DNS Suffix on Wintun

Weekly dev snapshots are available for testing.
We talk about them here. Testing features in the dev snapshot helps the features make it to stable.
Forum rules
Please report your experience with testing branch. Include what you were using and how
If there is a problem, the more info the better!
Post Reply
rimbalza
OpenVpn Newbie
Posts: 4
Joined: Thu Apr 09, 2020 12:17 pm

DNS Suffix on Wintun

Post by rimbalza » Mon Sep 21, 2020 5:15 pm

Using OpenVPN 2.5_beta4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 11 2020 on Win10 2004

Using the Wintun driver for the same config file I have a faster connection and reduced latency, but the DNS suffix is *not* applied to the connection. Old Tun driver (and same 2.5 beta4) works flawless as it have been since ages.
I tired to force dhcp-option DOMAIN but did not find the magic syntax/command combo to do it...
BTW I think it should apply the received suffix as the tun driver does.
My 2c

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7936
Joined: Fri Jun 03, 2016 1:17 pm

Re: DNS Suffix on Wintun

Post by TinCanTech » Mon Sep 21, 2020 6:06 pm

Could you provide a client log file at verb 4 ?

rimbalza
OpenVpn Newbie
Posts: 4
Joined: Thu Apr 09, 2020 12:17 pm

Re: DNS Suffix on Wintun

Post by rimbalza » Tue Sep 22, 2020 5:34 am

Sure, here it is (I changed personal info with XXX):

