Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dco doesn't load, missing "topology subnet" #342

Open
thomasschaeferm opened this issue May 25, 2023 · 3 comments
Open

dco doesn't load, missing "topology subnet" #342

thomasschaeferm opened this issue May 25, 2023 · 3 comments
Assignees
@ordex
Labels
bug DCO

Comments

@thomasschaeferm
Copy link

thomasschaeferm commented May 25, 2023
edited

I use openvpn with IPv6-only (transport and payload).
I want to use dco, but it complains about "topology subnet".
The whole error message is:

May 25 09:19:17 raspberrypi kernel: OpenVPN data channel offload (ovpn-dco) 0.2.20230426 -- (C) 2020-2023 OpenVPN, Inc.
May 25 09:19:31 raspberrypi openvpn[13706]: Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
May 25 09:19:31 raspberrypi openvpn[13706]: Note: NOT using '--topology subnet' disables data channel offload.
May 25 09:19:31 raspberrypi openvpn[13706]: OpenVPN 2.6.4 armv7l-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] [DCO]
May 25 09:19:31 raspberrypi openvpn[13706]: library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10
May 25 09:19:31 raspberrypi openvpn[13706]: DCO version: 0.2.20230426
May 25 09:19:31 raspberrypi openvpn[13707]: net_route_v4_best_gw query: dst 0.0.0.0
May 25 09:19:31 raspberrypi openvpn[13707]: net_route_v4_best_gw result: via 0.0.0.0 dev
May 25 09:19:31 raspberrypi openvpn[13707]: Diffie-Hellman initialized with 2048 bit key
May 25 09:19:32 raspberrypi openvpn[13707]: TUN/TAP device tun0 opened
May 25 09:19:32 raspberrypi openvpn[13707]: net_iface_mtu_set: mtu 1500 for tun0
May 25 09:19:32 raspberrypi openvpn[13707]: net_iface_up: set tun0 up
May 25 09:19:32 raspberrypi openvpn[13707]: net_addr_v6_add: 2001:a61:XXXX:XXXX::1:2/112 dev tun0
May 25 09:19:32 raspberrypi openvpn[13707]: Socket Buffers: R=[131072->131072] S=[16384->16384]
May 25 09:19:32 raspberrypi openvpn[13707]: setsockopt(IPV6_V6ONLY=0)
May 25 09:19:32 raspberrypi openvpn[13707]: Listening for incoming TCP connection on [AF_INET6][undef]:1194
May 25 09:19:32 raspberrypi openvpn[13707]: TCPv6_SERVER link local (bound): [AF_INET6][undef]:1194
May 25 09:19:32 raspberrypi openvpn[13707]: TCPv6_SERVER link remote: [AF_UNSPEC]
May 25 09:19:32 raspberrypi openvpn[13707]: MULTI: multi_init called, r=256 v=256

topology option should not be necessary for ipv6.
@ordex
Copy link
Member

ordex commented May 25, 2023

thanks for reporting - indeed the topology should matter only if an IPv4 was configured.

@ordex ordex self-assigned this May 25, 2023
@schwabe
Copy link
Contributor

schwabe commented May 25, 2023

Interfaces are configured differently depending on the subnet. I.e. broadcast/multicast flags on the tun interface. How much impact that has needs further investigation.

@cron2
Copy link
Contributor

cron2 commented Jul 18, 2023

So, IPv6 always uses subnets, and never p2p mode. But depending on IPv4 topology, the tun interface might still be in p2p mode, confusing DCO (at least on FreeBSD).

So I think the safest approach here would be "if there is no topology in the config and no IPv4 ifconfig either, then just auto-configure topology subnet". And do not annoy IPv6 people with IPv4 archeology.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ordex ordex

Labels
bug DCO
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@schwabe @ordex @cron2 @thomasschaeferm