Opened 4 years ago

Last modified 16 months ago

#1301 new Bug / Defect

Route: Waiting for TUN / TAP interface to come up ...

Reported by: lozhkinalexey Owned by:
Priority: major Milestone: release 2.7
Component: Generic / unclassified Version: OpenVPN 2.4.8 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


I observe the following problem when connecting to OpenVPN 2.4.9-I601-win10:
If on the local interface the gateway address is on a different subnet, then when I try to connect to OpenVPN, I get the following:
TEST ROUTES: 18/38 succeeded len = 38 ret = 0 a = 0 u / d = up
Route: Waiting for TUN / TAP interface to come up ...

If you enable more detailed logging (verb 7), then the log contains the following lines with the addition of routes with a negative index and a large metric:
Fri Jul 10 13:31:09 2020 us = 361160 DEBUG: IP Locate: ip = nm = index = -1 count = 0 metric = 2147483647

I understand that the problem is the lack of the correct route, but I saw similar connection configurations at airports and the metro.

IPv4-адрес. . . . . . . :
Netmask . . . . . . . . :
Gateway. . . . . . . . . :
DNS. . . . . . . . . . . :

Attachments (1)

test.log (31.1 KB) - added by lozhkinalexey 4 years ago.
log verb 4

Download all attachments as: .zip

Change History (7)

comment:1 Changed 4 years ago by lozhkinalexey

There is no such problem if you run OpenVPN with the same configuration on android

comment:2 Changed 4 years ago by tct

Could you please add your client log at --verb 4 (Remove private data)

Changed 4 years ago by lozhkinalexey

Attachment: test.log added

log verb 4

comment:3 Changed 4 years ago by Gert Döring

A network where the gateway is not part of the subnet is just broken - that it seems to work on windows is amazing, and could be considered a bug (if it breaks right away, people would not deploy such a config).

comment:4 Changed 4 years ago by lozhkinalexey

This connection configuration is often found in cafes, subways, airports.
Gateway is located using the proxy arp.
And OpenVPN on android works with this configuration.

comment:5 Changed 3 years ago by Gert Döring

Milestone: release 2.4.9release 2.6

A machine should never send out an ARP request for something which is not inside the assigned IPv4 subnet (or something which is explicitly configured as "connected to LAN interface").

So yes, *if* the ARP is sent, Proxy ARP will make it work, but *that* it is sent is buggy behaviour on the client side in the first place, and networks relying on this behaviour are broken.

We'll have to look into default gateway lookup for 2.6 anyway, so it's possible this problem disappears in the process.

comment:6 Changed 16 months ago by Gert Döring

Milestone: release 2.6release 2.7

It turns out that 2.6 focuses more on DCO (in-kernel data channel) and the associated performance benefits, and on TLS improvements. The whole "routing layer refactoring" didn't happen, but needs to.

Bumping to 2.7

Note: See TracTickets for help on using tickets.