Hi, On Mon, Jul 17, 2017 at 02:22:55PM +0200, Jan Just Keijser wrote: > On 17/07/17 14:14, Gert Doering wrote: > > Hi, > > > > On Mon, Jul 17, 2017 at 02:10:11PM +0200, Jan Just Keijser wrote: > >> this problem is NOT present in OpenVPN 2.3.17; the same warning appears > >> (route gateway is ambiguous) but the route is added > >> anyway. This seems to be a regression in 2.4. > > Can we have a log, please? > attached: config and log (with hostnames anonymized)
This indeed is a regression, or a "non-handled special case in the iservice"
(waking up Selva and Heiko).
2.3 is calling route.exe, which seems to just handle this case fine
("the given gateway address is present on two different interfaces",
which I find ambiguous myself :-) ).
2.4 in your setup is using the interactive service...
> Mon Jul 17 14:18:43 2017 us=1227 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=1
> u/d=up
> Mon Jul 17 14:18:43 2017 us=1227 C:\Windows\system32\route.exe ADD
> 222.222.97.13 MASK 255.255.255.255 111.111.135.254
> Mon Jul 17 14:18:43 2017 us=1227 Warning: route gateway is ambiguous:
> 111.111.135.254 (2 matches)
> Mon Jul 17 14:18:43 2017 us=1227 Route addition via service failed
... which notices that the gateway is ambiguous and refuses to cooperate.
Without checking the code, there's a few things here that are not good
- that openvpn just goes ahead, while it "should" know that adding the
"def1" default routes afterwards is going to make things explode
- that we fail, instead of just installing the route (with warning) -
which could either be "just pick an interface and log that" or "just
pick no interface at all, and let windows routing figure this out"
> Mon Jul 17 14:18:43 2017 us=16827 Recursive routing detected, drop tun packet
> to [AF_INET]222.222.97.13:1194
> Mon Jul 17 14:18:44 2017 us=108829 Recursive routing detected, drop tun
> packet to [AF_INET]222.222.97.13:1194
Now *this* is actually good news :-) - instead of blowing up your CPU,
we notice that we're stuck and log that.
As a workaround, what you might do instead...
- connect over IPv6 - the IPv6 code is different and I'm curious what
it will do :-)
- use "--ip-win32 ipapi" (+ run gui as admin) to avoid using the
interactive service
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
