Opened 4 years ago

Last modified 4 years ago

#723 new Bug / Defect

--ifconfig-noexec combined with IPv6 behaviour

Reported by: debbie10t Owned by:
Priority: major Milestone: release 2.3.14
Component: IPv6 Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

This is a little complicated because there are different scenarios to describe. To open this ticket I will describe the one that is simplest.

Points to note:
--ifconfig-noexec does not work for IPv6 in this scenario
--ifconfig-noexec is shown as DISABLED in the log

Related:
https://sourceforge.net/p/openvpn/mailman/message/35285863/


Common to all scenarios:

Client Windows 10.0.10586
openvpn-install-master-20160812155127-d1bd37fd50-x86_64.exe

Starting/stopping Openvpn Legacy Service
Openvpn Interactive Service Stopped

Server Linux 3.16.0-38-generic #52~14.04.1-Ubuntu SMP Fri May 8 09:43:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
OpenVPN 2.3_git [git:master/834f602fd069118b] x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Jul 26 2016
library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06

Openvpn Server configuration

cd /etc/openvpn
dev tun
server 10.8.0.0 255.255.255.0
server-ipv6 12fc:1918::10:8:0:0/112
keepalive 10 30
comp-lzo no
push "comp-lzo no"
push "explicit-exit-notify 3"
log defaults/vpn.log
verb 4
management 127.0.0.1 51194
tls-auth defaults/ta.key 0
ca defaults/ca.crt
cert defaults/defaults.crt
key defaults/defaults.key  # This file should be kept secret
dh defaults/dh-4096b.pem

Scenario 1:

Openvpn Client config #1

dev-node defaultc
dev-type tun
client

;block-outside-dns

route-nopull
route-noexec
ifconfig-noexec

; pull-filter ignore "ifconfig-ipv6 " 

; script-security 3
;    up "c:\\program files\\openvpn\\config\\cup6.bat"
;  down "c:\\program files\\openvpn\\config\\cdown6.bat"
	
       ca "ca.crt"
     cert "defaultc01.crt"
      key "defaultc01.key"
 tls-auth "ta-default.key" 1

nobind
resolv-retry infinite
reneg-sec 0
comp-lzo no
remote-cert-tls server
verb 4
remote 10.1.101.101 # Not in the same subnet as client

Openvpn Client log #1
(Not pasted as monospaced to add highlights and keep all visible on page, some small wiki format errors are visible)


