Hello, After last changes to tun device in stable/12, security/vpnc is unable to destroy its tun device on exit. service vpnc stop leaves ifconfig tun0 destroy process in D state. Manual attempt to destroy tun device hangs as well. Reverting if_tun.c back to r345285 restores expected behavior. This looks similar to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238500 Thank you, Hrant
Created attachment 208067 [details] svn(1) diff against the ports tree Hi, Please try the attached patch- it had the same issue as net/ocserv in that the forked child didn't do the tunnel hand-off properly. Thanks, Kyle Evans
Indeed, the patch works. Thank you, Kyle!
This might fix it for people running stable/12 but will break it for everyone on a lower version. There should be at least some version handling in the code. Can you pinpoint the change that caused the breakage? https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/versions-12.html
No, there should be no breakage. TUNSIFPID has existed for about 20 years and is technically how this should have happened all along. It will do no harm in earlier branches (except now ifconfig output will now reflect actual pid using the tunnel)
Unfortunately I do not have any accounts to test this with. I've just released maintainership of this port. Assign bug back to queue.
Hi Kyle Evans, I had the same problem. Couldn't destroy the tunnel interface, and everytime I re-started vpnc it would increment a new tunnel name (tun4, tun5, tun6 etc...). This would break my firewall and nat rules. I have confirmed this patch works on my custom setup on OpnSense running the following: OPNsense 19.7.4_1-amd64 FreeBSD 11.2-RELEASE-p14-HBSD OpenSSL 1.0.2s 28 May 2019 Thanks! Jesse
I guess I'm taking it, now that it's unmaintained. =-) I did relax the misbehavior in head because software's not quite ready for it. I'd still like to commit this, because I turned it into a syslog message nagging that the tun was ultimately closed by not-the-controller.
(In reply to Kyle Evans from comment #7) Hi Kyle, Is there a reason why this fix hasn't been released to ports? https://www.freshports.org/security/vpnc We are still seeing the issue and the old version on ports (v0.5.3_13). How can I help? Thanks, Jesse
(In reply to Jesse Espinoza from comment #8) Hmm... sorry about that, I didn't realize the strict behavior had made it into 11.3, so it's only fixed on stable branches and head/ -- thus, I dropped the ball. =-( I'll poke some ports people to see if I can get it approved or committed.
A commit references this bug: Author: swills Date: Mon Dec 16 16:28:33 UTC 2019 New revision: 520267 URL: https://svnweb.freebsd.org/changeset/ports/520267 Log: security/vpnc: fix issue with destroying tun device on exit While here, improve formatting and regenerate patches PR: 241039 Submitted by: kevans Reported by: Hrant Dadivanyan <hrant@dadivanyan.net> Changes: head/security/vpnc/Makefile head/security/vpnc/files/patch-Makefile head/security/vpnc/files/patch-config.c head/security/vpnc/files/patch-sysdep.c head/security/vpnc/files/patch-sysdep.h head/security/vpnc/files/patch-tunip.c head/security/vpnc/files/patch-vpnc-script.in head/security/vpnc/files/patch-vpnc.c
Committed, thanks!