wiki:PlatformNotes

Version 8 (modified by Gert Döring, 11 years ago) (diff)

Solaris

Platform Notes

FreeBSD

  • If you use IPv6 on a tun/tap interface and use pf(4) for firewalling, pf(4) will silently drop all fragmented IPv6 packets. To amend, add a "pass in on tun<x> fragment" rule to pf.conf
  • to use tap devices, you need to load the tap driver with "kldload if_tap"
  • if you want to run an OpenVPN Server that listens on IPv4 and IPv6, run the server with "--proto udp6" or "--proto tcp6-server" and run "sysctl -w net.inet6.ip6.v6only=0" beforehand (this will hopefully be fixed in OpenVPN 2.4)

NetBSD

  • Using "named" tap interfaces (--dev tap3) does not work unless you create the interfaces beforehand with "ifconfig tap3 create". This is due to the way tap interfaces are created, see "man tap(4)".
  • if the system is set to autoconfigure IPv6 addresses (ip6mode=autohost in /etc/rc.conf), and there are IPv6 router advertisements coming in on the normal LAN interface, OpenVPN TAP mode + IPv6 will not work. The reason behind this is that the NetBSD kernel enforces the "an IPv6 autoconfiguring host must only have one single IPv6 interface" rule (technical: the "connected/cloning" route (UC) for the IPv6 /64 configured on the TAP interface is removed by the kernel upon reception of a RA on the LAN interface, and subsequently neighbor discovery on the TAP interface fails). Using "tun" mode works, because this kernel behaviour only seems to apply to interfaces that do neighbor discovery (ND), which tun ifs don't do. Workaround: set "ip6mode=host" and statically configure your LAN IPv6 address + routers, or use --dev tun. (This applies to NetBSD at least up to 5.1)

OpenBSD

  • Using TAP interfaces with "--dev tap" or "--dev tap3" does not work - this is due to the way tap devices are implemented on OpenBSD, as a configuration variant of tun(4). To use TAP devices, call "--dev tun --dev-type tap" or "--dev tun3 --dev-type tap"
  • running a single server on IPv4 and IPv6 is not possible yet, you must run two server processes (as OpenBSD does not allow IPv4 packets on IPv6 sockets)

DragonFlyBSD

  • there currently is no OpenVPN developer that has access to a DragonFlyBSD system, so changes to the code are not tested. We assume that it's "like FreeBSD" as far as tun(4)/tap(4) handling and ifconfig goes - so it should work. If not, send a report, please.

MacOS X

  • MacOS X does not have built-in tun or tap drivers. I found the easiest way to get working tun/tap kernel extentions by installing the Tunnelblick OpenVPN gui bundle, which contains both.

Solaris