Fri Aug 19 12:43:24 2016 us=806033 Current Parameter Settings:
Fri Aug 19 12:43:24 2016 us=807011 config = 'defaultc.ovpn'
Fri Aug 19 12:43:24 2016 us=807011 mode = 0
Fri Aug 19 12:43:24 2016 us=807011 show_ciphers = DISABLED
Fri Aug 19 12:43:24 2016 us=807011 show_digests = DISABLED
Fri Aug 19 12:43:24 2016 us=807011 show_engines = DISABLED
Fri Aug 19 12:43:24 2016 us=807011 genkey = DISABLED
Fri Aug 19 12:43:24 2016 us=807011 key_pass_file = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=807011 show_tls_ciphers = DISABLED
Fri Aug 19 12:43:24 2016 us=807011 connect_retry_max = 0
Fri Aug 19 12:43:24 2016 us=807011 Connection profiles [0]:
Fri Aug 19 12:43:24 2016 us=807011 proto = udp
Fri Aug 19 12:43:24 2016 us=807011 local = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=807989 local_port = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=807989 remote = '10.1.101.101'
Fri Aug 19 12:43:24 2016 us=807989 remote_port = '1194'
Fri Aug 19 12:43:24 2016 us=807989 remote_float = DISABLED
Fri Aug 19 12:43:24 2016 us=807989 bind_defined = DISABLED
Fri Aug 19 12:43:24 2016 us=807989 bind_local = DISABLED
Fri Aug 19 12:43:24 2016 us=807989 bind_ipv6_only = DISABLED
Fri Aug 19 12:43:24 2016 us=807989 connect_retry_seconds = 5
Fri Aug 19 12:43:24 2016 us=807989 connect_timeout = 120
Fri Aug 19 12:43:24 2016 us=807989 socks_proxy_server = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=807989 socks_proxy_port = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=807989 tun_mtu = 1500
Fri Aug 19 12:43:24 2016 us=807989 tun_mtu_defined = ENABLED
Fri Aug 19 12:43:24 2016 us=807989 link_mtu = 1500
Fri Aug 19 12:43:24 2016 us=807989 link_mtu_defined = DISABLED
Fri Aug 19 12:43:24 2016 us=807989 tun_mtu_extra = 0
Fri Aug 19 12:43:24 2016 us=807989 tun_mtu_extra_defined = DISABLED
Fri Aug 19 12:43:24 2016 us=807989 mtu_discover_type = -1
Fri Aug 19 12:43:24 2016 us=807989 fragment = 0
Fri Aug 19 12:43:24 2016 us=807989 mssfix = 1450
Fri Aug 19 12:43:24 2016 us=807989 explicit_exit_notification = 0
Fri Aug 19 12:43:24 2016 us=807989 Connection profiles END
Fri Aug 19 12:43:24 2016 us=807989 remote_random = DISABLED
Fri Aug 19 12:43:24 2016 us=807989 ipchange = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=807989 dev = 'defaultc'
Fri Aug 19 12:43:24 2016 us=807989 dev_type = 'tun'
Fri Aug 19 12:43:24 2016 us=807989 dev_node = 'defaultc'
Fri Aug 19 12:43:24 2016 us=807989 lladdr = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=807989 topology = 1
Fri Aug 19 12:43:24 2016 us=807989 tun_ipv6 = DISABLED
Fri Aug 19 12:43:24 2016 us=807989 ifconfig_local = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=807989 ifconfig_remote_netmask = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=807989 ifconfig_noexec = DISABLED
Fri Aug 19 12:43:24 2016 us=807989 ifconfig_nowarn = DISABLED
Fri Aug 19 12:43:24 2016 us=807989 ifconfig_ipv6_local = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=807989 ifconfig_ipv6_netbits = 0
Fri Aug 19 12:43:24 2016 us=807989 ifconfig_ipv6_remote = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=807989 shaper = 0
Fri Aug 19 12:43:24 2016 us=807989 mtu_test = 0
Fri Aug 19 12:43:24 2016 us=807989 mlock = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 keepalive_ping = 0
Fri Aug 19 12:43:24 2016 us=808964 keepalive_timeout = 0
Fri Aug 19 12:43:24 2016 us=808964 inactivity_timeout = 0
Fri Aug 19 12:43:24 2016 us=808964 ping_send_timeout = 0
Fri Aug 19 12:43:24 2016 us=808964 ping_rec_timeout = 0
Fri Aug 19 12:43:24 2016 us=808964 ping_rec_timeout_action = 0
Fri Aug 19 12:43:24 2016 us=808964 ping_timer_remote = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 remap_sigusr1 = 0
Fri Aug 19 12:43:24 2016 us=808964 persist_tun = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 persist_local_ip = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 persist_remote_ip = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 persist_key = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 passtos = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 resolve_retry_seconds = 1000000000
Fri Aug 19 12:43:24 2016 us=808964 resolve_in_advance = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 username = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 groupname = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 chroot_dir = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 cd_dir = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 writepid = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 up_script = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 down_script = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 down_pre = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 up_restart = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 up_delay = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 daemon = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 inetd = 0
Fri Aug 19 12:43:24 2016 us=808964 log = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 suppress_timestamps = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 machine_readable_output = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 nice = 0
Fri Aug 19 12:43:24 2016 us=808964 verbosity = 4
Fri Aug 19 12:43:24 2016 us=808964 mute = 0
Fri Aug 19 12:43:24 2016 us=808964 gremlin = 0
Fri Aug 19 12:43:24 2016 us=808964 status_file = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 status_file_version = 1
Fri Aug 19 12:43:24 2016 us=808964 status_file_update_freq = 60
Fri Aug 19 12:43:24 2016 us=808964 occ = ENABLED
Fri Aug 19 12:43:24 2016 us=808964 rcvbuf = 0
Fri Aug 19 12:43:24 2016 us=808964 sndbuf = 0
Fri Aug 19 12:43:24 2016 us=808964 sockflags = 0
