Opened 4 years ago

Closed 3 years ago

#97 closed Bug / Defect (fixed)

OpenVPN produces DCHP NAK bomb on Win 7 64bit

Reported by: janjust Owned by: dazo
Priority: major Milestone: beta 2.2
Component: Networking Version: 2.1.4
Severity: Not set (if unsure, select this one) Keywords: win7 tap-win32 dhcpnak
Cc: cron2

Description (last modified by janjust)

when launching OpenVPN 2.1.4 on Windows 7 64bit it sometimes results in a DHCPNAK bomb in the event log; the end result is that OpenVPN manages to connect but the routes are wrong.
I've managed to capture the traffic on the tap-win32 (tap-win64?) adapter during the connection process:

http://www.nikhef.nl/~janjust/openvpn/win7-openvpn-dhcpnak-bomb.pcap

(3 MB)

A second dump without IPv6 traffic can be found here:

http://www.nikhef.nl/~janjust/openvpn/win7-openvpn-dhcpnak-bomb-noipv6.pcap

(774 KB)

A third dump for OpenVPN 2.2-RC is attached (30 KB)

Attachments (4)

win7-openvpn-2.2-rc-dhcpnak-bomb-noipv6.pcap (28.4 KB) - added by janjust 4 years ago.
win7-openvpn-OK-no-tunnel-ifs.pcap (2.6 KB) - added by janjust 4 years ago.
win7-openvpn-dhcpnak-bomb-noipv6-2.pcap (30.0 KB) - added by janjust 4 years ago.
win7-openvpn-sigusr1-noipv6.pcap (8.4 KB) - added by janjust 4 years ago.

Download all attachments as: .zip

Change History (16)

comment:1 Changed 4 years ago by janjust

  • Description modified (diff)

Changed 4 years ago by janjust

comment:2 Changed 4 years ago by janjust

  • Description modified (diff)

comment:3 Changed 4 years ago by samuli

This issue has been discussed here.

Changed 4 years ago by janjust

Changed 4 years ago by janjust

Changed 4 years ago by janjust

comment:4 Changed 4 years ago by janjust

Retried it using the DBG tap-win32 driver from the openvpn-2.1_RC7 installer and with 'verb 6' set. It is no longer possible to reproduce the issue. Switching back to the non-debug driver makes the problem appear again; this increases my suspicion that it is a timing issue in the driver itself. Next attempt is to build a debug driver which only prints messages on DHCP NAK packets.

comment:5 Changed 4 years ago by cron2

  • Cc cron2 added

Hi Janjust,

you mentioned that the new 2.2.2 tap driver does not exhibit this behaviour anymore - shall we close the ticket then?

gert

comment:6 Changed 4 years ago by janjust

  • Milestone set to release 2.2.2
  • Resolution set to fixed
  • Status changed from new to closed

let's just close this ticket, as I can still not reproduce it here on my win7 laptop...

comment:7 Changed 3 years ago by ert

I'm still having this issue with the 9.0.0.9 TAP driver and OpenVPN 2.2.2.
It mostly happens on resume after hibernation and may be related to
https://community.openvpn.net/openvpn/ticket/71

However I don't have permission ot reopen this ticket? :(

comment:8 follow-up: Changed 3 years ago by ert

Seems to be a bug in the TAP driver. It's happening after you try to refresh the DHCP lease 3 times (after resume from hibernation, Windows tries to acquire a DHCP lease too).
I think the reason for this is a programming error in dhcp.c in function ProcessDHCP:

Is this a bad DHCPREQUEST?
if (msg_type == DHCPREQUEST && dhcp->ciaddr != p_Adapter->m_dhcp_addr)

++p_Adapter->m_dhcp_bad_requests;

should be:

if (dhcp->ciaddr && msg_type == DHCPREQUEST && dhcp->ciaddr != p_Adapter->m_dhcp_addr)

++p_Adapter->m_dhcp_bad_requests;

as the win32 DHCP client always requests with all fields set to 0, so this increases the error counter even though it isn't a bad request and as BAD_DHCPREQUEST_NAK_THRESHOLD is 3, it fails after the third renew attempt.
Could someone please fix this in the TAP driver and provide a signed copy? We need the driver for production use...

Regards.

comment:9 in reply to: ↑ 8 Changed 3 years ago by samuli

  • Resolution fixed deleted
  • Status changed from closed to reopened

Replying to ert:

Could someone please fix this in the TAP driver and provide a signed copy? We need the driver for production use...

Please test this installer, it's got this fix in it.

comment:10 Changed 3 years ago by ert

Looks good! No more NAK bombs and no more connection problems on resume after hibernate now! :)
Thank you for your fast response!

comment:11 Changed 3 years ago by samuli

  • Owner set to dazo
  • Status changed from reopened to assigned

Excellent! We'll push out a new release tap-windows and openvpn with this fix this/next week probably.

comment:12 Changed 3 years ago by dazo

  • Milestone changed from release 2.2.2 to beta 2.2
  • Resolution set to fixed
  • Status changed from assigned to closed

Suggested fix is applied to tap-windows.git/master commit 5728d5f65b65b3e2304f18c160b1e5d89217ad10

Note: See TracTickets for help on using tickets.