OpenVPN 2.4.0
My client config:
client
client
dev tun
proto udp
remote 1.2.3.4 80
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3
explicit-exit-notify 5
ca "ca.crt"
cert "user.crt"
key "user.key"
tls-auth "ta.key" 1
redirect-gateway ipv6 def1 bypass-dhcp
dhcp-option DNS6 2001:4860:4860::8888
dev tun
proto udp
remote 1.2.3.4 80
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3
explicit-exit-notify 5
ca "ca.crt"
cert "user.crt"
key "user.key"
tls-auth "ta.key" 1
redirect-gateway ipv6 def1 bypass-dhcp
dhcp-option DNS6 2001:4860:4860::8888
Log:
Code: Select all
Mon Mar 20 16:56:56 2017 NETSH: C:\WINDOWS\system32\netsh.exe interface ipv6 set dns MyTap static 2001:4860:4860::8888 validate=no
Mon Mar 20 16:56:58 2017 ERROR: netsh command failed: returned error code 1
Mon Mar 20 16:57:02 2017 NETSH: command failed
Mon Mar 20 16:57:04 2017 Exiting due to fatal error
The directive dhcp-option DNS6 2001:4860:4860::8888 try to launch netsh interface ipv6 set dns
set dns is the issue.
Not listed in MS docs:
https://msdn.microsoft.com/en-us/librar ... s.85).aspx
Throw error if launched directly:
Code: Select all
C:\netsh interface ipv6 set dns MyTap 2001:4860:4860::8888 static validate=no
Element not found.
Code: Select all
C:\netsh interface ipv6 set dnsservers "MyTap" static 2001:4860:4860::8888 primary
The openvpn source-code related to the issue is \openvpn-2.4.0\src\openvpn\tun.c , line 5130
Code: Select all
static void
netsh_set_dns6_servers(const struct in6_addr *addr_list,
const int addr_len,
const char *flex_name)
{
struct gc_arena gc = gc_new();
struct argv argv = argv_new();
for (int i = 0; i < addr_len; ++i)
{
const char *fmt = (i == 0) ?
"%s%sc interface ipv6 set dns %s static %s"
: "%s%sc interface ipv6 add dns %s %s";
argv_printf(&argv, fmt, get_win_sys_path(),
NETSH_PATH_SUFFIX, flex_name,
print_in6_addr(addr_list[i], 0, &gc));
Code: Select all
C:\>netsh interface ipv6 /?
The following commands are available:
Commands in this context:
6to4 - Changes to the `netsh interface ipv6 6to4' context.
? - Displays a list of commands.
add - Adds a configuration entry to a table.
delete - Deletes a configuration entry from a table.
dump - Displays a configuration script.
help - Displays a list of commands.
isatap - Changes to the `netsh interface ipv6 isatap' context.
reset - Reset the IP configurations.
set - Sets configuration information.
show - Displays information.
The following sub-contexts are available:
6to4 isatap
To view help for a command, type the command, followed by a space, and then
type ?.
Code: Select all
C:\>netsh interface ipv6 set /?
The following commands are available:
Commands in this context:
set address - Sets the IP address or default gateway to an interface.
set compartment - Modifies compartment configuration parameters.
set dnsservers - Sets DNS server mode and addresses.
set dynamicportrange - Modifies the range of ports used for dynamic port assignment.
set global - Modifies global configuration general parameters.
set interface - Modifies interface configuration parameters for IP.
set locality - Shows locality info.
set neighbors - Sets a neighbor address.
set prefixpolicy - Modifies prefix policy information.
set privacy - Modifies privacy configuration parameters.
set route - Modifies route parameters.
set subinterface - Modifies subinterface configuration parameters.
set teredo - Sets Teredo state.
Code: Select all
C:\>netsh interface ipv6 set dnsservers /?
Usage: set dnsservers [name=]<string> [source=]dhcp|static
[[address=]<IP address>|none]
[[register=]none|primary|both]
[[validate=]yes|no]
Parameters:
Tag Value
name - The name or index of the interface.
source - One of the following values:
dhcp: Sets DHCP as the source for configuring DNS
servers for the specific interface.
static: Sets the source for configuring DNS servers
to local static configuration.
address - One of the following values:
<IP address>: An IP address for a DNS server.
none: Clears the list of DNS servers.
register - One of the following values:
none: Disables Dynamic DNS registration.
primary: Register under the primary DNS suffix only.
both: Register under both the primary DNS suffix, as
well as under the connection-specific suffix.
validate - Specifies whether validation of the DNS server setting
will be performed. The value is yes by default.
Remarks: Sets DNS server configuration to either DHCP or static mode. Only
when source is 'static', is the 'addr' option also available for
configuring a static list of DNS server IP addresses for the
specified interface. If Validate switch is yes, then
the newly set DNS server is validated.
Examples:
set dnsservers name="Wired Ethernet Connection" source=dhcp
set dnsservers "Wired Ethernet Connection" static fec0:0:0:ffff::1 primary
Thanks for any feedback.