Fri Aug 19 12:43:24 2016 us=808964 fast_io = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 comp.alg = 1
Fri Aug 19 12:43:24 2016 us=808964 comp.flags = 0
Fri Aug 19 12:43:24 2016 us=808964 route_script = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 route_default_gateway = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 route_default_metric = 0
Fri Aug 19 12:43:24 2016 us=808964 route_noexec = ENABLED
Fri Aug 19 12:43:24 2016 us=808964 route_delay = 5
Fri Aug 19 12:43:24 2016 us=808964 route_delay_window = 30
Fri Aug 19 12:43:24 2016 us=808964 route_delay_defined = ENABLED
Fri Aug 19 12:43:24 2016 us=808964 route_nopull = ENABLED
Fri Aug 19 12:43:24 2016 us=808964 route_gateway_via_dhcp = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 allow_pull_fqdn = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 management_addr = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 management_port = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 management_user_pass = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 management_log_history_cache = 250
Fri Aug 19 12:43:24 2016 us=808964 management_echo_buffer_size = 100
Fri Aug 19 12:43:24 2016 us=808964 management_write_peer_info_file = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 management_client_user = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 management_client_group = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 management_flags = 0
Fri Aug 19 12:43:24 2016 us=808964 shared_secret_file = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=808964 key_direction = 2
Fri Aug 19 12:43:24 2016 us=808964 ciphername = 'BF-CBC'
Fri Aug 19 12:43:24 2016 us=808964 authname = 'SHA1'
Fri Aug 19 12:43:24 2016 us=808964 prng_hash = 'SHA1'
Fri Aug 19 12:43:24 2016 us=808964 prng_nonce_secret_len = 16
Fri Aug 19 12:43:24 2016 us=808964 keysize = 0
Fri Aug 19 12:43:24 2016 us=808964 engine = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 replay = ENABLED
Fri Aug 19 12:43:24 2016 us=808964 mute_replay_warnings = DISABLED
Fri Aug 19 12:43:24 2016 us=808964 replay_window = 64
Fri Aug 19 12:43:24 2016 us=808964 replay_time = 15
Fri Aug 19 12:43:24 2016 us=808964 packet_id_file = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=809942 use_iv = ENABLED
Fri Aug 19 12:43:24 2016 us=809942 test_crypto = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 tls_server = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 tls_client = ENABLED
Fri Aug 19 12:43:24 2016 us=809942 key_method = 2
Fri Aug 19 12:43:24 2016 us=809942 ca_file = 'ca.crt'
Fri Aug 19 12:43:24 2016 us=809942 ca_path = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=809942 dh_file = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=809942 cert_file = 'defaultc01.crt'
Fri Aug 19 12:43:24 2016 us=809942 extra_certs_file = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=809942 priv_key_file = 'defaultc01.key'
Fri Aug 19 12:43:24 2016 us=809942 pkcs12_file = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=809942 cryptoapi_cert = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=809942 cipher_list = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=809942 tls_verify = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=809942 tls_export_cert = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=809942 verify_x509_type = 0
Fri Aug 19 12:43:24 2016 us=809942 verify_x509_name = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=809942 crl_file = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=809942 ns_cert_type = 0
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_ku[i] = 160
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_ku[i] = 136
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_ku[i] = 0
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_ku[i] = 0
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_ku[i] = 0
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_ku[i] = 0
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_ku[i] = 0
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_ku[i] = 0
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_ku[i] = 0
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_ku[i] = 0
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_ku[i] = 0
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_ku[i] = 0
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_ku[i] = 0
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_ku[i] = 0
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_ku[i] = 0
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_ku[i] = 0
Fri Aug 19 12:43:24 2016 us=809942 remote_cert_eku = 'TLS Web Server Authentication'
Fri Aug 19 12:43:24 2016 us=809942 ssl_flags = 0
Fri Aug 19 12:43:24 2016 us=809942 tls_timeout = 2
Fri Aug 19 12:43:24 2016 us=809942 renegotiate_bytes = 0
Fri Aug 19 12:43:24 2016 us=809942 renegotiate_packets = 0
Fri Aug 19 12:43:24 2016 us=809942 renegotiate_seconds = 0
Fri Aug 19 12:43:24 2016 us=809942 handshake_window = 60
Fri Aug 19 12:43:24 2016 us=809942 transition_window = 3600
Fri Aug 19 12:43:24 2016 us=809942 single_session = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 push_peer_info = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 tls_exit = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 tls_auth_file = 'ta-default.key'
