Opened 3 years ago

Last modified 3 years ago

#1298 new Feature Wish

feature wish: extend Linux VRF support to other OSes

Reported by: Gert Döring Owned by:
Priority: minor Milestone:
Component: Networking Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: VRF, fib, setfib, setrtable

Description (last modified by Gert Döring)

This is more a long-term thing...

  • collect information how "multiple routing tables", "VRF", etc. are done on various OSes
  • see if we can implement this in a sufficiently generic way

What I've found so far:

  • Linux: SO_BINDTODEV will put the socket into "a VRF" if you bind to the (named) "VRF device" (-> vrf blue -> bind-dev blue). An interface is put into a VRF by enslaving it under the VRF master device.
  • FreeBSD: boot with "net.fibs=N" (default is 1, boot-time only), then a process can be put into a non-default fib with setfib <i> openvpn... or setfib(2) or setsockopt(SO_SETFIB). An interface is put into a fib with ifconfig ... -fib <i>
  • OpenBSD: route has -T table arguments to specifiy the routing table to use. route -T table exec $command seems to be similar to FreeBSD's setfib i $command. ifconfig has rdomain $rdomainid to specify a "routing domain". setsockopt() has SO_RTABLE "set the routing table used for route lookups", and setrtable(2) can be used to set the whole process's default table. (see man route, ifconfig, netintro, setsockopt)
  • NetBSD: ???
  • MacOS: ???
  • Windows: ???

Change History (2)

comment:1 Changed 3 years ago by Gert Döring

Description: modified (diff)

comment:2 Changed 3 years ago by tct

Looks interesting - CC'd

Note: See TracTickets for help on using tickets.