Changes between Initial Version and Version 1 of Ticket #807


Ignore:
Timestamp:
12/30/16 05:32:25 (7 years ago)
Author:
Selva Nair
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #807

    • Property Version changed from 2.2.2 to 2.4.0

  • Ticket #807 – Description

    initial v1  
    1 If a connection is made using a tap adapter and then after disconnecting it if the same connection is attempted using another tap adapter, openvpn fails to asssign the I to the new adapter.
     1If a connection is made using a tap adapter and then after disconnecting it if the same connection is attempted using a second tap adapter, openvpn fails to asssign IP address to the new adapter.
    22
    3 To reproduce: have two tap adapters, say, adapter1 and adapter2 and one config file with a single remote that assigns the same VPN IP everytime (say 10.8.0.2)
     3In normal use this error can show up in many different ways with multiple tap interfaces and single or multiple connections depending on the order in which connections are started etc.. But the basic issue appears to be due to the assigned address not being removed  from an interface when tun is closed. Also there are no such errors if a fixed interface is always assigned to a connection (using --dev-node option).
    44
    5 First have --dev-node adapter1 in the config, make a successful connection. Disconnect, change the dev-node to
    6 --dev-node adapter2 and connect again. This time it will fail with
     5Easy to reproduce: have two tap adapters, say, adapter1 and adapter2 and one config file with a single remote that assigns the same VPN IP to the client everytime (10.9.0.6 in logs below)
    76
     7First have {{{--dev-node adapter1}}} in the config, make a successful connection. Disconnect, change the dev-node to {{{--dev-node adapter2}}} and connect again. This time it will fail with something like
    88
    9 netsh
     9{{{
     10Thu Dec 29 23:48:57 2016 us=508321 TAP-WIN32 device [adapter2] opened: \\.\Global\{4403682C-28DA-498B-98A8-CFC764054EB6}.tap
     11Thu Dec 29 23:48:57 2016 us=509321 TAP-Windows Driver Version 9.21
     12Thu Dec 29 23:48:57 2016 us=509321 TAP-Windows MTU=1500
     13Thu Dec 29 23:48:57 2016 us=516322 Set TAP-Windows TUN subnet mode network/local/netmask = 10.9.0.0/10.9.0.6/255.255.255.0 [SUCCEEDED]
     14Thu Dec 29 23:48:57 2016 us=516322 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.9.0.6/255.255.255.0 on interface {4403682C-28DA-498B-98A8-CFC764054EB6} [DHCP-serv: 10.9.0.0, lease-time: 31536000]
     15Thu Dec 29 23:48:57 2016 us=517322 Successful ARP Flush on interface [28] {4403682C-28DA-498B-98A8-CFC764054EB6}
     16Thu Dec 29 23:48:57 2016 us=534323 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
     17Thu Dec 29 23:48:57 2016 us=534323 MANAGEMENT: >STATE:1483073337,ASSIGN_IP,,10.9.0.6,,,,,xx:xx::1004
     18Thu Dec 29 23:48:57 2016 us=534323 TUN: adding address failed using service: The object already exists.   [status=5010 if_index=28]
     19Thu Dec 29 23:48:57 2016 us=534323 add_route_ipv6(xx:xx::/64 -> xx:xx::1004 metric 0) dev adapter1
     20Thu Dec 29 23:48:57 2016 us=534323 IPv6 route addition via service succeeded
     21Thu Dec 29 23:49:02 2016 us=181589 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
     22Thu Dec 29 23:49:02 2016 us=181589 Route: Waiting for TUN/TAP interface to come up...
     23Thu Dec 29 23:49:07 2016 us=61868 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
     24Thu Dec 29 23:49:07 2016 us=61868 Route: Waiting for TUN/TAP interface to come up...
     25Thu Dec 29 23:49:08 2016 us=285938 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
     26Thu Dec 29 23:49:08 2016 us=285938 Route: Waiting for TUN/TAP interface to come up...
     27Thu Dec 29 23:49:09 2016 us=14980 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
     28Thu Dec 29 23:49:09 2016 us=14980 Route: Waiting for TUN/TAP interface to come up...
     29}}}
     30
     31The above message repeats several times and finally the connection "completes" but with no ip number set on adapter2. At this point
     32
     33{{{netsh int ipv4 show addr}}} shows (not all adapters listed)
     34
     35{{{
     36Configuration for interface "adapter2"
     37    DHCP enabled:                         Yes
     38    InterfaceMetric:                      20
     39
     40Configuration for interface "adapter1"
     41    DHCP enabled:                         Yes
     42    IP Address:                           10.9.0.6
     43    Subnet Prefix:                        10.9.0.0/24 (mask 255.255.255.0)
     44    InterfaceMetric:                      20
     45}}}
     46 
     47(Note that only netsh shows addresses on adapter1 as above, ipconfig /all does not, possibly because adapter1 is disconnected).
     48
     49So adapter1 is still holding the IP we are trying to set on adapter2 and could be the reason for this failure. {{{ipconfig /release adapater1}}} doesn't work as the "media" is disconnected on that adapter.
     50
     51As seen in the logs, an ipv6 address is also assigned (through the service) which fails too possibly due to the same reason.