FreeBSD: for topology subnet, put tun interface into IFF_BROADCAST mode

For reasons unknown, OpenVPN has always put FreeBSD tun(4) interfaces
into point-to-point mode (IFF_POINTOPOINT), which means "local and
remote address, no on-link subnet".

"--topology subnet" was emulated by adding a subnet-route to the "remote"
(which was just picking a free address from the subnet).

This works well enough for classic tun(4) interfaces that have no
next-hop resolution, and routes pointing to "that fake remote" only
(because all routing is done inside OpenVPN and it does not matter how
packets get there) - but for ovpn(4) interfaces, it breaks iroute setup,
where the route next-hop must be an on-link address.

Thus, change interface to IFF_BROADCAST mode, and get rid of all the
special code needed to "fake" subnet mode.

Tested with tun(4) and ovpn(4) on FreeBSD 14, client and server, and
with tun(4) on FreeBSD 12 and 7.4

To actually work with ovpn(4) / FreeBSD DCO, a followup patch for
kernel ovpn(4) and OpenVPN dco_freebsd.c is needed.

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Kristof Provost <kprovost@netgate.com>
Message-Id: <20221012145915.25810-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25396.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

1 files changed, 5 insertions, 0 deletions

diff --git a/Changes.rst b/Changes.rst
index dfe5bf0..fc5a1a8 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -169,6 +169,11 @@ User-visible Changes
   been changed to "restart on reception of explicit-exit-notify message".
   If the old behaviour is still desired, ``--remap-usr1 SIGTERM`` can be used.
 
+- FreeBSD tun interfaces with ``--topology subnet`` are now put into real
+  subnet mode (IFF_BROADCAST instead of IFF_POINTOPOINT) - this might upset
+  software that enumerates interfaces, looking for "broadcast capable?" and
+  expecting certain results.  Normal uses should not see any difference.
+
 
 Overview of changes in 2.5
 ==========================