Opened 11 months ago

Closed 5 months ago

#1342 closed Bug / Defect (worksforme)

openvpn on linux not ignoring "windows-driver"

Reported by: hildeb Owned by: stipa
Priority: major Milestone: release 2.5.1
Component: Generic / unclassified Version: OpenVPN 2.5.0 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

$ openvpn --config charite-hildeb.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in charite-hildeb.ovpn:3: windows-driver (2.5_rc3)
Use --help for more information.

looking at the config:

$ head charite-hildeb.ovpn

# Konfiguration fuer Charite-OpenVPN

windows-driver wintun

client
dev tun

key-direction 1
<tls-auth>
#

openvpn should ignore those architecture specific settings - just as it does with block-outside-dns ...
or "Windows-Specific Options" in general.

Change History (8)

comment:1 Changed 11 months ago by tct

+1

comment:2 Changed 10 months ago by Gert Döring

Milestone: release 2.5.1
Owner: set to stipa
Status: newassigned

@hildeb: actually, --block-outside-dns also errors out if put into an .ovpn file. It's just on PUSH_REPLY that "unknown option, FATAL" turns into "unknown option, WARNING". This is less of a problem than --windows-driver, which cannot be pushed and has to be in the client config.

So I can see your problem ("I want to generate optimal configs for my clients, without having to know their operating system").

@stipa, what do you think? For 2.5.1? Your option, your code :-)

comment:3 Changed 9 months ago by Gert Döring

hah! I just rediscovered a well-hidden openvpn config trick.

You can put "options that might not work everywhere" in the config like this:

setenv opt windows-driver wintun

the code in question will read "setenv opt <something>", then reduce the error level for "something failed in config parsing" to M_WARN, and then feed <something> to the rest of the config parser.

So a fatal error in "windows-driver wintun" (on 2.4 or tunnelblick or...) would turn into a warning about "unknown option".

Good enough?

(options.c, early in add_option(), magic from the last century)

comment:4 in reply to:  3 Changed 9 months ago by tct

Replying to Gert Döring:

hah! I just rediscovered a well-hidden openvpn config trick.


Perhaps it is well hidden because setenv opt foo means nothing to most users.

You can put "options that might not work everywhere" in the config like this:

setenv opt windows-driver wintun

Good enough?

Almost ;-) (Thanks for the tip!)

Last edited 9 months ago by tct (previous) (diff)

comment:5 Changed 9 months ago by stipa

So apparently no code change is needed. You could also put "--ignore-unknown-option windows-driver" to the config before "windows-driver" and client will use it if it knows how to.

comment:6 Changed 6 months ago by Gert Döring

So this can be closed?

comment:7 Changed 6 months ago by stipa

Yes, let's close it. There are two workarounds mentioned above for this issue.

comment:8 Changed 5 months ago by Gert Döring

Resolution: worksforme
Status: assignedclosed
Note: See TracTickets for help on using tickets.