Code: Select all

 Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_pin_cache_period = -1
Tue Sep 22 07:24:34 2020   pkcs11_id = '[UNDEF]'
Tue Sep 22 07:24:34 2020   pkcs11_id_management = DISABLED
Tue Sep 22 07:24:34 2020   server_network = 0.0.0.0
Tue Sep 22 07:24:34 2020   server_netmask = 0.0.0.0
Tue Sep 22 07:24:34 2020   server_network_ipv6 = ::
Tue Sep 22 07:24:34 2020   server_netbits_ipv6 = 0
Tue Sep 22 07:24:34 2020   server_bridge_ip = 0.0.0.0
Tue Sep 22 07:24:34 2020   server_bridge_netmask = 0.0.0.0
Tue Sep 22 07:24:34 2020   server_bridge_pool_start = 0.0.0.0
Tue Sep 22 07:24:34 2020   server_bridge_pool_end = 0.0.0.0
Tue Sep 22 07:24:34 2020   ifconfig_pool_defined = DISABLED
Tue Sep 22 07:24:34 2020   ifconfig_pool_start = 0.0.0.0
Tue Sep 22 07:24:34 2020   ifconfig_pool_end = 0.0.0.0
Tue Sep 22 07:24:34 2020   ifconfig_pool_netmask = 0.0.0.0
Tue Sep 22 07:24:34 2020   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Sep 22 07:24:34 2020   ifconfig_pool_persist_refresh_freq = 600
Tue Sep 22 07:24:34 2020   ifconfig_ipv6_pool_defined = DISABLED
Tue Sep 22 07:24:34 2020   ifconfig_ipv6_pool_base = ::
Tue Sep 22 07:24:34 2020   ifconfig_ipv6_pool_netbits = 0
Tue Sep 22 07:24:34 2020   n_bcast_buf = 256
Tue Sep 22 07:24:34 2020   tcp_queue_limit = 64
Tue Sep 22 07:24:34 2020   real_hash_size = 256
Tue Sep 22 07:24:34 2020   virtual_hash_size = 256
Tue Sep 22 07:24:34 2020   client_connect_script = '[UNDEF]'
Tue Sep 22 07:24:34 2020   learn_address_script = '[UNDEF]'
Tue Sep 22 07:24:34 2020   client_disconnect_script = '[UNDEF]'
Tue Sep 22 07:24:34 2020   client_config_dir = '[UNDEF]'
Tue Sep 22 07:24:34 2020   ccd_exclusive = DISABLED
Tue Sep 22 07:24:34 2020   tmp_dir = 'C:\Users\USERXXX\AppData\Local\Temp\'
Tue Sep 22 07:24:34 2020   push_ifconfig_defined = DISABLED
Tue Sep 22 07:24:34 2020   push_ifconfig_local = 0.0.0.0
Tue Sep 22 07:24:34 2020   push_ifconfig_remote_netmask = 0.0.0.0
Tue Sep 22 07:24:34 2020   push_ifconfig_ipv6_defined = DISABLED
Tue Sep 22 07:24:34 2020   push_ifconfig_ipv6_local = ::/0
Tue Sep 22 07:24:34 2020   push_ifconfig_ipv6_remote = ::
Tue Sep 22 07:24:34 2020   enable_c2c = DISABLED
Tue Sep 22 07:24:34 2020   duplicate_cn = DISABLED
Tue Sep 22 07:24:34 2020   cf_max = 0
Tue Sep 22 07:24:34 2020   cf_per = 0
Tue Sep 22 07:24:34 2020   max_clients = 1024
Tue Sep 22 07:24:34 2020   max_routes_per_client = 256
Tue Sep 22 07:24:34 2020   auth_user_pass_verify_script = '[UNDEF]'
Tue Sep 22 07:24:34 2020   auth_user_pass_verify_script_via_file = DISABLED
Tue Sep 22 07:24:34 2020   auth_token_generate = DISABLED
Tue Sep 22 07:24:34 2020   auth_token_lifetime = 0
Tue Sep 22 07:24:34 2020   auth_token_secret_file = '[UNDEF]'
Tue Sep 22 07:24:34 2020   vlan_tagging = DISABLED
Tue Sep 22 07:24:34 2020   vlan_accept = all
Tue Sep 22 07:24:34 2020   vlan_pvid = 1
Tue Sep 22 07:24:34 2020   client = ENABLED
Tue Sep 22 07:24:34 2020   pull = ENABLED
Tue Sep 22 07:24:34 2020   auth_user_pass_file = '[UNDEF]'
Tue Sep 22 07:24:34 2020   show_net_up = DISABLED
Tue Sep 22 07:24:34 2020   route_method = 3
Tue Sep 22 07:24:34 2020   block_outside_dns = DISABLED
Tue Sep 22 07:24:34 2020   ip_win32_defined = DISABLED
Tue Sep 22 07:24:34 2020   ip_win32_type = 1
Tue Sep 22 07:24:34 2020   dhcp_masq_offset = 0
Tue Sep 22 07:24:34 2020   dhcp_lease_time = 31536000
Tue Sep 22 07:24:34 2020   tap_sleep = 0
Tue Sep 22 07:24:34 2020   dhcp_options = DISABLED
Tue Sep 22 07:24:34 2020   dhcp_renew = DISABLED
Tue Sep 22 07:24:34 2020   dhcp_pre_release = DISABLED
Tue Sep 22 07:24:34 2020   domain = '[UNDEF]'
Tue Sep 22 07:24:34 2020   netbios_scope = '[UNDEF]'
Tue Sep 22 07:24:34 2020   netbios_node_type = 0
