Opened 7 months ago

Last modified 7 weeks ago

#1301 new Bug / Defect

Route: Waiting for TUN / TAP interface to come up ...

Reported by: lozhkinalexey Owned by:
Priority: major Milestone: release 2.6
Component: Generic / unclassified Version: OpenVPN 2.4.8 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

Greetings.
I observe the following problem when connecting to OpenVPN 2.4.9-I601-win10:
If on the local interface the gateway address is on a different subnet, then when I try to connect to OpenVPN, I get the following:
TEST ROUTES: 18/38 succeeded len = 38 ret = 0 a = 0 u / d = up
Route: Waiting for TUN / TAP interface to come up ...

If you enable more detailed logging (verb 7), then the log contains the following lines with the addition of routes with a negative index and a large metric:
Fri Jul 10 13:31:09 2020 us = 361160 DEBUG: IP Locate: ip = 192.168.1.1 nm = 0.0.0.0 index = -1 count = 0 metric = 2147483647

I understand that the problem is the lack of the correct route, but I saw similar connection configurations at airports and the metro.

ipconfig:
IPv4-адрес. . . . . . . : 192.168.1.200
Netmask . . . . . . . . : 255.255.255.128
Gateway. . . . . . . . . : 192.168.1.1
DNS. . . . . . . . . . . : 8.8.8.8

Attachments (1)

test.log (31.1 KB) - added by lozhkinalexey 6 months ago.
log verb 4

Download all attachments as: .zip

Change History (6)

comment:1 Changed 6 months ago by lozhkinalexey

There is no such problem if you run OpenVPN with the same configuration on android

comment:2 Changed 6 months ago by tincantech

Could you please add your client log at --verb 4 (Remove private data)

Changed 6 months ago by lozhkinalexey

Attachment: test.log added

log verb 4

comment:3 Changed 5 months ago by Gert Döring

A network where the gateway is not part of the subnet is just broken - that it seems to work on windows is amazing, and could be considered a bug (if it breaks right away, people would not deploy such a config).

comment:4 Changed 5 months ago by lozhkinalexey

This connection configuration is often found in cafes, subways, airports.
Gateway is located using the proxy arp.
And OpenVPN on android works with this configuration.
https://community.cisco.com/t5/switching/defaulut-gw-is-set-as-a-different-subnet-but-it-works-why/td-p/2537423

comment:5 Changed 7 weeks ago by Gert Döring

Milestone: release 2.4.9release 2.6

A machine should never send out an ARP request for something which is not inside the assigned IPv4 subnet (or something which is explicitly configured as "connected to LAN interface").

So yes, *if* the ARP is sent, Proxy ARP will make it work, but *that* it is sent is buggy behaviour on the client side in the first place, and networks relying on this behaviour are broken.

We'll have to look into default gateway lookup for 2.6 anyway, so it's possible this problem disappears in the process.

Note: See TracTickets for help on using tickets.