From a98ac9043ea9445537936a88808d3d1939102e39 Mon Sep 17 00:00:00 2001
From: Heiko Hund <heiko.hund@sophos.com>
Date: Fri, 24 Jun 2016 18:01:41 +0200
Subject: [PATCH] Windows: do_ifconfig() after open_tun()
When you had multiple TAP adapters and IPv6 configured you got an error
message about "you must also specify --dev-node" and openvpn exited.
Very inconvenient especially since this is only due to the fact that
Windows tries to set the adapter address before it is opened; for no
good reason.
This patch changes the order to IFCONFIG_AFTER_TUN_OPEN, moves some
initialization code to init_tun, where it belongs, and removes duplicate
code that is now no longer needed.
v2: do not use "%lu" in argv_printf(), crashes non-iservice usage
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
src/openvpn/tun.c | 54 ++++++++++++++++++------------------------------------
src/openvpn/tun.h | 2 +-
2 files changed, 19 insertions(+), 37 deletions(-)
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index b7a29f7..1250547 100644
|
a
|
b
|
init_tun (const char *dev, /* --dev option */ |
| 611 | 611 | tt->broadcast = generate_ifconfig_broadcast_addr (tt->local, tt->remote_netmask); |
| 612 | 612 | } |
| 613 | 613 | |
| | 614 | #ifdef WIN32 |
| | 615 | /* |
| | 616 | * Make sure that both ifconfig addresses are part of the |
| | 617 | * same .252 subnet. |
| | 618 | */ |
| | 619 | if (tun) |
| | 620 | { |
| | 621 | verify_255_255_255_252 (tt->local, tt->remote_netmask); |
| | 622 | tt->adapter_netmask = ~3; |
| | 623 | } |
| | 624 | else |
| | 625 | { |
| | 626 | tt->adapter_netmask = tt->remote_netmask; |
| | 627 | } |
| | 628 | #endif |
| 614 | 629 | |
| 615 | 630 | tt->did_ifconfig_setup = true; |
| 616 | 631 | } |
| … |
… |
do_ifconfig (struct tuntap *tt, |
| 1327 | 1342 | } |
| 1328 | 1343 | #elif defined (WIN32) |
| 1329 | 1344 | { |
| 1330 | | /* |
| 1331 | | * Make sure that both ifconfig addresses are part of the |
| 1332 | | * same .252 subnet. |
| 1333 | | */ |
| 1334 | | if (tun) |
| 1335 | | { |
| 1336 | | verify_255_255_255_252 (tt->local, tt->remote_netmask); |
| 1337 | | tt->adapter_netmask = ~3; |
| 1338 | | } |
| 1339 | | else |
| 1340 | | { |
| 1341 | | tt->adapter_netmask = tt->remote_netmask; |
| 1342 | | } |
| | 1345 | ASSERT (actual != NULL); |
| 1343 | 1346 | |
| 1344 | 1347 | switch (tt->options.ip_win32_type) |
| 1345 | 1348 | { |
| … |
… |
do_ifconfig (struct tuntap *tt, |
| 1350 | 1353 | print_in_addr_t (tt->adapter_netmask, 0, &gc)); |
| 1351 | 1354 | break; |
| 1352 | 1355 | case IPW32_SET_NETSH: |
| 1353 | | if (!strcmp (actual, "NULL")) |
| 1354 | | msg (M_FATAL, "Error: When using --ip-win32 netsh, if you have more than one TAP-Windows adapter, you must also specify --dev-node"); |
| 1355 | | |
| 1356 | 1356 | netsh_ifconfig (&tt->options, |
| 1357 | 1357 | actual, |
| 1358 | 1358 | tt->local, |
| … |
… |
do_ifconfig (struct tuntap *tt, |
| 1366 | 1366 | |
| 1367 | 1367 | if ( do_ipv6 ) |
| 1368 | 1368 | { |
| 1369 | | char * saved_actual; |
| 1370 | | char iface[64]; |
| 1371 | | DWORD idx; |
| 1372 | | |
| 1373 | | if (!strcmp (actual, "NULL")) |
| 1374 | | msg (M_FATAL, "Error: When using --tun-ipv6, if you have more than one TAP-Windows adapter, you must also specify --dev-node"); |
| 1375 | | |
| 1376 | | idx = get_adapter_index_flexible(actual); |
| 1377 | | openvpn_snprintf(iface, sizeof(iface), "interface=%lu", idx); |
| 1378 | | |
| 1379 | | /* on windows, OpenVPN does ifconfig first, open_tun later, so |
| 1380 | | * tt->actual_name might not yet be initialized, but routing code |
| 1381 | | * needs to know interface name - point to "actual", restore later |
| 1382 | | */ |
| 1383 | | saved_actual = tt->actual_name; |
| 1384 | | tt->actual_name = (char*) actual; |
| 1385 | | /* we use adapter_index in add_route_ipv6 */ |
| 1386 | | tt->adapter_index = idx; |
| 1387 | | |
| 1388 | 1369 | if (tt->options.msg_channel) |
| 1389 | 1370 | { |
| 1390 | 1371 | do_address_service (true, AF_INET6, tt); |
| … |
… |
do_ifconfig (struct tuntap *tt, |
| 1392 | 1373 | else |
| 1393 | 1374 | { |
| 1394 | 1375 | /* example: netsh interface ipv6 set address interface=42 2001:608:8003::d store=active */ |
| | 1376 | char iface[64]; |
| | 1377 | openvpn_snprintf(iface, sizeof(iface), "interface=%lu", tt->adapter_index ); |
| 1395 | 1378 | argv_printf (&argv, |
| 1396 | 1379 | "%s%sc interface ipv6 set address %s %s store=active", |
| 1397 | 1380 | get_win_sys_path(), |
| … |
… |
do_ifconfig (struct tuntap *tt, |
| 1403 | 1386 | |
| 1404 | 1387 | /* explicit route needed */ |
| 1405 | 1388 | add_route_connected_v6_net(tt, es); |
| 1406 | | tt->actual_name = saved_actual; |
| 1407 | 1389 | } |
| 1408 | 1390 | #else |
| 1409 | 1391 | msg (M_FATAL, "Sorry, but I don't know how to do 'ifconfig' commands on this operating system. You should ifconfig your TUN/TAP device manually or use an --up script."); |
diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
index 4e93a3f..1ccf378 100644
|
a
|
b
|
ifconfig_order(void) |
| 301 | 301 | #elif defined(TARGET_NETBSD) |
| 302 | 302 | return IFCONFIG_AFTER_TUN_OPEN; |
| 303 | 303 | #elif defined(WIN32) |
| 304 | | return IFCONFIG_BEFORE_TUN_OPEN; |
| | 304 | return IFCONFIG_AFTER_TUN_OPEN; |
| 305 | 305 | #elif defined(TARGET_ANDROID) |
| 306 | 306 | return IFCONFIG_BEFORE_TUN_OPEN; |
| 307 | 307 | #else |