Tue Sep 22 07:24:34 2020   disable_nbt = DISABLED
Tue Sep 22 07:24:34 2020 OpenVPN 2.5_beta4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 11 2020
Tue Sep 22 07:24:34 2020 Windows version 10.0 (Windows 10 or greater) 64bit
Tue Sep 22 07:24:34 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Tue Sep 22 07:24:34 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25356
Tue Sep 22 07:24:34 2020 Need hold release from management interface, waiting...
Tue Sep 22 07:24:35 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25356
Tue Sep 22 07:24:35 2020 MANAGEMENT: CMD 'state on'
Tue Sep 22 07:24:35 2020 MANAGEMENT: CMD 'log all on'
Tue Sep 22 07:24:35 2020 MANAGEMENT: CMD 'echo all on'
Tue Sep 22 07:24:35 2020 MANAGEMENT: CMD 'bytecount 5'
Tue Sep 22 07:24:35 2020 MANAGEMENT: CMD 'hold off'
Tue Sep 22 07:24:35 2020 MANAGEMENT: CMD 'hold release'
Tue Sep 22 07:24:35 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 22 07:24:35 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 22 07:24:35 2020 LZO compression initializing
Tue Sep 22 07:24:35 2020 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Tue Sep 22 07:24:35 2020 MANAGEMENT: >STATE:1600752275,RESOLVE,,,,,,
Tue Sep 22 07:24:35 2020 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Tue Sep 22 07:24:35 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue Sep 22 07:24:35 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue Sep 22 07:24:35 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]REMOTEIP_xx.xx.xx.xx:2000
Tue Sep 22 07:24:35 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Sep 22 07:24:35 2020 Attempting to establish TCP connection with [AF_INET]REMOTEIP_xx.xx.xx.xx:2000 [nonblock]
Tue Sep 22 07:24:35 2020 MANAGEMENT: >STATE:1600752275,TCP_CONNECT,,,,,,
Tue Sep 22 07:24:36 2020 TCP connection established with [AF_INET]REMOTEIP_xx.xx.xx.xx:2000
Tue Sep 22 07:24:36 2020 TCP_CLIENT link local: (not bound)
Tue Sep 22 07:24:36 2020 TCP_CLIENT link remote: [AF_INET]REMOTEIP_xx.xx.xx.xx:2000
Tue Sep 22 07:24:36 2020 MANAGEMENT: >STATE:1600752276,WAIT,,,,,,
Tue Sep 22 07:24:36 2020 MANAGEMENT: >STATE:1600752276,AUTH,,,,,,
Tue Sep 22 07:24:36 2020 TLS: Initial packet from [AF_INET]REMOTEIP_xx.xx.xx.xx:2000, sid=84888651 ab074692
Tue Sep 22 07:24:36 2020 VERIFY OK: depth=1, C=IT, ST=STXXXXX, L=LXXXXX, O=COMPANYXXX, emailAddress=ict@XXXX.com, CN=Mgroup2027
Tue Sep 22 07:24:36 2020 VERIFY KU OK
Tue Sep 22 07:24:36 2020 Validating certificate extended key usage
Tue Sep 22 07:24:36 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Sep 22 07:24:36 2020 VERIFY EKU OK
Tue Sep 22 07:24:36 2020 VERIFY X509NAME OK: C=IT, ST=STXXXXX, L=LXXXXX, O=COMPANYXXX, emailAddress=ict@XXXX.com, CN=vpn.XXXX.com
Tue Sep 22 07:24:36 2020 VERIFY OK: depth=0, C=IT, ST=STXXXXX, L=LXXXXX, O=COMPANYXXX, emailAddress=ict@XXXX.com, CN=vpn.XXXX.com
Tue Sep 22 07:24:36 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Sep 22 07:24:36 2020 [vpn.XXXX.com] Peer Connection Initiated with [AF_INET]REMOTEIP_xx.xx.xx.xx:2000
Tue Sep 22 07:24:37 2020 MANAGEMENT: >STATE:1600752277,GET_CONFIG,,,,,,
Tue Sep 22 07:24:37 2020 SENT CONTROL [vpn.XXXX.com]: 'PUSH_REQUEST' (status=1)
Tue Sep 22 07:24:37 2020 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 192.168.80.0 255.255.255.0,route 192.168.40.0 255.255.255.0,dhcp-option DOMAIN XXX.local,dhcp-option DNS 192.168.1.1,dhcp-option DNS 192.168.1.39,dhcp-option DNS 8.8.8.8,route 192.168.59.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 192.168.59.6 192.168.59.5,peer-id 0,cipher AES-128-GCM'
Tue Sep 22 07:24:37 2020 OPTIONS IMPORT: timers and/or timeouts modified
Tue Sep 22 07:24:37 2020 OPTIONS IMPORT: --ifconfig/up options modified