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_protected_authentication = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_protected_authentication = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_protected_authentication = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_protected_authentication = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_protected_authentication = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_protected_authentication = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_protected_authentication = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_protected_authentication = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_protected_authentication = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_protected_authentication = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_protected_authentication = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_protected_authentication = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_protected_authentication = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_protected_authentication = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_protected_authentication = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_protected_authentication = DISABLED
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_private_mode = 00000000
Fri Aug 19 12:43:24 2016 us=809942 pkcs11_private_mode = 00000000
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_private_mode = 00000000
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_private_mode = 00000000
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_private_mode = 00000000
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_private_mode = 00000000
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_private_mode = 00000000
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_private_mode = 00000000
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_private_mode = 00000000
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_private_mode = 00000000
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_private_mode = 00000000
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_private_mode = 00000000
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_private_mode = 00000000
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_private_mode = 00000000
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_private_mode = 00000000
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_private_mode = 00000000
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_cert_private = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_cert_private = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_cert_private = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_cert_private = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_cert_private = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_cert_private = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_cert_private = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_cert_private = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_cert_private = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_cert_private = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_cert_private = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_cert_private = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_cert_private = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_cert_private = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_cert_private = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_cert_private = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_pin_cache_period = -1
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_id = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=810921 pkcs11_id_management = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 server_network = 0.0.0.0
Fri Aug 19 12:43:24 2016 us=810921 server_netmask = 0.0.0.0
Fri Aug 19 12:43:24 2016 us=810921 server_network_ipv6 = ::
Fri Aug 19 12:43:24 2016 us=810921 server_netbits_ipv6 = 0
Fri Aug 19 12:43:24 2016 us=810921 server_bridge_ip = 0.0.0.0
Fri Aug 19 12:43:24 2016 us=810921 server_bridge_netmask = 0.0.0.0
Fri Aug 19 12:43:24 2016 us=810921 server_bridge_pool_start = 0.0.0.0
Fri Aug 19 12:43:24 2016 us=810921 server_bridge_pool_end = 0.0.0.0
Fri Aug 19 12:43:24 2016 us=810921 ifconfig_pool_defined = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 ifconfig_pool_start = 0.0.0.0
Fri Aug 19 12:43:24 2016 us=810921 ifconfig_pool_end = 0.0.0.0
Fri Aug 19 12:43:24 2016 us=810921 ifconfig_pool_netmask = 0.0.0.0
Fri Aug 19 12:43:24 2016 us=810921 ifconfig_pool_persist_filename = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=810921 ifconfig_pool_persist_refresh_freq = 600
Fri Aug 19 12:43:24 2016 us=810921 ifconfig_ipv6_pool_defined = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 ifconfig_ipv6_pool_base = ::
Fri Aug 19 12:43:24 2016 us=810921 ifconfig_ipv6_pool_netbits = 0
Fri Aug 19 12:43:24 2016 us=810921 n_bcast_buf = 256
Fri Aug 19 12:43:24 2016 us=810921 tcp_queue_limit = 64
Fri Aug 19 12:43:24 2016 us=810921 real_hash_size = 256
Fri Aug 19 12:43:24 2016 us=810921 virtual_hash_size = 256
Fri Aug 19 12:43:24 2016 us=810921 client_connect_script = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=810921 learn_address_script = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=810921 client_disconnect_script = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=810921 client_config_dir = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=810921 ccd_exclusive = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 tmp_dir = 'C:\WINDOWS\TEMP\'
Fri Aug 19 12:43:24 2016 us=810921 push_ifconfig_defined = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 push_ifconfig_local = 0.0.0.0
Fri Aug 19 12:43:24 2016 us=810921 push_ifconfig_remote_netmask = 0.0.0.0
Fri Aug 19 12:43:24 2016 us=810921 push_ifconfig_ipv6_defined = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 push_ifconfig_ipv6_local = ::/0
Fri Aug 19 12:43:24 2016 us=810921 push_ifconfig_ipv6_remote = ::
Fri Aug 19 12:43:24 2016 us=810921 enable_c2c = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 duplicate_cn = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 cf_max = 0
