Re: [Openvpn-devel] [PATCH 1/2] Skip DNS address validation
Hi! My I ask if there is anything else I can (or should) do regarding this patch? Perhaps send patch again with revised/updated description as suggested by Simon? Thank you! Regards, Domagoj ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH 1/2] Skip DNS address validation
Hi! On Thu, Feb 06, 2020 at 09:58:37AM +, Simon Rozman wrote: > Hi, > > My thoughts exactly: as Lev pointed out: > https://github.com/rozmansi/openvpn/commit/6b746cb0bf72a75e9963cc1a037c18cfb > 856702a > > Acked-by: Simon Rozman > > Domagoj, if it's not too much for you, maybe document the reason why DNS > validation is so slow in the commit message. My wording went like this: > > > DNS validation usually fails, as the pushed routes should be added first > > to make DNS servers not part of the OpenVPN subnet reachable before > > instructing Windows to use them. > > Maybe Gert can update the commit message when applying? Absolutely, Gert can add your additional description in the commit. Regards, Domagoj ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH 1/2] Skip DNS address validation
Hi, My thoughts exactly: as Lev pointed out: https://github.com/rozmansi/openvpn/commit/6b746cb0bf72a75e9963cc1a037c18cfb 856702a Acked-by: Simon Rozman Domagoj, if it's not too much for you, maybe document the reason why DNS validation is so slow in the commit message. My wording went like this: > DNS validation usually fails, as the pushed routes should be added first > to make DNS servers not part of the OpenVPN subnet reachable before > instructing Windows to use them. Maybe Gert can update the commit message when applying? One day somebody might revert that DNS validation back to default, as the long-term shot would be to upgrade the OpenVPN to setup routes first, then configure DNS servers. But then there's ValdikSS with thousands of routes in his .ovpn setup... Best regards, Simon smime.p7s Description: S/MIME cryptographic signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH 1/2] Skip DNS address validation
Hi, On Wed, Feb 5, 2020 at 10:28 AM Lev Stipakov wrote: > > Hi, > > Built and tested with msvc, works as expected - "validate=no" is added to > netsh command line. > > There is a similar commit in Simon's repo (not yet sent to ml) : > https://github.com/rozmansi/openvpn/commit/6b746cb0bf72a75e9963cc1a037c18cfb856702a > > I haven't noticed any slowness on my machine, but since fix has been > implemented separately > by two persons and there is similar code for ipv6, I am ok with that. > > Acked-by: Lev Stipakov We explicitly added validate=no for IPv6 in commit 786e06ade9f5dfad8ac360499187fa8e536d15cb for the same reason as in this patch. The ipv4 DNS code belongs to an era when this option was not available. ACK from me too. Selva > > Acked-by: Lev Stipakov > ___ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH 1/2] Skip DNS address validation
Hi, Built and tested with msvc, works as expected - "validate=no" is added to netsh command line. There is a similar commit in Simon's repo (not yet sent to ml) : https://github.com/rozmansi/openvpn/commit/6b746cb0bf72a75e9963cc1a037c18cfb856702a I haven't noticed any slowness on my machine, but since fix has been implemented separately by two persons and there is similar code for ipv6, I am ok with that. Acked-by: Lev Stipakov ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH 1/2] Skip DNS address validation
When adding IPv4 DNS servers without interactive service use "validate=no", on Windows 7 and higher, to skip time consuming automatic address validation, that is on by default. Fix uses adapted code from commit 786e06a Signed-off-by: Domagoj Pensa --- src/openvpn/tun.c | 9 + 1 file changed, 9 insertions(+) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index af09e676..9f369f74 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -5216,6 +5216,7 @@ netsh_ifconfig_options(const char *type, struct gc_arena gc = gc_new(); struct argv argv = argv_new(); bool delete_first = false; +bool is_dns = !strcmp(type, "dns"); /* first check if we should delete existing DNS/WINS settings from TAP interface */ if (test_first) @@ -5259,6 +5260,14 @@ netsh_ifconfig_options(const char *type, type, flex_name, print_in_addr_t(addr_list[i], 0, )); + +/* disable slow address validation on Windows 7 and higher */ +/* only for DNS */ +if (is_dns && win32_version_info() >= WIN_7) +{ +argv_printf_cat(, "%s", "validate=no"); +} + netsh_command(, 2, M_FATAL); ++count; -- 2.25.0 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel