Opened 6 years ago

Closed 6 years ago

#433 closed Bug / Defect (invalid)

TAP from 2.3.4 not working + weird config parse errors as cause

Reported by: Joachim_Otahal Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN 2.3.4 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: Config parse, TAP, server 2008 R2, 64 bit
Cc: Heiko Hund

Description

The bug is also described there:
https://forums.openvpn.net/topic16665.html

TAP on Server 2008 R2 x64 with openvpn 2.3.4 64 bit version does not work, and I get very weird config parse errors. The other TUN VPN's are working fine. Adding verb 3 or verb 4 does not change the log file output.
It looks like: "if dev = tap then only read 255 bytes of the config".
Downgrading to 2.2.2 on the same machine makes the TAP devices work as expected, and the TUN devices continue to work.
I tried OpenVPN 2.3.0 and 2.3.2 too, only 2.2.2 does work right.

The server config which should be working:
local 192.168.115.249
port 20021
proto udp
dev tap
dev-node VPN21
ifconfig 192.168.115.221 255.255.255.0
secret abcdefghijlkm-nopqrst-21.key
cipher AES-256-CBC
comp-lzo
; Hold tunnel with more strength
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

The log contains:
Options error: Unrecognized option or missing parameter(s) in server-21.ovpn:2: y (2.3.4)
Use --help for more information.

Another version which should be workin, but with the key file name by ONE character SHORTER:
local 192.168.115.249
port 20021
proto udp
dev tap
dev-node VPN21
ifconfig 192.168.115.221 255.255.255.0
secret bcdefghijlkm-nopqrst-21.key
cipher AES-256-CBC
comp-lzo
; Hold tunnel with more strength
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

Results in this:
Options error: You must define TUN/TAP device (--dev)
Use --help for more information.

A version where the keyfile name is ONE character LONGER:
local 192.168.115.249
port 20021
proto udp
dev tap
dev-node VPN21
ifconfig 192.168.115.221 255.255.255.0
secret aabcdefghijlkm-nopqrst-21.key
cipher AES-256-CBC
comp-lzo
; Hold tunnel with more strength
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

Result:
Options error: Unrecognized option or missing parameter(s) in server-21.ovpn:2: ey (2.3.4)
Use --help for more information.

For the fun this version was also tried:
local 192.168.115.249
port 20021
proto udp
dev VPN21
dev-mode tap
dev-node VPN21
ifconfig 192.168.115.221 255.255.255.0
secret abcdefghijlkm-nopqrst-21.key
cipher AES-256-CBC
comp-lzo
; Hold tunnel with more strength
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

Result:
Options error: Unrecognized option or missing parameter(s) in server-21.ovpn:2: -tun (2.3.4)
Use --help for more information.

Change History (6)

comment:1 Changed 6 years ago by Gert Döring

Can you check if it works if you use a much shorter (not just one character) key file name?

It might be not related to tun or tap at all, but due to the length of the secret file being too long, upsetting the parser. Which would be a bug, of course, but in a different area of the code :-)

The difference 2.2.2 to 2.3.4 could be the 64 bit binary, and/or changed unicode handling in 2.3 - there were a number of bugs related to file names with russian characters in them and the like, and this might be fallout.

comment:2 Changed 6 years ago by Gert Döring

Cc: Heiko Hund added

comment:3 Changed 6 years ago by Joachim_Otahal

I tried a two character filename too, and it did not work either.

This is the "below 240 characters" version 1 (which I think may not work due to syntax changes between 2.2.2 and 2.3.x when defining TAP):
verb 4
local 192.168.115.249
port 20021
proto udp
dev tap
dev-node VPN21
ifconfig 192.168.115.221 255.255.255.0
secret ab.key
cipher AES-256-CBC
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

Error:
Options error: You must define TUN/TAP device (--dev)
Use --help for more information.

using:
dev tap
dev-type tap
dev-node VPN21

gives same "you must define" error as above.

using:
dev VPN21
dev-type tap
dev-node VPN21

gives same "you must define" error as above.

The strange thing: The "dev tun" tunnel configs are all above 256 characters and work fine.

Should I try 2.3.4 32 bit?

comment:4 Changed 6 years ago by Gert Döring

If you could try 2.3.4 32bit, it would help us understand whether it's a 64bit thing (which I do not expect, tbh) or something else in the path names.

Weird that it only happens with tap, and independent of the length of the key file. Thanks for testing :-)

comment:5 Changed 6 years ago by Joachim_Otahal

This was getting weirder by the minute, 32 bit failed, and now 2.2.2 failed too.
I copied the working VPN01 TUN to VPN21 and edited the config to TAP, and now it works with 2.3.4. The config looks bit identical on screen, even the file size is exactly the same as the other non working config.

The reason showed up with binary file compare. the non working version was using "0D" aka CR, and the working version uses "0A" aka LF.

In Notepad++ the difference is visible in the status line: "UNIX" as the working version, "Macintosh" as the non-working version.

My weirdest OpenVPN problem ever in the last ten+ years I've been using OpenVPN.

You can close the ticket now, sorry for wasting your time.

comment:6 Changed 6 years ago by Samuli Seppänen

Resolution: invalid
Status: newclosed

Closing this ticket. Opened a new ticket for tracking the CR/LF issue.

Note: See TracTickets for help on using tickets.