Bug: Windows client openvpn-2.4.0-I601 after reconnection no VPN traffic

Weekly dev snapshots are available for testing.
We talk about them here. Testing features in the dev snapshot helps the features make it to stable.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please report your experience with testing branch. Include what you were using and how
If there is a problem, the more info the better!
Post Reply
IPTRACE
OpenVpn Newbie
Posts: 12
Joined: Sat Dec 31, 2016 12:40 pm

Bug: Windows client openvpn-2.4.0-I601 after reconnection no VPN traffic

Post by IPTRACE » Mon Jan 02, 2017 7:38 pm

After lost Internet connection, OpenVPN client reconnects without some parameters, especially without route DELETE and then route ADD.
Due to this fact, client has no VPN traffic. More information on the log below.
I suppose the problem is when the client tries to connect and keeps old local IP but gets other push data from another server.

Server OS: FreeBSD-11.0p3 x64
Server VPN: openvpn-2.3.12_1
Client OS: Windows10 x64
Client VPN: openvpn-2.4.0-I601

Server config:

Code: Select all

local 10.0.0.10
port 1194
proto tcp
sndbuf 0
rcvbuf 0
push "sndbuf 393216"
push "rcvbuf 393216"
dev tun
topology subnet
server 10.10.10.0 255.255.255.128
ifconfig-pool-persist ipp.txt
push "route 10.10.10.0 255.255.254.0"
push "route 10.0.0.0 255.255.254.0"
push "route-metric 1"
push "register-dns";
push "dhcp-option DOMAIN domain.local"
push "dhcp-option DNS 10.0.0.16"
push "dhcp-option DNS 10.0.1.16"
push "dhcp-option DNS 10.0.0.17"
client-to-client
duplicate-cn
keepalive 10 30
cipher AES-256-CBC
auth SHA512
comp-lzo
max-clients 10
user nobody
group nobody
persist-key
persist-tun
status openvpn1-status.log
verb 3
Client config:

Code: Select all

client
dev tun
proto tcp
remote IP1 1194
remote IP2 1194
remote IP1 1195
remote IP2 1195
remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-256-CBC
auth SHA512
comp-lzo
verb 3
block-outside-dns
Client log after lost connection (autoreconnect):

Code: Select all

Attempting to establish TCP connection with [AF_INET]IP1:1194 [nonblock]
MANAGEMENT: >STATE:1483383753,TCP_CONNECT,,,,,,
TCP connection established with [AF_INET]IP1:1194
TCP_CLIENT link local: (not bound)
TCP_CLIENT link remote: [AF_INET]IP1:1194
MANAGEMENT: >STATE:1483383754,WAIT,,,,,,
MANAGEMENT: >STATE:1483383754,AUTH,,,,,,
TLS: Initial packet from [AF_INET]IP1:1194, sid=70cada80 ade327ae
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
[Server] Peer Connection Initiated with [AF_INET]IP1:1194
MANAGEMENT: >STATE:1483383756,GET_CONFIG,,,,,,
SENT CONTROL [Server]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,sndbuf 393216,rcvbuf 393216,route 10.10.10.0 255.255.254.0,route 10.0.0.0 255.255.254.0,route-metric 5,register-dns,dhcp-option DOMAIN domain.local,dhcp-option DNS 10.0.0.16,dhcp-option DNS 10.0.1.16,dhcp-option DNS 10.0.0.17,route-gateway 10.10.11.1,topology subnet,ping 10,ping-restart 30,ifconfig 10.10.11.2 255.255.255.128'
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Socket Buffers: R=[393216->393216] S=[393216->393216]
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Preserving previous TUN/TAP instance: OpenVPN
Block_DNS: WFP engine opened
Block_DNS: Using existing sublayer
Block_DNS: Added permit filters for exe_path
Block_DNS: Added block filters for all interfaces
Block_DNS: Added permit filters for TAP interface
Initialization Sequence Completed
MANAGEMENT: >STATE:1483383756,CONNECTED,SUCCESS,10.10.11.130,IP1,1194,192.168.8.100,60134
Start ipconfig commands for register-dns...
C:\WINDOWS\system32\ipconfig.exe /flushdns
C:\WINDOWS\system32\ipconfig.exe /registerdns
End ipconfig commands for register-dns...
Client log after manual reconnecttion:

