Notes on ocserv (0.11.3) compatibility with FreeBSD 10.2/10.3
jvi
v8kjvi0j6 at gmail.com
Wed Jun 29 13:14:02 PDT 2016
In a nutshell: Everything works fine with exception of IPv6. Some
things require some tuning but are doable.
1) IPv6
ocserv is not able to assign a IPv6 address to a tun device. Trying to
do so ends up in an error (described in another thread from this
month). Perhaps somebody with proper experience with FreeBSD
networking code could look at that and patch it. Surely this is just a
matter of time.
Workaround: None/unknown
2) Routes
ocserv accepts only the most crude and basic route definitions (route
= "") from the configuration file. Any more details and complicated
syntax is either ignored or ends up as an error. Perhaps ocserv could
simply set whatever is defined through route = "" option instead of
trying to process and check its syntax? That would do it. Leave making
sure route definitions are correct to the user.
Workaround: Custom/advanced routes can be set through a connect script
(connect-script = "")
3) Support for multiple routing tables
There is none. At the core of FreeBSD routing lays multi-fib
management, especially if there are several jails involved. Preparing
ocserv for it should be fairly simple. Hence ocserv could get its on
routing table(s) separated from the system default/any other routing
table, perhaps even one for each user; for convenience, safety and
foolproofing, which would be a brilliant feature.
Workaround: Custom routing tables can be assigned to tun devices
through a connect script (connect-script = "")
Thanks,
jvi
More information about the openconnect-devel
mailing list