vxlan(4) custom destination UDP port seems not working

2023-11-15 Thread Luca Di Gregorio
# uname -a OpenBSD X.my.domain 7.4 GENERIC#0 amd64 # ifconfig vxlan0 tunnel SOURCE_IP DEST_IP:8472 vnetid 5 # ifconfig vxlan0 inet 192.168.5.1/30 # ifconfig vxlan0 up # ifconfig vxlan0: I can't see the dest UDP port 8472 anywhere vxlan0: flags=8843 mtu 1500 lladdr fe:e1:ba:d9:e4:0b

Re: vxlan(4) custom destination UDP port seems not working

2023-11-15 Thread Otto Moerbeek
On Wed, Nov 15, 2023 at 12:42:46PM +0100, Luca Di Gregorio wrote: > # uname -a > OpenBSD X.my.domain 7.4 GENERIC#0 amd64 > > # ifconfig vxlan0 tunnel SOURCE_IP DEST_IP:8472 vnetid 5 > # ifconfig vxlan0 inet 192.168.5.1/30 > # ifconfig vxlan0 up > > # ifconfig vxlan0: I can't see the dest UD

Re: vxlan(4) custom destination UDP port seems not working

2023-11-15 Thread Stuart Henderson
On 2023/11/15 13:03, Otto Moerbeek wrote: > On Wed, Nov 15, 2023 at 12:42:46PM +0100, Luca Di Gregorio wrote: > > > # uname -a > > OpenBSD X.my.domain 7.4 GENERIC#0 amd64 ... > > # ifconfig vxlan0 tunnel SOURCE_IP DEST_IP:8472 vnetid 5 ... > It helps to read the vxlan(4) manpage, specifcially

Re: vxlan(4) custom destination UDP port seems not working

2023-11-15 Thread Luca Di Gregorio
In the EXAMPLES section of vxlan(4) manpage, I see a multicast dest address 239.1.1.100 with the non standard dest port 8472. Does it mean that for point-to-point tunnels the destination port is static to 4789? If this is the case, I think that the ifconfig command should at least raise an alert,

Re: vxlan(4) custom destination UDP port seems not working

2023-11-15 Thread Theo de Raadt
Otto Moerbeek wrote: > On Wed, Nov 15, 2023 at 12:42:46PM +0100, Luca Di Gregorio wrote: > > > # uname -a > > OpenBSD X.my.domain 7.4 GENERIC#0 amd64 > > > > # ifconfig vxlan0 tunnel SOURCE_IP DEST_IP:8472 vnetid 5 > > # ifconfig vxlan0 inet 192.168.5.1/30 > > # ifconfig vxlan0 up > > > >

Re: vxlan(4) custom destination UDP port seems not working

2023-11-15 Thread Stuart Henderson
On 2023/11/15 05:59, Theo de Raadt wrote: > Otto Moerbeek wrote: > > > On Wed, Nov 15, 2023 at 12:42:46PM +0100, Luca Di Gregorio wrote: > > > > > # uname -a > > > OpenBSD X.my.domain 7.4 GENERIC#0 amd64 > > > > > > # ifconfig vxlan0 tunnel SOURCE_IP DEST_IP:8472 vnetid 5 > > > # ifconfig v

Re: vxlan(4) custom destination UDP port seems not working

2023-11-15 Thread Theo de Raadt
Stuart Henderson wrote: > On 2023/11/15 05:59, Theo de Raadt wrote: > > Otto Moerbeek wrote: > > > > > On Wed, Nov 15, 2023 at 12:42:46PM +0100, Luca Di Gregorio wrote: > > > > > > > # uname -a > > > > OpenBSD X.my.domain 7.4 GENERIC#0 amd64 > > > > > > > > # ifconfig vxlan0 tunnel SOURCE

Re: vxlan(4) custom destination UDP port seems not working

2023-11-15 Thread Luca Di Gregorio
I'm not sure about this, but I think that public cloud datacenters filter out (or do something with) udp traffic to standard udp vxlan port. Maybe it's because they have their vlanx infrastructure running on the standard port, don't know. I see no traffic coming from a VPS that tries to send to t

Re: vxlan(4) custom destination UDP port seems not working

2023-11-15 Thread Theo de Raadt
Luca Di Gregorio wrote: > I'm not sure about this, but I think that public cloud datacenters filter out > (or do something with) udp traffic to standard udp vxlan port. But that would not be a reason for allowing selection of the pre-standard port number. Rather, it would be a reason for provid

Re: vxlan(4) custom destination UDP port seems not working

2023-11-15 Thread Luca Di Gregorio
Fair enough. So, I think that man page(s), and maybe code, should be corrected. Thanks Il giorno mer 15 nov 2023 alle ore 14:13 Theo de Raadt ha scritto: > Luca Di Gregorio wrote: > > > I'm not sure about this, but I think that public cloud datacenters > filter out > > (or do something with) ud

Re: vxlan(4) custom destination UDP port seems not working

2023-11-19 Thread Luca Di Gregorio
Confirmed with the cloud service provider that they block input traffic of type VXLAN. Not only the port 4789, all ports carrying VXLAN. I tested another CSP, and VXLAN traffic on OpenBSD flows as expected. On the other hand, another issue is that OpenBSD sends VXLAN traffic always with Source Po

Re: vxlan(4) custom destination UDP port seems not working

2023-11-19 Thread Crystal Kolipe
On Sun, Nov 19, 2023 at 06:04:16PM +0100, Luca Di Gregorio wrote: > Confirmed with the cloud service provider that they block input traffic of > type VXLAN. > Not only the port 4789, all ports carrying VXLAN. Did it mention that in their terms of service? If not, can't you just tunnel it via IPSE

Re: vxlan(4) custom destination UDP port seems not working

2023-11-19 Thread Luca Di Gregorio
Third option :-) Il giorno dom 19 nov 2023 alle ore 18:14 Crystal Kolipe < kolip...@exoticsilicon.com> ha scritto: > On Sun, Nov 19, 2023 at 06:04:16PM +0100, Luca Di Gregorio wrote: > > Confirmed with the cloud service provider that they block input traffic > of > > type VXLAN. > > Not only the

Re: vxlan(4) custom destination UDP port seems not working

2023-11-21 Thread David Gwynne
On Wed, Nov 15, 2023 at 06:13:15AM -0700, Theo de Raadt wrote: > Luca Di Gregorio wrote: > > > I'm not sure about this, but I think that public cloud datacenters filter > > out > > (or do something with) udp traffic to standard udp vxlan port. > > But that would not be a reason for allowing sel

Re: vxlan(4) custom destination UDP port seems not working

2023-11-21 Thread Theo de Raadt
David Gwynne wrote: > On Wed, Nov 15, 2023 at 06:13:15AM -0700, Theo de Raadt wrote: > > Luca Di Gregorio wrote: > > > > > I'm not sure about this, but I think that public cloud datacenters filter > > > out > > > (or do something with) udp traffic to standard udp vxlan port. > > > > But that