Opened 3 years ago
Last modified 3 years ago
#1375 assigned Bug / Defect
Applying dhcp-option DOMAIN fails for wintun if domain contains hyphens ("-")
| Reported by: | mroland | Owned by: | stipa |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | Generic / unclassified | Version: | OpenVPN 2.5.0 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: | Selva Nair |
Description
OpenVPN fails to configure the adapter domain suffix for wintun adapter using dhcp-option DOMAIN for domain names containing hyphens ("-"). The log displays the following error message:
TUN: adding dns domain failed using service: [Unknown Win32 Error] [status=44506 if_name=OpenVPN]
For instance, the following options causes the error:
dhcp-option DOMAIN abc-net.mroland.at
The same option works fine if the domain name does not contain a hyphen, e.g. for
dhcp-option DOMAIN abcnet.mroland.at
setting the adpater domain suffix works just fine (showing an entry "DNS domain set using service" in the log).
The affected OpenVPN version is:
OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10 Windows version 10.0 (Windows 10 or greater) 64bit
Wintun & OpenVPN GUI versions:
Wintun 0.8.0.0 / 2019-12-10 OpenVPN GUI 11.20.0.0
Client configurationfor my tests (with sensitive information removed):
ip-win32 dynamic client dev tun dev-node "OpenVPN" windows-driver wintun proto tcp remote [REDACTED] [REDACTED] verify-x509-name [REDACTED] dhcp-option DOMAIN abc-net.mroland.at resolv-retry infinite nobind persist-key persist-tun auth-user-pass cipher AES-256-CBC auth SHA256 route-delay 4 verb 3 reneg-sec 0 <ca> [REDACTED] </ca> <cert> [REDACTED] </cert> <key> [REDACTED] </key>
Change History (3)
comment:1 Changed 3 years ago by
| Cc: | Selva Nair added |
|---|---|
| Owner: | set to stipa |
| Status: | new → assigned |
comment:2 Changed 3 years ago by
It seems hyphen is a special character for wmic and needs to be quoted. Probably because switches like /ALL also work as -ALL and the parser is not that smart.
wmic nicconfig where (InterfaceIndex=nn) SetDNSDomain "foo-bar" works.
Until we fix this you'll have to use
dhcp-option DOMAIN \"abc-net.mroland.at\"
comment:3 Changed 3 years ago by
Fixed in 2.5.1. Please test.
commit 2c8ef6fd2abbaef2e8c458690be545c171e11afe
Author: Selva Nair <selva.nair@…>
Date: Tue Feb 16 19:04:35 2021 -0500
Quote the domain name argument passed to the wmic command
It appears wmic needs domain names containing hyphens to
be quoted.
Trac #1375
Signed-off-by: Selva Nair <selva.nair@…>
Acked-by: Gert Doering <gert@…>
Message-Id: <1613520275-28637-1-git-send-email-selva.nair@…>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21570.html
Signed-off-by: Gert Doering <gert@…>
(cherry picked from commit 3338f2d5a2b7f12f314cc53bf0eaa44ba4f2e58c)
@stipa, any idea?