278295 – add net 128.0.0.0: gateway 10.8.1.1 fib 1: Invalid argument

Bug 278295 - add net 128.0.0.0: gateway 10.8.1.1 fib 1: Invalid argument

Summary: add net 128.0.0.0: gateway 10.8.1.1 fib 1: Invalid argument

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	14.0-RELEASE
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:	regression

Depends on:
Blocks:

Reported:	2024-04-10 21:29 UTC by cnbatch
Modified:	2024-05-05 11:30 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description cnbatch 2024-04-10 21:29:25 UTC

I was trying to make a OpenVPN connection with command

'setfib 1 openvpn connect_to_server.ovpn'

and got these errors:
add net 0.0.0.0: gateway 10.8.3.1 fib 1: Invalid argument
add net 128.0.0.0: gateway 10.8.3.1 fib 1: Invalid argument

If I add these routes in console, still got the same error messages.


But the connect command was success on FIB 0:

'openvpn myconnection.ovpn'

or

'setfib 0 openvpn myconnection.ovpn'

can connect to target server successfully.

I've already set 'net.fib=2' in /boot/loader.conf

Command 'set fib 1 netstat -rn' can return routing table successfully.


And I found this thread on freebsd forums:
https://forums.freebsd.org/threads/freebsd-14-and-route-in-non-zero-fib.91099/

The OP said it worked in 13.2.

Comment 1 cnbatch 2024-05-02 16:30:36 UTC

I've found the problem.

When OpenVPN establishes a connection, it creates the tun0 interface and assigns an address to it. When running OpenVPN with setfib, the address assigned to tun0 appears in fib0 instead of fib 1. That's why subsequent routing entries all fail to add.

I tried manually creating the tun interface, and I reached the same conclusion:
	
'setfib 1 ifconfig tun create'
'setfib 1 ifconfig tun0 inet 10.100.0.2 10.100.0.1 netmask 255.255.255.0 mtu 1500 up'

Then running:

'netstat -rn'
'setfib 1 netstat -rn'

The output shows that the address of tun0 is assigned to fib 0 instead of fib 1.

If after running the command
'setfib 1 openvpn connect_to_server.ovpn'
I manually add the IP address of tun0 to fib 1, then followed by 'route add' commands, which would originally fail:

'setfib 1 route add -net 0.0.0.0 10.100.0.1 128.0.0.0'
'setfib 1 route add -net 128.0.0.0 10.100.0.1 128.0.0.0'

no longer result in errors and are successfully added to fib 1.

It seems like it might be a bug in ifconfig.

Comment 2 cnbatch 2024-05-05 11:30:01 UTC

Tested on the 13.2-RELEASE (n254617-525ecfdad597) and 13.2-RELEASE-p11, ifconfig also has the same bug, it still sets the IP address to fib 0 instead of fib 1

And then the 'route' command prints different error messages when OpenVPN is trying to add routes:

add net 0.0.0.0: gateway 10.100.0.1 fib 1: Network is unreachable
add net 128.0.0.0: gateway 10.100.0.1 fib 1: Network is unreachable