Opened 11 years ago

Closed 9 years ago

#97 closed Bug / Defect (fixed)

OpenVPN produces DCHP NAK bomb on Win 7 64bit

Reported by: JJK Owned by: David Sommerseth
Priority: major Milestone: beta 2.2
Component: Networking Version: OpenVPN 2.1.4 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: win7 tap-win32 dhcpnak
Cc: Gert Döring

Description (last modified by JJK)

when launching OpenVPN 2.1.4 on Windows 7 64bit it sometimes results in a DHCPNAK bomb in the event log; the end result is that OpenVPN manages to connect but the routes are wrong.
I've managed to capture the traffic on the tap-win32 (tap-win64?) adapter during the connection process:

http://www.nikhef.nl/~janjust/openvpn/win7-openvpn-dhcpnak-bomb.pcap

(3 MB)

A second dump without IPv6 traffic can be found here:

http://www.nikhef.nl/~janjust/openvpn/win7-openvpn-dhcpnak-bomb-noipv6.pcap

(774 KB)

A third dump for OpenVPN 2.2-RC is attached (30 KB)

Attachments (4)

Change History (16)

comment:1 Changed 11 years ago by JJK

Description: modified (diff)

comment:2 Changed 11 years ago by JJK

Description: modified (diff)

comment:3 Changed 11 years ago by Samuli Seppänen

This issue has been discussed here.

Changed 11 years ago by JJK

Changed 11 years ago by JJK

Changed 11 years ago by JJK

comment:4 Changed 11 years ago by JJK

Retried it using the DBG tap-win32 driver from the openvpn-2.1_RC7 installer and with 'verb 6' set. It is no longer possible to reproduce the issue. Switching back to the non-debug driver makes the problem appear again; this increases my suspicion that it is a timing issue in the driver itself. Next attempt is to build a debug driver which only prints messages on DHCP NAK packets.

comment:5 Changed 10 years ago by Gert Döring

Cc: Gert Döring added

Hi Janjust,

you mentioned that the new 2.2.2 tap driver does not exhibit this behaviour anymore - shall we close the ticket then?

gert

comment:6 Changed 10 years ago by JJK

Milestone: release 2.2.2
Resolution: fixed
Status: newclosed

let's just close this ticket, as I can still not reproduce it here on my win7 laptop...

comment:7 Changed 9 years ago by ert

I'm still having this issue with the 9.0.0.9 TAP driver and OpenVPN 2.2.2.
It mostly happens on resume after hibernation and may be related to
https://community.openvpn.net/openvpn/ticket/71

However I don't have permission ot reopen this ticket? :(

comment:8 Changed 9 years ago by ert

Seems to be a bug in the TAP driver. It's happening after you try to refresh the DHCP lease 3 times (after resume from hibernation, Windows tries to acquire a DHCP lease too).
I think the reason for this is a programming error in dhcp.c in function ProcessDHCP:

Is this a bad DHCPREQUEST?
if (msg_type == DHCPREQUEST && dhcp->ciaddr != p_Adapter->m_dhcp_addr)

++p_Adapter->m_dhcp_bad_requests;

should be:

if (dhcp->ciaddr && msg_type == DHCPREQUEST && dhcp->ciaddr != p_Adapter->m_dhcp_addr)

++p_Adapter->m_dhcp_bad_requests;

as the win32 DHCP client always requests with all fields set to 0, so this increases the error counter even though it isn't a bad request and as BAD_DHCPREQUEST_NAK_THRESHOLD is 3, it fails after the third renew attempt.
Could someone please fix this in the TAP driver and provide a signed copy? We need the driver for production use...

Regards.

comment:9 in reply to:  8 Changed 9 years ago by Samuli Seppänen

Resolution: fixed
Status: closedreopened

Replying to ert:

Could someone please fix this in the TAP driver and provide a signed copy? We need the driver for production use...

Please test this installer, it's got this fix in it.

comment:10 Changed 9 years ago by ert

Looks good! No more NAK bombs and no more connection problems on resume after hibernate now! :)
Thank you for your fast response!

comment:11 Changed 9 years ago by Samuli Seppänen

Owner: set to David Sommerseth
Status: reopenedassigned

Excellent! We'll push out a new release tap-windows and openvpn with this fix this/next week probably.

comment:12 Changed 9 years ago by David Sommerseth

Milestone: release 2.2.2beta 2.2
Resolution: fixed
Status: assignedclosed

Suggested fix is applied to tap-windows.git/master commit 5728d5f65b65b3e2304f18c160b1e5d89217ad10

Note: See TracTickets for help on using tickets.