Created attachment 237439 [details] Shut off MTU increases if compiled on FreeBSD This may impact everyone -- not sure, so labeling it "affects some people." The vpnserver code attempts to use jumbo frames and, when it tries to send larger frames than the current MTU, attempts to set the interface MTU high enough to accommodate it. This occurs unless the interface was opened "Raw", which is only supported in the code on Linux; for all other BSD variants the assumption is made that the MTU can be raised high enough to allow a transmission to fit. That would seem to be wishful thinking and the code does indeed try to send data that won't fit in the default ethernet MTU. The result is a cascade of up/down events on the interface which never ends as the server will try to send something larger than even a typical jumbo frame capability (e.g. 8k) and when it does, it will continually bang on the MTU trying to raise it, logging each such event as well. The following couple-of-line patch shuts this off if the code is built on FreeBSD and stops that behavior. As near as I can tell this has no bad side effects but my work with the package is, thus far, quite rudimentary so further testing is likely called for before accepting this as a build-time patch to be applied. I've also reported this on the forum for the package itself here: https://www.vpnusers.com/viewtopic.php?f=7&t=67841
I will apply this after the issue is fixed upstream. No worries, I am also in the upstream GitHub.
(In reply to Koichiro Iwao from comment #1) Thank you; please update when appropriate as I would much prefer to build the nanobsd images I intend to use this with "native" rather than hacking a locally-changed copy of the binaries into the build.
(In reply to Koichiro Iwao from comment #1) I can confirm that this fix works in the v5 code as well as this one; I have it running here and have tested with certificate authentication against a Windows 11 client.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=a2224f647693714ea938138649f4c5d24627ae3e commit a2224f647693714ea938138649f4c5d24627ae3e Author: Koichiro Iwao <meta@FreeBSD.org> AuthorDate: 2022-11-23 14:43:55 +0000 Commit: Koichiro Iwao <meta@FreeBSD.org> CommitDate: 2022-11-23 15:09:23 +0000 security/softether5: backport some patches from upstream - Fix DNS resolution when no IPv6 address is configured on any interface [1] - Disable MTU changes to avoid frequent interface up/down [2] [1] https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1510 [2] https://github.com/SoftEtherVPN/SoftEtherVPN/issues/1677 Obtained from: https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1510 PR: 267178 security/softether5/Makefile | 6 ++++-- security/softether5/distinfo | 22 +++++++++++++--------- 2 files changed, 17 insertions(+), 11 deletions(-)
I applied a local patch to security/softether5 as it is an experimental port.
A commit in branch 2022Q4 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=6ca71fad79e016463b48b6945e00d7b0c9c42f11 commit 6ca71fad79e016463b48b6945e00d7b0c9c42f11 Author: Koichiro Iwao <meta@FreeBSD.org> AuthorDate: 2022-11-23 14:43:55 +0000 Commit: Koichiro Iwao <meta@FreeBSD.org> CommitDate: 2022-12-05 17:21:50 +0000 security/softether5: backport some patches from upstream - Fix DNS resolution when no IPv6 address is configured on any interface [1] - Disable MTU changes to avoid frequent interface up/down [2] [1] https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1510 [2] https://github.com/SoftEtherVPN/SoftEtherVPN/issues/1677 Obtained from: https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1510 PR: 267178 (cherry picked from commit a2224f647693714ea938138649f4c5d24627ae3e) security/softether5/Makefile | 6 ++++-- security/softether5/distinfo | 22 +++++++++++++--------- 2 files changed, 17 insertions(+), 11 deletions(-)
^Triage: this appears to have already been committed.