fri, 2 Dec 2005, Mathias Sundman wrote:

On Thu, 1 Dec 2005, Jon Bendtsen wrote:

However, if i ping a unused IP address i get this:
tcpdump: 16:00:39.564517 IP 192.168.123.34 > 192.168.123.36: icmp 92:
redirect 192.168.123.39 to host 192.168.123.39
PING 192.168.123.39 (192.168.123.39): 56 data bytes
92 bytes from 192.168.123.34: Redirect Host(New addr: 192.168.123.39)


When you, the OpenVPN client sends a ping to an unused IP in the subnet
assigned to your tun interface, this will, according to your route, be
sent out on your tun interface.

This will be recieved by the OpenVPN server which sees a ping packet with
a dest IP that is unknown for OpenVPN. So what happends then? It´s no
ethernet interface so we can´t broadcast any arp request. So, as I see it
we can do 3 things.

1) Drop the packet.
2) Send it down to the kernel on the server via the tun interface.
3) Broadcast the packet to all clients (including the server itself).
...
One thought I have is, what if we do 1 instead, we drop packets destinated
for unknown IPs (for --dev tun, --topology subnet mode). It is a tun
interface so it´s not supposed to be bridged with any other networks, so
OpenVPN should know about all IP addresses that are in use already, right?

I agree that the packets should be dropped.

Alright, great, then we´re on the same page. Unfortunally I havn´t spent much time looking at the packet handling code in OpenVPN so I feel a little lost there. Would you mind fixing this (no rush I guess as the current behavior shouldn´t break anything)? If not, I could have a look at it some rainy day but make no promises...

--
_____________________________________________________________
Mathias Sundman                  (^)   ASCII Ribbon Campaign
OpenVPN GUI for Windows           X    NO HTML/RTF in e-mail
http://openvpn.se/               / \   NO Word docs in e-mail

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-12/msg00079.html on line 210

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-12/msg00079.html on line 210