Comments (6)
schwabe
commented on May 27, 2024
2023-01-27 13:56:47 NOTE: GetBestInterfaceEx returned error: Element nicht gefunden. (code=1168)
That says that OpenVPN cannot determine a route to the IP that was queried. To diagnose this is a log without masked IPs and a route table before OpenVPN was started is probably needed (ie route print and I think openvpn has also a commadn to show its view of the routes)
from openvpn.
pfromme25
commented on May 27, 2024
I debugged a bit more into my problem as the line you described also pops up when using disable-dco on 2.6.0 and on our working systems with 2.5.8. I've also checked a Debian Unstable system with the ovpn-dco kernel driver installed and enabled and did not encounter any issues, therefore I checked the difference between our windows and linux client configs.
Which led me to the ip-win32 (push "ip-win32 dynamic 0 86400") Option, which we push from our server to our clients and subsequently ignore in our Linux OpenVPN Client configs. When I ignore this option on a Windows 10 system running 2.6.0 using dco, I don't encounter any issues around IPv4 addresses nor routes.
In our use case, it is supposed to set the lease time on windows machines to a day, though I'm not entirely sure if this option is even still needed or some setting we accumulated and never removed (have to check for that one internally). After reading the documentation, it seems to revolve around the TAP-Win32 Interface. Is the issue in regards to ovpn-dco's lack of support for TAP Mode and therefore a problem in our config or an actual issue in ovpn-dco?
from openvpn.
cron2
commented on May 27, 2024
Hi,
On Mon, Jan 30, 2023 at 03:44:40AM -0800, Philipp Fromme wrote:
Which led me to the ip-win32 (`push "ip-win32 dynamic 0 86400"`) Option
Just get rid of that. Most of the ip-win32 options are there "because some
old version of Windows XP misbehaved with some Version of OpenVPN nobody
wants to remember".
DCO (and wintun) do not use DHCP, and even for TAP, this is not something
which makes sense - DHCP is handled between TAP driver and Windows, and
OpenVPN controls what is needed (= lease times are independent of OpenVPN
connection times, and when OpenVPN quits, TAP driver is notified and
DHCP address goes away).
OTOH, with DCO we should just plain ignore these values (offset/lease-time),
so it's still a bug in OpenVPN...
gert
…--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany ***@***.***
from openvpn.
pfromme25
commented on May 27, 2024
Thanks for the explanation. Removing the old ip-win32 push option solves our problem.
Do you want to keep this issue open as you consider the current behavior a bug in OpenVPN?
from openvpn.
cron2
commented on May 27, 2024
Hi,
On Tue, Jan 31, 2023 at 10:53:59PM -0800, Philipp Fromme wrote:
Thanks for the explanation. Removing the old ip-win32 push option solves our problem.
Good :-)
Do you want to keep this issue open as you consider the current behavior a bug in OpenVPN?
Yes, please keep it open. The whole "virtual DHCP" machinery is not
used with DCO, so any configuration related to it must not affect DCO
operations.
Did not have time to look into what really happens yet.
gert
…--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany ***@***.***
from openvpn.
selvanair
commented on May 27, 2024
Pushing ip-win32 is root of all evil.
Similar to the --pull-filter ignore route-method we added in the GUI, shall we also add a --pull-filter ignore ip-win32?
Though the incompatibility check in options.c between ip-win32 variants and the driver in use could be improved to also catch pushed options, its would be so much cleaner if we can just purge this option completely from push reply.
from openvpn.
Related Issues (20)
- Deleted user could still login HOT 2
- VPS A serves as the client, and VPS B serves as the server. When I start openvpn on VPS A, I can only connect to VPS A from VPS B, and other hosts cannot connect. I want other hosts to be able to connect through port 22. HOT 2
- Avoid unlimited reconnects with failing client connections HOT 20
- ifconfig_broadcast environment variable is empty since 2.5 HOT 4
- problem with dns assignment HOT 4
- p2p tun configs break with new topology default in non-obvious ways HOT 8
- OpenVPN with mbed TLS: no warning for unsupported LZO compression — successfully connects without warning but not operable HOT 8
- DNS for remote server not refreshed after power hibernation and restoring HOT 3
- --preresolve is not documented HOT 1
- Installation package download problem HOT 2
- key_state_gen_auth_control_files has subtle logic mistake HOT 2
- The OpenVPN process exits unexpectedly when using the DCO kernel module HOT 13
- tapctl.exe creates an adapter, but fails to rename it HOT 5
- Problems when reconnecting OpenVPN HOT 1
- I'm getting a certificate error when I use OpenVPN to access a website with HSTS turned on.
- The openvpn client suddenly disconnects HOT 3
- VPN stop working HOT 4
- Debian / Ubuntu: OpenVPN apt repositories HOT 2
- Unfair treatment for "Stub" Compression push? HOT 4
- connect error on kali linux HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openvpn.