Hi all,
On 05/03/20 13:53, Jan Just Keijser wrote:
Hi,
On 01/03/20 16:29, Selva Nair wrote:
On Sun, Mar 1, 2020 at 2:17 AM Gert Doering <g...@greenie.muc.de> wrote:
On Sun, Mar 01, 2020 at 05:37:15AM +0000, Leroy Tennison via
Openvpn-users wrote:
Admittedly, and older server version (2.3) but is there a way to
specify multiple DNS search suffixes for a Windows (10 if that
makes a difference) client. The clients are part of a domain but I
have no control over them via that avenue. I've tried multiple
dhcp-option DOMAiN entries and the last one applies, I don't see
another dhcp-option such as DOMAIN-SEARCH. Any options would be
much appreciated. Thanks.
OpenVPN never had functionality to set the DHCP SEARCH LIST option
on Windows.
So while you could always specify the option multiple times, it would
only use one of them and put it into the DHCP DOMAIN option.
It's not very much missing code, but someone would have to do it (and
the "core team" is very busy with other aspects right now).
IIRC, windows clients never queried DHCP option 119 (domain search).
It seems that has changed since Windows 10, or has it?
I had to dig through my archives for this one - I found an OpenVPN
2.0.9 (!) source tree to which I had added rudimentary support for
DHCP domain search, but that was *before* I found out that Windows did
not support that...
And yes, according to the comment section of
https://www.normanbauer.com/2018/04/18/configuring-dhcp-option-119-domain-search-list-on-a-windows-dhcp-server/,
Windows 10 1809+ finally has support for DHCP domain searches.
So, for what it's worth, I've dusted off the patch again and rebased
it to the current openvpn master tree. See attached. Note that I did
only rudimentary testing, as I don't use Windows 10 a lot and I was
testing using a mingw cross-compile only. In wireshark I *do* see that
the correct DHCP offer is sent to the tap-win adapter.
Also note that I implemented multiple search domains by separating
them using semi-colons, e.g.
--dhcp-option SEARCH example.com;example.org;example.nl;example.de
etc as that was easier to implement
Also note that I did not fully implement the RFC3397 encoding of the
search list, as that requires one to merge domain names that occur
more than once - that would have made the code far more complicated.
to follow up on this: I just found Jonathan's update-systemd-resolved
thingie (https://github.com/jonathanio/update-systemd-resolved) where
he mentions that you can push
--dhcp-option DOMAIN
multiple times to achieve a similar result - but at best that works on
anything BUT Windows.
I do see that he lists a non-supported option
--dhcp-option SEARCH-DOMAIN
instead of my 'SEARCH' ; it will be good to sync up with his script/code
to ensure a smooth cooperation between platforms - provided, that is,
that my patch is actually acceptable ;)
cheers,
JJK
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