Fri Aug 19 12:43:24 2016 us=810921 cf_per = 0
Fri Aug 19 12:43:24 2016 us=810921 max_clients = 1024
Fri Aug 19 12:43:24 2016 us=810921 max_routes_per_client = 256
Fri Aug 19 12:43:24 2016 us=810921 auth_user_pass_verify_script = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=810921 auth_user_pass_verify_script_via_file = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 client = ENABLED
Fri Aug 19 12:43:24 2016 us=810921 pull = ENABLED
Fri Aug 19 12:43:24 2016 us=810921 auth_user_pass_file = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=810921 show_net_up = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 route_method = 0
Fri Aug 19 12:43:24 2016 us=810921 block_outside_dns = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 ip_win32_defined = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 ip_win32_type = 0
Fri Aug 19 12:43:24 2016 us=810921 dhcp_masq_offset = 0
Fri Aug 19 12:43:24 2016 us=810921 dhcp_lease_time = 31536000
Fri Aug 19 12:43:24 2016 us=810921 tap_sleep = 0
Fri Aug 19 12:43:24 2016 us=810921 dhcp_options = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 dhcp_renew = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 dhcp_pre_release = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 dhcp_release = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 domain = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=810921 netbios_scope = '[UNDEF]'
Fri Aug 19 12:43:24 2016 us=810921 netbios_node_type = 0
Fri Aug 19 12:43:24 2016 us=810921 disable_nbt = DISABLED
Fri Aug 19 12:43:24 2016 us=810921 OpenVPN 2.3_git x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [IPv6] built on Aug 12 2016
Fri Aug 19 12:43:24 2016 us=811899 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Aug 19 12:43:24 2016 us=811899 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Fri Aug 19 12:43:24 2016 us=978086 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 19 12:43:24 2016 us=978086 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 19 12:43:24 2016 us=978086 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Fri Aug 19 12:43:24 2016 us=978086 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Fri Aug 19 12:43:24 2016 us=979063 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Fri Aug 19 12:43:24 2016 us=979063 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Fri Aug 19 12:43:24 2016 us=983950 TCP/UDP: Preserving recently used remote address: [AF_INET]10.1.101.101:1194
Fri Aug 19 12:43:24 2016 us=985907 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Aug 19 12:43:24 2016 us=985907 UDP link local: (not bound)
Fri Aug 19 12:43:24 2016 us=985907 UDP link remote: [AF_INET]10.1.101.101:1194
Fri Aug 19 12:43:24 2016 us=990795 TLS: Initial packet from [AF_INET]10.1.101.101:1194, sid=fc78c8b0 5fb8f512
Fri Aug 19 12:43:25 2016 us=12301 VERIFY OK: depth=1, C=US, ST=California, L=San Francisco, O=Copyleft Certificate Co, OU=My Organizational Unit, CN=defaults, emailAddress=me@…
Fri Aug 19 12:43:25 2016 us=13279 Validating certificate key usage
Fri Aug 19 12:43:25 2016 us=13279 ++ Certificate has key usage 00a0, expects 00a0
Fri Aug 19 12:43:25 2016 us=13279 VERIFY KU OK
Fri Aug 19 12:43:25 2016 us=13279 Validating certificate extended key usage
Fri Aug 19 12:43:25 2016 us=13279 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Aug 19 12:43:25 2016 us=13279 VERIFY EKU OK
Fri Aug 19 12:43:25 2016 us=13279 VERIFY OK: depth=0, C=US, ST=California, L=San Francisco, O=Copyleft Certificate Co, OU=My Organizational Unit, CN=defaults, emailAddress=me@…
Fri Aug 19 12:43:25 2016 us=29898 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Fri Aug 19 12:43:25 2016 us=29898 [defaults] Peer Connection Initiated with [AF_INET]10.1.101.101:1194
Fri Aug 19 12:43:26 2016 us=86293 SENT CONTROL [defaults]: 'PUSH_REQUEST' (status=1)
Fri Aug 19 12:43:26 2016 us=91182 PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 12fc:1918::10:8:0:1000/112 12fc:1918::10:8:0:1,comp-lzo no,explicit-exit-notify 3,tun-ipv6,route 10.8.0.1,topology net30,ping 10,ping-restart 30,peer-id 1,cipher AES-256-GCM,ifconfig 10.8.0.6 10.8.0.5'
Fri Aug 19 12:43:26 2016 us=91182 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:3 is ignored by previous <connection> blocks
Fri Aug 19 12:43:26 2016 us=91182 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Fri Aug 19 12:43:26 2016 us=91182 OPTIONS IMPORT: timers and/or timeouts modified
Fri Aug 19 12:43:26 2016 us=91182 OPTIONS IMPORT: explicit notify parm(s) modified
Fri Aug 19 12:43:26 2016 us=91182 OPTIONS IMPORT: compression parms modified
Fri Aug 19 12:43:26 2016 us=91182 OPTIONS IMPORT: --ifconfig/up options modified
Fri Aug 19 12:43:26 2016 us=91182 OPTIONS IMPORT: peer-id set
Fri Aug 19 12:43:26 2016 us=91182 OPTIONS IMPORT: adjusting link_mtu to 1625
Fri Aug 19 12:43:26 2016 us=91182 OPTIONS IMPORT: data channel crypto options modified
Fri Aug 19 12:43:26 2016 us=91182 Data Channel MTU parms [ L:1538 D:1538 EF:38 EB:406 ET:0 EL:3 ]
Fri Aug 19 12:43:26 2016 us=91182 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Aug 19 12:43:26 2016 us=91182 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Aug 19 12:43:26 2016 us=91182 interactive service msg_channel=0
Fri Aug 19 12:43:26 2016 us=92159 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
Fri Aug 19 12:43:26 2016 us=92159 NOTE: Please manually set the IP/netmask of 'defaultc' to 10.8.0.6/255.255.255.252 (if it is not already set)
Fri Aug 19 12:43:27 2016 us=94755 NETSH: C:\WINDOWS\system32\netsh.exe interface ipv6 set address interface=14 12fc:1918::10:8:0:1000 store=active
Fri Aug 19 12:43:29 2016 us=187848 add_route_ipv6(12fc:1918::10:8:0:0/112 -> 12fc:1918::10:8:0:1000 metric 0) dev defaultc
