Opened 3 years ago

Closed 21 months ago

#97 closed Bug / Defect (fixed)

OpenVPN produces DCHP NAK bomb on Win 7 64bit

Reported by: janjust Owned by: dazo
Priority: major Milestone: beta 2.2
Component: Networking Version: 2.1.4
Severity: Not set (if unsure, select this one) Keywords: win7 tap-win32 dhcpnak
Cc: cron2

Description (last modified by janjust)

when launching OpenVPN 2.1.4 on Windows 7 64bit it sometimes results in a DHCPNAK bomb in the event log; the end result is that OpenVPN manages to connect but the routes are wrong.
I've managed to capture the traffic on the tap-win32 (tap-win64?) adapter during the connection process:

http://www.nikhef.nl/~janjust/openvpn/win7-openvpn-dhcpnak-bomb.pcap

(3 MB)

A second dump without IPv6 traffic can be found here:

http://www.nikhef.nl/~janjust/openvpn/win7-openvpn-dhcpnak-bomb-noipv6.pcap

(774 KB)

A third dump for OpenVPN 2.2-RC is attached (30 KB)

Attachments (4)

win7-openvpn-2.2-rc-dhcpnak-bomb-noipv6.pcap (28.4 KB) - added by janjust 3 years ago.
win7-openvpn-OK-no-tunnel-ifs.pcap (2.6 KB) - added by janjust 3 years ago.
win7-openvpn-dhcpnak-bomb-noipv6-2.pcap (30.0 KB) - added by janjust 3 years ago.
win7-openvpn-sigusr1-noipv6.pcap (8.4 KB) - added by janjust 3 years ago.

Download all attachments as: .zip

Change History (16)

comment:1 Changed 3 years ago by janjust

  • Description modified (diff)

Changed 3 years ago by janjust

comment:2 Changed 3 years ago by janjust

  • Description modified (diff)

comment:3 Changed 3 years ago by samuli

This issue has been discussed here.

Changed 3 years ago by janjust

Changed 3 years ago by janjust

Changed 3 years ago by janjust

comment:4 Changed 3 years ago by janjust

Retried it using the DBG tap-win32 driver from the openvpn-2.1_RC7 installer and with 'verb 6' set. It is no longer possible to reproduce the issue. Switching back to the non-debug driver makes the problem appear again; this increases my suspicion that it is a timing issue in the driver itself. Next attempt is to build a debug driver which only prints messages on DHCP NAK packets.

comment:5 Changed 2 years ago by cron2

  • Cc cron2 added

Hi Janjust,

you mentioned that the new 2.2.2 tap driver does not exhibit this behaviour anymore - shall we close the ticket then?

gert

comment:6 Changed 2 years ago by janjust

  • Milestone set to release 2.2.2
  • Resolution set to fixed
  • Status changed from new to closed

let's just close this ticket, as I can still not reproduce it here on my win7 laptop...

comment:7 Changed 22 months ago by ert

I'm still having this issue with the 9.0.0.9 TAP driver and OpenVPN 2.2.2.
It mostly happens on resume after hibernation and may be related to
https://community.openvpn.net/openvpn/ticket/71

However I don't have permission ot reopen this ticket? :(

comment:8 follow-up: Changed 22 months ago by ert

Seems to be a bug in the TAP driver. It's happening after you try to refresh the DHCP lease 3 times (after resume from hibernation, Windows tries to acquire a DHCP lease too).
I think the reason for this is a programming error in dhcp.c in function ProcessDHCP:

Is this a bad DHCPREQUEST?
if (msg_type == DHCPREQUEST && dhcp->ciaddr != p_Adapter->m_dhcp_addr)

++p_Adapter->m_dhcp_bad_requests;

should be:

if (dhcp->ciaddr && msg_type == DHCPREQUEST && dhcp->ciaddr != p_Adapter->m_dhcp_addr)

++p_Adapter->m_dhcp_bad_requests;

as the win32 DHCP client always requests with all fields set to 0, so this increases the error counter even though it isn't a bad request and as BAD_DHCPREQUEST_NAK_THRESHOLD is 3, it fails after the third renew attempt.
Could someone please fix this in the TAP driver and provide a signed copy? We need the driver for production use...

Regards.

comment:9 in reply to: ↑ 8 Changed 21 months ago by samuli

  • Resolution fixed deleted
  • Status changed from closed to reopened

Replying to ert:

Could someone please fix this in the TAP driver and provide a signed copy? We need the driver for production use...

Please test this installer, it's got this fix in it.

comment:10 Changed 21 months ago by ert

Looks good! No more NAK bombs and no more connection problems on resume after hibernate now! :)
Thank you for your fast response!

comment:11 Changed 21 months ago by samuli

  • Owner set to dazo
  • Status changed from reopened to assigned

Excellent! We'll push out a new release tap-windows and openvpn with this fix this/next week probably.

comment:12 Changed 21 months ago by dazo

  • Milestone changed from release 2.2.2 to beta 2.2
  • Resolution set to fixed
  • Status changed from assigned to closed

Suggested fix is applied to tap-windows.git/master commit 5728d5f65b65b3e2304f18c160b1e5d89217ad10

Note: See TracTickets for help on using tickets.