Message ID | 1453317725-93230-2-git-send-email-openwrt@daniel.thecshore.com |
---|---|
State | Deferred |
Delegated to: | Felix Fietkau |
Headers | show |
On 2016-01-20 20:22, openwrt@daniel.thecshore.com wrote: > From: Daniel Dickinson <openwrt@daniel.thecshore.com> > > NB: Only compile tested. > > Stop depending on ifconfig/route and use busybox (or real) > iproute2 utility instead. Depend on virtual ip package provided > by previous commit so as not to force a particular version of > the ip command. > > Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com> I'll wait until somebody has properly tested this. - Felix
On 21/01/16 02:31 PM, Felix Fietkau wrote: > On 2016-01-20 20:22, openwrt@daniel.thecshore.com wrote: >> From: Daniel Dickinson <openwrt@daniel.thecshore.com> >> >> NB: Only compile tested. Based on live testing it appears that openvpn upstream does not work properly at least with the busybox ip applet, but likely also with full iproute2 due to race condition (tun device goes away before ip command runs and sets up networking). Regards, Daniel >> >> Stop depending on ifconfig/route and use busybox (or real) >> iproute2 utility instead. Depend on virtual ip package provided >> by previous commit so as not to force a particular version of >> the ip command. >> >> Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com> > I'll wait until somebody has properly tested this. > > - Felix >
Hi, On Sun, Jan 31, 2016 at 03:49:58PM -0800, Daniel Dickinson wrote: > On 21/01/16 02:31 PM, Felix Fietkau wrote: > > On 2016-01-20 20:22, openwrt@daniel.thecshore.com wrote: > >> From: Daniel Dickinson <openwrt@daniel.thecshore.com> > >> > >> NB: Only compile tested. > > Based on live testing it appears that openvpn upstream does not work > properly at least with the busybox ip applet, but likely also with full > iproute2 due to race condition (tun device goes away before ip command > runs and sets up networking). That would surprise me a bit... can I have the openvpn log for that race condition? Is this something special in OpenWRT? Normally, the tun device can never "go away" unless OpenVPN tells it to - and if we do that, we do not call ip/ifconfig on it afterwards. (Also, for the busybox ip applet, our use of ip is not exactly esoteric - setup ipv4/ipv6 addresses on tun if, add ipv4/ipv6 routes) gert, openvpn upstream
On 01/02/16 02:57 AM, Gert Doering wrote: > Hi, > > On Sun, Jan 31, 2016 at 03:49:58PM -0800, Daniel Dickinson wrote: >> On 21/01/16 02:31 PM, Felix Fietkau wrote: >>> On 2016-01-20 20:22, openwrt@daniel.thecshore.com wrote: >>>> From: Daniel Dickinson <openwrt@daniel.thecshore.com> >>>> >>>> NB: Only compile tested. >> >> Based on live testing it appears that openvpn upstream does not work >> properly at least with the busybox ip applet, but likely also with full >> iproute2 due to race condition (tun device goes away before ip command >> runs and sets up networking). > > That would surprise me a bit... can I have the openvpn log for that race > condition? Is this something special in OpenWRT? Normally, the tun device > can never "go away" unless OpenVPN tells it to - and if we do that, we do > not call ip/ifconfig on it afterwards. I'll have to set up a test environment to replicate the situation because I removed the offending compile in order to get things working. However while the tun device was clearly not present I am wondering if the problem was not that it went away but that it wasn't accessible yet when the ip command was run (i.e. the opposite to what I initially assumed (which is that ip was too late and a timeout had occurred)). I didn't recall seeing anything about either bringing up or tearing down the tun device at the log level I was on (I think verbosity 3). Regards, Daniel > > (Also, for the busybox ip applet, our use of ip is not exactly esoteric - > setup ipv4/ipv6 addresses on tun if, add ipv4/ipv6 routes) > > gert, > openvpn upstream >
diff --git a/package/network/services/openvpn/Config-nossl.in b/package/network/services/openvpn/Config-nossl.in index 3eaa228..24dbb03 100644 --- a/package/network/services/openvpn/Config-nossl.in +++ b/package/network/services/openvpn/Config-nossl.in @@ -40,10 +40,6 @@ config OPENVPN_nossl_ENABLE_PF bool "Enable internal packet filter" default y -config OPENVPN_nossl_ENABLE_IPROUTE2 - bool "Enable support for iproute2" - default n - config OPENVPN_nossl_ENABLE_SMALL bool "Enable size optimization" default y diff --git a/package/network/services/openvpn/Config-openssl.in b/package/network/services/openvpn/Config-openssl.in index ac4c774..c7bd308 100644 --- a/package/network/services/openvpn/Config-openssl.in +++ b/package/network/services/openvpn/Config-openssl.in @@ -52,10 +52,6 @@ config OPENVPN_openssl_ENABLE_PF bool "Enable internal packet filter" default y -config OPENVPN_openssl_ENABLE_IPROUTE2 - bool "Enable support for iproute2" - default n - config OPENVPN_openssl_ENABLE_SMALL bool "Enable size optimization" default y diff --git a/package/network/services/openvpn/Config-polarssl.in b/package/network/services/openvpn/Config-polarssl.in index 26692ce..501e0f3 100644 --- a/package/network/services/openvpn/Config-polarssl.in +++ b/package/network/services/openvpn/Config-polarssl.in @@ -52,10 +52,6 @@ config OPENVPN_polarssl_ENABLE_PF bool "Enable internal packet filter" default y -config OPENVPN_polarssl_ENABLE_IPROUTE2 - bool "Enable support for iproute2" - default n - config OPENVPN_polarssl_ENABLE_SMALL bool "Enable size optimization" default y diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile index 6c68b49..8edf97a 100644 --- a/package/network/services/openvpn/Makefile +++ b/package/network/services/openvpn/Makefile @@ -32,7 +32,7 @@ define Package/openvpn/Default URL:=http://openvpn.net SUBMENU:=VPN MENU:=1 - DEPENDS:=+kmod-tun +OPENVPN_$(1)_ENABLE_LZO:liblzo +OPENVPN_$(1)_ENABLE_IPROUTE2:ip $(3) + DEPENDS:=+kmod-tun +OPENVPN_$(1)_ENABLE_LZO:liblzo $(3) +ip VARIANT:=$(1) MAINTAINER:=Mirko Vogt <mirko@openwrt.org> endef @@ -42,6 +42,8 @@ Package/openvpn-polarssl=$(call Package/openvpn/Default,polarssl,PolarSSL,+libpo Package/openvpn-nossl=$(call Package/openvpn/Default,nossl,plaintext (no SSL)) define Package/openvpn/config/Default + select PACKAGE_ip if !BUSYBOX_DEFAULT_IP + source "$(SOURCE)/Config-$(1).in" endef @@ -60,8 +62,6 @@ CONFIG_OPENVPN_NOSSL:=y endif CONFIGURE_VARS += \ - IFCONFIG=/sbin/ifconfig \ - ROUTE=/sbin/route \ IPROUTE=/sbin/ip \ NETSTAT=/sbin/netstat