Fri Aug 19 12:43:29 2016 us=188826 C:\WINDOWS\system32\netsh.exe interface ipv6 add route 12fc:1918::10:8:0:0/112 interface=14 fe80::8 store=active
Fri Aug 19 12:43:29 2016 us=188826 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Aug 19 12:43:29 2016 us=264098 ERROR: Windows route add ipv6 command failed: returned error code 1
Fri Aug 19 12:43:29 2016 us=264098 open_tun, tt->ipv6=1
Fri Aug 19 12:43:29 2016 us=265076 TAP-WIN32 device [defaultc] opened:
.\Global\{4DFF16D8-9F2D-4F22-9F87-F796C7DB1571}.tap
Fri Aug 19 12:43:29 2016 us=265076 TAP-Windows Driver Version 9.21
Fri Aug 19 12:43:29 2016 us=265076 TAP-Windows MTU=1500
Fri Aug 19 12:43:29 2016 us=267030 Successful ARP Flush on interface [14] {4DFF16D8-9F2D-4F22-9F87-F796C7DB1571}
Fri Aug 19 12:43:34 2016 us=766809 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:34 2016 us=767788 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:39 2016 us=619974 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:39 2016 us=619974 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:40 2016 us=759789 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:40 2016 us=760761 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:41 2016 us=898971 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:41 2016 us=898971 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:43 2016 us=37673 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:43 2016 us=37673 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:44 2016 us=176950 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:44 2016 us=176950 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:45 2016 us=315017 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:45 2016 us=315017 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:46 2016 us=327888 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:46 2016 us=328866 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:47 2016 us=340828 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:47 2016 us=340828 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:48 2016 us=353000 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:48 2016 us=353000 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:49 2016 us=611665 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:49 2016 us=611665 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:50 2016 us=552001 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:50 2016 us=552001 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:51 2016 us=975142 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:51 2016 us=975142 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:52 2016 us=987126 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:52 2016 us=987126 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:54 2016 us=552 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:54 2016 us=552 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:55 2016 us=185028 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:55 2016 us=185028 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:56 2016 us=369796 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:56 2016 us=370775 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:57 2016 us=555562 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:57 2016 us=555562 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:58 2016 us=59648 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:58 2016 us=59648 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:43:59 2016 us=244866 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:43:59 2016 us=244866 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:44:00 2016 us=305216 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:44:00 2016 us=305216 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:44:01 2016 us=489388 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:44:01 2016 us=489388 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:44:02 2016 us=674411 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:44:02 2016 us=675396 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:44:03 2016 us=860498 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Aug 19 12:44:03 2016 us=860498 Route: Waiting for TUN/TAP interface to come up...
Fri Aug 19 12:44:05 2016 us=44798 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 172.27.72.226 p=0 i=9 t=4 pr=3 a=230104 h=0 m=266/0/0/0/0
10.1.101.101 255.255.255.255 172.27.72.226 p=0 i=9 t=4 pr=3 a=243461 h=0 m=11/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=734487 h=0 m=306/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=734487 h=0 m=306/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=734487 h=0 m=306/0/0/0/0
169.254.0.0 255.255.0.0 169.254.43.174 p=0 i=14 t=3 pr=2 a=2133 h=0 m=276/0/0/0/0
169.254.43.174 255.255.255.255 169.254.43.174 p=0 i=14 t=3 pr=2 a=2133 h=0 m=276/0/0/0/0
169.254.255.255 255.255.255.255 169.254.43.174 p=0 i=14 t=3 pr=2 a=2133 h=0 m=276/0/0/0/0
172.27.72.0 255.255.255.0 172.27.72.110 p=0 i=9 t=3 pr=2 a=734473 h=0 m=266/0/0/0/0
172.27.72.110 255.255.255.255 172.27.72.110 p=0 i=9 t=3 pr=2 a=734473 h=0 m=266/0/0/0/0
172.27.72.255 255.255.255.255 172.27.72.110 p=0 i=9 t=3 pr=2 a=734473 h=0 m=266/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=734487 h=0 m=306/0/0/0/0
224.0.0.0 240.0.0.0 172.27.72.110 p=0 i=9 t=3 pr=2 a=734477 h=0 m=266/0/0/0/0
224.0.0.0 240.0.0.0 169.254.43.174 p=0 i=14 t=3 pr=2 a=84988 h=0 m=276/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=734487 h=0 m=306/0/0/0/0
255.255.255.255 255.255.255.255 172.27.72.110 p=0 i=9 t=3 pr=2 a=734477 h=0 m=266/0/0/0/0
255.255.255.255 255.255.255.255 169.254.43.174 p=0 i=14 t=3 pr=2 a=84988 h=0 m=276/0/0/0/0
SYSTEM ADAPTER LIST
TAP-Windows Adapter V9