Code: Select all

MANAGEMENT: CMD 'signal SIGHUP'
C:\WINDOWS\system32\route.exe DELETE 10.10.10.0 MASK 255.255.254.0 10.10.11.129
Route deletion via IPAPI succeeded [adaptive]
C:\WINDOWS\system32\route.exe DELETE 10.0.0.0 MASK 255.255.254.0 10.10.11.129
Route deletion via IPAPI succeeded [adaptive]
Closing TUN/TAP interface
SIGHUP[hard,] received, process restarting
MANAGEMENT: >STATE:1483383998,RECONNECTING,SIGHUP,,,,,
OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 27 2016
Windows version 6.2 (Windows 8 or greater) 64bit
library versions: OpenSSL 1.0.2i  22 Sep 2016, LZO 2.09
Restart pause, 2 second(s)
WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
TCP/UDP: Preserving recently used remote address: [AF_INET]IP3:1195
Socket Buffers: R=[65536->65536] S=[65536->65536]
Attempting to establish TCP connection with [AF_INET]IP3:1195 [nonblock]
MANAGEMENT: >STATE:1483384000,TCP_CONNECT,,,,,,
TCP connection established with [AF_INET]IP3:1195
TCP_CLIENT link local: (not bound)
TCP_CLIENT link remote: [AF_INET]IP3:1195
MANAGEMENT: >STATE:1483384001,WAIT,,,,,,
MANAGEMENT: >STATE:1483384001,AUTH,,,,,,
TLS: Initial packet from [AF_INET]IP3:1195, sid=2952b2b8 47b91772
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
[Server] Peer Connection Initiated with [AF_INET]IP3:1195
MANAGEMENT: >STATE:1483384003,GET_CONFIG,,,,,,
SENT CONTROL [Server]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,sndbuf 393216,rcvbuf 393216,route 10.10.10.0 255.255.254.0,route 10.0.0.0 255.255.254.0,route-metric 5,register-dns,dhcp-option DOMAIN iptrace.pl,dhcp-option DNS 10.0.0.16,dhcp-option DNS 10.0.1.16,dhcp-option DNS 10.0.0.17,route-gateway 10.10.11.129,topology subnet,ping 10,ping-restart 30,ifconfig 10.10.11.130 255.255.255.128'
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Socket Buffers: R=[65536->393216] S=[65536->393216]
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
interactive service msg_channel=0
ROUTE_GATEWAY 192.168.8.1/255.255.255.0 I=22 HWADDR=ab:cd:ef:09:87:65
open_tun
TAP-WIN32 device [OpenVPN] opened: \\.\Global\{155F822B-3722-4398-8375-DDF340C07E2A}.tap
TAP-Windows Driver Version 9.21 
Set TAP-Windows TUN subnet mode network/local/netmask = 10.10.11.128/10.10.11.130/255.255.255.128 [SUCCEEDED]
Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.11.130/255.255.255.128 on interface {155F822B-3722-4398-8375-DDF340C07E2A} [DHCP-serv: 10.10.11.254, lease-time: 31536000]
Successful ARP Flush on interface [2] {155F822B-3722-4398-8375-DDF340C07E2A}
do_ifconfig, tt->did_ifconfig_ipv6_setup=0
MANAGEMENT: >STATE:1483384003,ASSIGN_IP,,10.10.11.130,,,,
Block_DNS: WFP engine opened
Block_DNS: Using existing sublayer
Block_DNS: Added permit filters for exe_path
Block_DNS: Added block filters for all interfaces
Block_DNS: Added permit filters for TAP interface
TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
MANAGEMENT: >STATE:1483384008,ADD_ROUTES,,,,,,
C:\WINDOWS\system32\route.exe ADD 10.10.10.0 MASK 255.255.254.0 10.10.11.129 METRIC 5
Route addition via IPAPI succeeded [adaptive]
C:\WINDOWS\system32\route.exe ADD 10.0.0.0 MASK 255.255.254.0 10.10.11.129 METRIC 5
Route addition via IPAPI succeeded [adaptive]
Initialization Sequence Completed
MANAGEMENT: >STATE:1483384008,CONNECTED,SUCCESS,10.10.11.130,IP3,1195,192.168.8.100,60177
Start ipconfig commands for register-dns...
C:\WINDOWS\system32\ipconfig.exe /flushdns
C:\WINDOWS\system32\ipconfig.exe /registerdns
End ipconfig commands for register-dns...

IPTRACE
OpenVpn Newbie
Posts: 12
Joined: Sat Dec 31, 2016 12:40 pm

Re: Bug: Windows client openvpn-2.4.0-I601 after reconnection no VPN traffic

Post by IPTRACE » Mon Jan 02, 2017 8:50 pm

There is no problem on openvpn--2.3.14-I601-x86_64.

IPTRACE
OpenVpn Newbie
Posts: 12
Joined: Sat Dec 31, 2016 12:40 pm

Re: Bug: Windows client openvpn-2.4.0-I601 after reconnection no VPN traffic

Post by IPTRACE » Mon Jan 02, 2017 9:29 pm

I've found the workaround. It's needed to comment the following line in the client config.

Code: Select all

persist-tun
Then Windows OpenVPN 2.4.0 behaves like previous stable 2.3.14.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Bug: Windows client openvpn-2.4.0-I601 after reconnection no VPN traffic

Post by TinCanTech » Mon Jan 02, 2017 9:49 pm

Hi, thanks for letting us know you found a fix for your problem.

There is a bug which the dev team are working on which could also effect you.

Post Reply