Opened 7 months ago

Last modified 5 months ago

#1375 assigned Bug / Defect

Applying dhcp-option DOMAIN fails for wintun if domain contains hyphens ("-")

Reported by: mroland Owned by: stipa
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN 2.5.0 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc: Selva Nair

Description

OpenVPN fails to configure the adapter domain suffix for wintun adapter using dhcp-option DOMAIN for domain names containing hyphens ("-"). The log displays the following error message:

TUN: adding dns domain failed using service: [Unknown Win32 Error] [status=44506 if_name=OpenVPN]

For instance, the following options causes the error:

dhcp-option DOMAIN abc-net.mroland.at

The same option works fine if the domain name does not contain a hyphen, e.g. for

dhcp-option DOMAIN abcnet.mroland.at

setting the adpater domain suffix works just fine (showing an entry "DNS domain set using service" in the log).

The affected OpenVPN version is:

OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
Windows version 10.0 (Windows 10 or greater) 64bit

Wintun & OpenVPN GUI versions:

Wintun 0.8.0.0 / 2019-12-10
OpenVPN GUI 11.20.0.0

Client configurationfor my tests (with sensitive information removed):

ip-win32 dynamic
client
dev tun
dev-node "OpenVPN"
windows-driver wintun
proto tcp
remote [REDACTED] [REDACTED]
verify-x509-name [REDACTED]
dhcp-option DOMAIN abc-net.mroland.at
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
cipher AES-256-CBC
auth SHA256
route-delay 4
verb 3
reneg-sec 0
<ca>
[REDACTED]
</ca>
<cert>
[REDACTED]
</cert>
<key>
[REDACTED]
</key>

Change History (3)

comment:1 Changed 6 months ago by Gert Döring

Cc: Selva Nair added
Owner: set to stipa
Status: newassigned

@stipa, any idea?

comment:2 Changed 6 months ago by Selva Nair

It seems hyphen is a special character for wmic and needs to be quoted. Probably because switches like /ALL also work as -ALL and the parser is not that smart.

wmic nicconfig where (InterfaceIndex=nn) SetDNSDomain "foo-bar" works.

Until we fix this you'll have to use

dhcp-option DOMAIN \"abc-net.mroland.at\"

comment:3 Changed 5 months ago by Selva Nair

Fixed in 2.5.1. Please test.

commit 2c8ef6fd2abbaef2e8c458690be545c171e11afe
Author: Selva Nair <selva.nair@…>
Date: Tue Feb 16 19:04:35 2021 -0500

Quote the domain name argument passed to the wmic command

It appears wmic needs domain names containing hyphens to
be quoted.

Trac #1375

Signed-off-by: Selva Nair <selva.nair@…>
Acked-by: Gert Doering <gert@…>
Message-Id: <1613520275-28637-1-git-send-email-selva.nair@…>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21570.html
Signed-off-by: Gert Doering <gert@…>
(cherry picked from commit 3338f2d5a2b7f12f314cc53bf0eaa44ba4f2e58c)

Note: See TracTickets for help on using tickets.