Index = 14
GUID = {4DFF16D8-9F2D-4F22-9F87-F796C7DB1571}
IP = 169.254.43.174/255.255.0.0
MAC = 00:ff:4d:ff:16:d8
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV = 0.0.0.0/255.255.255.255
DHCP LEASE OBTAINED = Fri Aug 19 12:44:05 2016
DHCP LEASE EXPIRES = Fri Aug 19 12:44:05 2016
DNS SERV =

VirtualBox Host-Only Ethernet Adapter

Index = 9
GUID = {5BB41243-BD8B-4556-B667-DE41881519A0}
IP = 172.27.72.110/255.255.255.0
MAC = 0a:00:27:00:00:09
GATEWAY = 172.27.72.226/255.255.255.255
DNS SERV =

Fri Aug 19 12:44:05 2016 us=54570 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )


Ipconfig:
(The VBox Hostonly is the W10 ethernet routed through a Linux VM)

Windows IP Configuration


Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 12fc:1918::172:27:72:2110
   Link-local IPv6 Address . . . . . : fe80::1dff:62ac:cf16:d9f9%9
   IPv4 Address. . . . . . . . . . . : 172.27.72.110
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 172.27.72.226

Ethernet adapter defaultc:

   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 12fc:1918::10:8:0:1000
   Link-local IPv6 Address . . . . . : fe80::78b0:b4a9:8ac7:2bae%14
   Autoconfiguration IPv4 Address. . : 169.254.43.174
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 

Tunnel adapter isatap.{5BB41243-BD8B-4556-B667-DE41881519A0}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Tunnel adapter isatap.{4DFF16D8-9F2D-4F22-9F87-F796C7DB1571}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Routing:
(Note: 12fc:1918::/64 route - I can get rid of in the full scenario)

===========================================================================
Interface List
  9...0a 00 27 00 00 09 ......VirtualBox Host-Only Ethernet Adapter
 14...00 ff 4d ff 16 d8 ......TAP-Windows Adapter V9
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    172.27.72.226    172.27.72.110    266
     10.1.101.101  255.255.255.255    172.27.72.226    172.27.72.110     11
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link    169.254.43.174    276
   169.254.43.174  255.255.255.255         On-link    169.254.43.174    276
  169.254.255.255  255.255.255.255         On-link    169.254.43.174    276
      172.27.72.0    255.255.255.0         On-link     172.27.72.110    266
    172.27.72.110  255.255.255.255         On-link     172.27.72.110    266
    172.27.72.255  255.255.255.255         On-link     172.27.72.110    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     172.27.72.110    266
        224.0.0.0        240.0.0.0         On-link    169.254.43.174    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     172.27.72.110    266
  255.255.255.255  255.255.255.255         On-link    169.254.43.174    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0    172.27.72.226  Default 
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 14    276 12fc:1918::/64           On-link
 14    276 12fc:1918::10:8:0:0/112  fe80::8
 14    276 12fc:1918::10:8:0:1000/128
                                    On-link
  9    266 12fc:1918::172:27:72:0/112
                                    On-link
  9    266 12fc:1918::172:27:72:2110/128
                                    On-link
  9    266 fe80::/64                On-link
 14    276 fe80::/64                On-link
  9    266 fe80::1dff:62ac:cf16:d9f9/128
                                    On-link
 14    276 fe80::78b0:b4a9:8ac7:2bae/128
                                    On-link
  1    306 ff00::/8                 On-link
  9    266 ff00::/8                 On-link
 14    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

Change History (10)

comment:1 Changed 4 years ago by debbie10t

Edit: The starting and stopping of the Legacy Service and the interactive service being stopped is not common to all scenarios, sorry .. but it is the method used in the first scenario as described above.

comment:2 Changed 4 years ago by Gert Döring

just copy-paste the code fragments from my last two mails on this - it shows why ifconfig_noexec is shown as "DISABLED", and why this affects only windows.

comment:3 Changed 4 years ago by debbie10t

Quote #1

Source: https://sourceforge.net/p/openvpn/mailman/message/35285663/

The only place in OpenVPN where this flag is checked is
in init.c:

Windows and Android:

      /* do ifconfig */
      if (!c->options.ifconfig_noexec
          && ifconfig_order () == IFCONFIG_BEFORE_TUN_OPEN)
        {
          /* guess actual tun/tap unit number that will be returned
             by open_tun */
          const char *guess = guess_tuntap_dev (c->options.dev,
                                                c->options.dev_type,
                                                c->options.dev_node,
                                                &gc);
          do_ifconfig (c->c1.tuntap, guess, TUN_MTU_SIZE (&c->c2.frame), c->c2.e
s);
        }

all other platforms:

      /* do ifconfig */
      if (!c->options.ifconfig_noexec
          && ifconfig_order () == IFCONFIG_AFTER_TUN_OPEN)
        {
          do_ifconfig (c->c1.tuntap, c->c1.tuntap->actual_name, TUN_MTU_SIZE (&c
->c2.frame), c->c2.es);
        }

... but as you can see, there is no "do_ifconfig_ipv4()" inside the
clause, and "do_ifconfig_ipv6()" outside. do_ifconfig() does IPv4
and IPv6 (tun.c) - if if it is not called for IPv4, there is nothing
else in the code that would do ifconfig for IPv6.


Quote #2

Source: https://sourceforge.net/p/openvpn/mailman/message/35285779/

(copying openvpn-devel back in, as Selva has a surprising explanation
for this)

On Wed, Aug 17, 2016 at 04:40:05PM -0400, Selva Nair wrote:

If the problem is on windows I believe this may be related to
ifconfig_noexec being
reset on windows to ip_win32_type = manual, or some such. Then
do_ifconfig will get called and the ip setting should get skipped inside
it. Recall
seeing it while looking into the code setting ipv6 by service. Don't have
access to the repo to be more precise..

