Bug #1525
closedOpenVPN passtos does not work
0%
Description
I set up an OpenVPN tunnel, everthings works fine but if I try to use the passtos option of OpenVPN, the TOS Bits are not copied to the tunnel packets. See the trace below:
2 ICMP packets on the LAN interface (local net is 192.168.96.0/24) with TOS=0x5:
13:45:18.455786 IP (tos 0x5,ECT, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 128)
192.168.96.11 > 172.27.1.13: ICMP echo request, id 3732, seq 46, length 108
13:45:19.457209 IP (tos 0x5,ECT, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 128)
192.168.96.11 > 172.27.1.13: ICMP echo request, id 3732, seq 47, length 108
are transfered via these two openvpn tunnel packets:
13:45:18.456172 IP (tos 0x0, ttl 64, id 3976, offset 0, flags [none], proto UDP (17), length 209, bad cksum 0 (>5183)!)>8bb3)!)
172.22.23.128.44238 > 85.182.xxx.xxx.11946: UDP, length 181
13:45:19.457600 IP (tos 0x0, ttl 64, id 54615, offset 0, flags [none], proto UDP (17), length 209, bad cksum 0 (
172.22.23.128.44238 > 85.182.xxx.xxx.11946: UDP, length 181
As you can see the TOS Bits are not copied to the tunnel packet.
The decrypted packets on the other side have the correct TOS Bit = 0x5.
You cannot use traffic shaping/QoS on a shared link (Internet+OpenVPN tunnel) without this option :-(
Perhaps it's an openvpn or freebsd issue, I am not sure...
Using: 2.0-RC2 (i386) nanabsd(4G) May 11 2011