Include the FreeBSD net/vether-kmod port

[lmoorez]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [Y] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [Y] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Is your feature request related to a problem? Please describe.

No, it isn't related to a problem, just aesthetics.

When connecting a DSL modem, or other type of device, to the system it would be preferable to assign an IP address to a virtual Ethernet interface and apply firewall rules to it in order to access the modem's management interface.

I want to keep my bridge interfaces unnumbered.

Describe the solution you like

Include the FreeBSD port net/vether-kmod and ability to configure the interface in the Web GUI.

Describe alternatives you considered

The tap(4) interface is not listed as a manageable interface and appears to only be used by OpenVPN.

To test, I have manually added a tap interface on my system and added it to the bridge and confirmed the route exists but I don't seem to be able to send any packets out of the interface:

tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80000
ether 58:9c:fc:10:ff:84
inet 192.168.5.12 netmask 0xffffff00 broadcast 192.168.5.255
groups: tap
media: Ethernet 1000baseT
status: no carrier
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: OPT1 (opt1)
options=0
ether 58:9c:fc:10:ff:cf
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 17 priority 128 path cost 2000000
member: re0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 5 priority 128 path cost 20000
groups: bridge
nd6 options=9<PERFORMNUD,IFDISABLED>

Routing tables

Internet:
Destination Gateway Flags Netif Expire
192.168.0.0/16 link#7 USB lo0
192.168.5.0/24 link#17 U tap0
192.168.5.12 link#7 UHS lo0

Name Mtu Network Address Ipkts Ierrs Idrop Opkts Oerrs Coll
bridge0 1500 <Link#15> 58:9c:fc:10:ff:cf 135759 0 0 51389758 0 0
tap0 1500 <Link#17> 58:9c:fc:10:ff:84 0 0 0 0 4 0
tap0 - 192.168.5.0/24 192.168.5.12 0 - - 0 - -

PING 192.168.5.3 (192.168.5.3): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host

Additional context

I tested the vether interface some years ago on FreeBSD and it worked. This was prior to installing OPNsense. Prior to that I used vether on OpenBSD.

[fichtner]

I'll take a look but no promises

Cheers,
Franco

[lmoorez]

Okay, thank you.

I see there was a suggestion for vether in February 2016.

Cheers,

Larry.

[fichtner]

Could be. The port appeared in 2018 and is currently broken for FreeBSD 15, see freebsd/freebsd-ports@1ec2434bad7 sooo that would be a "no" at the moment since not dependable going forward

[lmoorez]

Thank you Franco for looking at it.

I'll keep an eye on the port.

Cheers,

Larry.

[fichtner]

Hey Larry,

We can keep this ticket open for a while. Theoretically the build error is the usual ifnet stuff FreeBSD 15 changed inside the kernel (different visibility only, not really any changes that make it outright incompatible) so there is hope someone may fix it.

Cheers,
Franco

[lmoorez]

Hi Franco,

I don't know if you saw this earlier - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288458

Hopefully it will make it into the FreeBSD build soon.

[fichtner]

Hi Larry,

Doesn't look like any progress over there. Asking on a closed ticket is probably also not helpful. Best way to ask for direction is open a new one there I guess.

Cheers,
Franco