You are right:

  if (options->ifconfig_noexec)
    {
      options->tuntap_options.ip_win32_type = IPW32_SET_MANUAL;
      options->ifconfig_noexec = false;
    }

(in options.c)

so indeed, it would call do_ifconfig() then, and explicitely not do IPv4,
and then just go forward as if nothing had happened and *do* IPv6.

What a horrible hack... I hope we can get rid of this as soon as Heiko's
"do windows in the normal order of things" patch has been fully tested
and merged.

Last edited 4 years ago by debbie10t (previous) (diff)

comment:4 Changed 4 years ago by debbie10t

Personally, I do not see how this helps because in my client config I am not using --ip-win32

I am using --ifconfig-noexec and yet the log shows:
Fri Aug 19 12:43:27 2016 us=94755 NETSH: C:\WINDOWS\system32\netsh.exe interface ipv6 set address interface=14 12fc:1918::10:8:0:1000 store=active1

Also, I am using --route-noexec and the log shows:
Fri Aug 19 12:43:29 2016 us=188826 C:\WINDOWS\system32\netsh.exe interface ipv6 add route 12fc:1918::10:8:0:0/112 interface=14 fe80::8 store=active

So, I am still in the dark.

comment:5 Changed 4 years ago by Samuli Seppänen

Quoting dazo's email to openvpn-devel:

> Q: What is the expected behaviour ?

That --ifconfig-noexec is respected for both IPv4 and IPv6.

> Is this problem a bug ?

Yes.

comment:6 Changed 4 years ago by Gert Döring

It should probably be repeated once more: this is a particular problem on windows, where the code currently behaves totally differently than on other platforms.

There is a patch waiting for test and review on the list (from @d12fk) that changes windows ifconfig/open tun behaviour to match the other platforms, so quite likely the special-casing of --ifconfig-noexec for windows can go away after this patch has been merged, and the bug auto-disappears (it only happens because on windows, ifconfig-noexec is, basically, ignored and replaced by setting "ip-win32 manual" which translates to "do not do IPv4" but there is no ip-win32 for ipv6)

comment:7 in reply to:  6 ; Changed 4 years ago by selvanair

Replying to cron2:

It should probably be repeated once more: this is a particular problem on windows, where the code currently behaves totally differently than on other platforms.

There is a patch waiting for test and review on the list (from @d12fk) that changes windows ifconfig/open tun behaviour to match the other platforms, so quite likely the special-casing of --ifconfig-noexec for windows can go away after this patch has been merged, and the bug auto-disappears (it only happens because on windows, ifconfig-noexec is, basically, ignored and replaced by setting "ip-win32 manual" which translates to "do not do IPv4" but there is no ip-win32 for ipv6)

Apologies in advance if I'm adding to the confusion:

Shouldn't "ip-win32 manual" translate as "do not do IPv4 or IPv6" on Windows? The apparent "logic" behind re-writing "ifconfig-noexec" to "ip-win32 manual" appears to indicate that the two should be aliases of each other. If so, the code in tun.c needs to be fixed independent of Heiko's patch. Put it differently, why do we need this option "ip-win32 manual" on Windows?

comment:8 in reply to:  7 Changed 4 years ago by Gert Döring

Replying to selvanair:

Shouldn't "ip-win32 manual" translate as "do not do IPv4 or IPv6" on Windows? The apparent "logic" behind re-writing "ifconfig-noexec" to "ip-win32 manual" appears to indicate that the two should be aliases of each other. If so, the code in tun.c needs to be fixed independent of Heiko's patch. Put it differently, why do we need this option "ip-win32 manual" on Windows?

Both --ifconfig-noexec and --ip-win32 manual were already there when I joined, so "I have no idea why there is a windows-special variant".

But indeed, --ip-win32 manual should not do IPv6 if it does not do IPv4. Oversight when adding IPv6 (because the IPv6 code never had "ip-win32" variants at all).

Maybe the long-term fix would be to just make this an alias to --ifconfig-noexec and --route-noexec (instead of "half-alias the other way round") and get rid of all the special case code in tun.c and route.c. I like removing special-case code :-)

Let's get Heiko's change well-tested and merged and then revisit this one (... and fix properly in master, while adding more special cases in release/2.3 sigh)

comment:9 Changed 4 years ago by Gert Döring

Milestone: release 2.4

comment:10 Changed 4 years ago by Gert Döring

Milestone: release 2.4release 2.3.14

commit d6ad8cac443f7f7540da595a3dbe7082d0f0a0cf (master)
Author: Selva Nair
Date: Sun Nov 20 16:18:54 2016 -0500

Do not set ipv6 address if '--ip-win32 manual' is used

Signed-off-by: Selva Nair <selva.nair@…>
Acked-by: Gert Doering <gert@…>
Message-Id: <1479676734-21630-1-git-send-email-selva.nair@…>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13143.html

so, fixed for 2.4. Thanks, Selva.

(2.3 missing yet, and "revisit for 2.5")

Note: See TracTickets for help on using tickets.