Tue Sep 22 07:24:37 2020 OPTIONS IMPORT: route options modified
Tue Sep 22 07:24:37 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Sep 22 07:24:37 2020 OPTIONS IMPORT: peer-id set
Tue Sep 22 07:24:37 2020 OPTIONS IMPORT: adjusting link_mtu to 1627
Tue Sep 22 07:24:37 2020 OPTIONS IMPORT: data channel crypto options modified
Tue Sep 22 07:24:37 2020 Data Channel: using negotiated cipher 'AES-128-GCM'
Tue Sep 22 07:24:37 2020 Data Channel MTU parms [ L:1555 D:1450 EF:55 EB:406 ET:0 EL:3 ]
Tue Sep 22 07:24:37 2020 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Tue Sep 22 07:24:37 2020 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Tue Sep 22 07:24:37 2020 interactive service msg_channel=944
Tue Sep 22 07:24:37 2020 ROUTE_GATEWAY 192.168.8.253/255.255.255.0 I=15 HWADDR=00:50:b6:be:5a:de
Tue Sep 22 07:24:37 2020 open_tun
Tue Sep 22 07:24:37 2020 Ring buffers registered via service
Tue Sep 22 07:24:37 2020 wintun device [OpenVPN Wintun] opened
Tue Sep 22 07:24:37 2020 do_ifconfig, ipv4=1, ipv6=0
Tue Sep 22 07:24:37 2020 MANAGEMENT: >STATE:1600752277,ASSIGN_IP,,192.168.59.6,,,,
Tue Sep 22 07:24:37 2020 Setting IPv4 dns servers on 'OpenVPN Wintun' (if_index = 19) using service
Tue Sep 22 07:24:38 2020 IPv4 dns servers set using service
Tue Sep 22 07:24:38 2020 IPv4 MTU set to 1500 on interface 19 using service
Tue Sep 22 07:24:38 2020 MANAGEMENT: >STATE:1600752278,ADD_ROUTES,,,,,,
Tue Sep 22 07:24:38 2020 C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 192.168.59.5
Tue Sep 22 07:24:38 2020 Route addition via service succeeded
Tue Sep 22 07:24:38 2020 C:\Windows\system32\route.exe ADD 192.168.80.0 MASK 255.255.255.0 192.168.59.5
Tue Sep 22 07:24:38 2020 Route addition via service succeeded
Tue Sep 22 07:24:38 2020 C:\Windows\system32\route.exe ADD 192.168.40.0 MASK 255.255.255.0 192.168.59.5
Tue Sep 22 07:24:38 2020 Route addition via service succeeded
Tue Sep 22 07:24:38 2020 C:\Windows\system32\route.exe ADD 192.168.59.0 MASK 255.255.255.0 192.168.59.5
Tue Sep 22 07:24:38 2020 Route addition via service succeeded
Tue Sep 22 07:24:38 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Sep 22 07:24:38 2020 Initialization Sequence Completed
Tue Sep 22 07:24:38 2020 MANAGEMENT: >STATE:1600752278,CONNECTED,SUCCESS,192.168.59.6,REMOTEIP_xx.xx.xx.xx,2000,192.168.8.225,61768

Domain is pushed but not configured, routes are ok.
Also DNS servers are set correctly, if I run nslookup (I have metric 10 for this interface) I end up to the correct VPN configured DNS server.
The ipconfig shows:

Code: Select all

Unknown adapter OpenVPN Wintun:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Wintun Userspace Tunnel
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.59.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.1.1
                                       192.168.1.39
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled
The exact same config without windows-driver wintun gets the connection suffix just fine.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7936
Joined: Fri Jun 03, 2016 1:17 pm

Re: DNS Suffix on Wintun

Post by TinCanTech » Tue Sep 22, 2020 11:11 am

I guess wintun does not support Domain at this time.

https://community.openvpn.net/openvpn/t ... 331#ticket

rimbalza
OpenVpn Newbie
Posts: 4
Joined: Thu Apr 09, 2020 12:17 pm

Re: DNS Suffix on Wintun

Post by rimbalza » Tue Sep 22, 2020 11:26 am

Ok, will wait until that is supported for further tests. This is a crucial functionality to be able to use short names that are really common in the intranets, no one wants to type a 64 char hostname just for a ping!
Will follow on next betas. Thanks.

Post Reply