DNS Suffix on Wintun

Weekly dev snapshots are available for testing.
We talk about them here. Testing features in the dev snapshot helps the features make it to stable.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please report your experience with testing branch. Include what you were using and how
If there is a problem, the more info the better!
Post Reply
rimbalza
OpenVpn Newbie
Posts: 5
Joined: Thu Apr 09, 2020 12:17 pm

DNS Suffix on Wintun

Post by rimbalza » Mon Sep 21, 2020 5:15 pm

Using OpenVPN 2.5_beta4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 11 2020 on Win10 2004

Using the Wintun driver for the same config file I have a faster connection and reduced latency, but the DNS suffix is *not* applied to the connection. Old Tun driver (and same 2.5 beta4) works flawless as it have been since ages.
I tired to force dhcp-option DOMAIN but did not find the magic syntax/command combo to do it...
BTW I think it should apply the received suffix as the tun driver does.
My 2c

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: DNS Suffix on Wintun

Post by TinCanTech » Mon Sep 21, 2020 6:06 pm

Could you provide a client log file at verb 4 ?

rimbalza
OpenVpn Newbie
Posts: 5
Joined: Thu Apr 09, 2020 12:17 pm

Re: DNS Suffix on Wintun

Post by rimbalza » Tue Sep 22, 2020 5:34 am

Sure, here it is (I changed personal info with XXX):

Code: Select all

 Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_private_mode = 00000000
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_cert_private = DISABLED
Tue Sep 22 07:24:34 2020   pkcs11_pin_cache_period = -1
Tue Sep 22 07:24:34 2020   pkcs11_id = '[UNDEF]'
Tue Sep 22 07:24:34 2020   pkcs11_id_management = DISABLED
Tue Sep 22 07:24:34 2020   server_network = 0.0.0.0
Tue Sep 22 07:24:34 2020   server_netmask = 0.0.0.0
Tue Sep 22 07:24:34 2020   server_network_ipv6 = ::
Tue Sep 22 07:24:34 2020   server_netbits_ipv6 = 0
Tue Sep 22 07:24:34 2020   server_bridge_ip = 0.0.0.0
Tue Sep 22 07:24:34 2020   server_bridge_netmask = 0.0.0.0
Tue Sep 22 07:24:34 2020   server_bridge_pool_start = 0.0.0.0
Tue Sep 22 07:24:34 2020   server_bridge_pool_end = 0.0.0.0
Tue Sep 22 07:24:34 2020   ifconfig_pool_defined = DISABLED
Tue Sep 22 07:24:34 2020   ifconfig_pool_start = 0.0.0.0
Tue Sep 22 07:24:34 2020   ifconfig_pool_end = 0.0.0.0
Tue Sep 22 07:24:34 2020   ifconfig_pool_netmask = 0.0.0.0
Tue Sep 22 07:24:34 2020   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Sep 22 07:24:34 2020   ifconfig_pool_persist_refresh_freq = 600
Tue Sep 22 07:24:34 2020   ifconfig_ipv6_pool_defined = DISABLED
Tue Sep 22 07:24:34 2020   ifconfig_ipv6_pool_base = ::
Tue Sep 22 07:24:34 2020   ifconfig_ipv6_pool_netbits = 0
Tue Sep 22 07:24:34 2020   n_bcast_buf = 256
Tue Sep 22 07:24:34 2020   tcp_queue_limit = 64
Tue Sep 22 07:24:34 2020   real_hash_size = 256
Tue Sep 22 07:24:34 2020   virtual_hash_size = 256
Tue Sep 22 07:24:34 2020   client_connect_script = '[UNDEF]'
Tue Sep 22 07:24:34 2020   learn_address_script = '[UNDEF]'
Tue Sep 22 07:24:34 2020   client_disconnect_script = '[UNDEF]'
Tue Sep 22 07:24:34 2020   client_config_dir = '[UNDEF]'
Tue Sep 22 07:24:34 2020   ccd_exclusive = DISABLED
Tue Sep 22 07:24:34 2020   tmp_dir = 'C:\Users\USERXXX\AppData\Local\Temp\'
Tue Sep 22 07:24:34 2020   push_ifconfig_defined = DISABLED
Tue Sep 22 07:24:34 2020   push_ifconfig_local = 0.0.0.0
Tue Sep 22 07:24:34 2020   push_ifconfig_remote_netmask = 0.0.0.0
Tue Sep 22 07:24:34 2020   push_ifconfig_ipv6_defined = DISABLED
Tue Sep 22 07:24:34 2020   push_ifconfig_ipv6_local = ::/0
Tue Sep 22 07:24:34 2020   push_ifconfig_ipv6_remote = ::
Tue Sep 22 07:24:34 2020   enable_c2c = DISABLED
Tue Sep 22 07:24:34 2020   duplicate_cn = DISABLED
Tue Sep 22 07:24:34 2020   cf_max = 0
Tue Sep 22 07:24:34 2020   cf_per = 0
Tue Sep 22 07:24:34 2020   max_clients = 1024
Tue Sep 22 07:24:34 2020   max_routes_per_client = 256
Tue Sep 22 07:24:34 2020   auth_user_pass_verify_script = '[UNDEF]'
Tue Sep 22 07:24:34 2020   auth_user_pass_verify_script_via_file = DISABLED
Tue Sep 22 07:24:34 2020   auth_token_generate = DISABLED
Tue Sep 22 07:24:34 2020   auth_token_lifetime = 0
Tue Sep 22 07:24:34 2020   auth_token_secret_file = '[UNDEF]'
Tue Sep 22 07:24:34 2020   vlan_tagging = DISABLED
Tue Sep 22 07:24:34 2020   vlan_accept = all
Tue Sep 22 07:24:34 2020   vlan_pvid = 1
Tue Sep 22 07:24:34 2020   client = ENABLED
Tue Sep 22 07:24:34 2020   pull = ENABLED
Tue Sep 22 07:24:34 2020   auth_user_pass_file = '[UNDEF]'
Tue Sep 22 07:24:34 2020   show_net_up = DISABLED
Tue Sep 22 07:24:34 2020   route_method = 3
Tue Sep 22 07:24:34 2020   block_outside_dns = DISABLED
Tue Sep 22 07:24:34 2020   ip_win32_defined = DISABLED
Tue Sep 22 07:24:34 2020   ip_win32_type = 1
Tue Sep 22 07:24:34 2020   dhcp_masq_offset = 0
Tue Sep 22 07:24:34 2020   dhcp_lease_time = 31536000
Tue Sep 22 07:24:34 2020   tap_sleep = 0
Tue Sep 22 07:24:34 2020   dhcp_options = DISABLED
Tue Sep 22 07:24:34 2020   dhcp_renew = DISABLED
Tue Sep 22 07:24:34 2020   dhcp_pre_release = DISABLED
Tue Sep 22 07:24:34 2020   domain = '[UNDEF]'
Tue Sep 22 07:24:34 2020   netbios_scope = '[UNDEF]'
Tue Sep 22 07:24:34 2020   netbios_node_type = 0
Tue Sep 22 07:24:34 2020   disable_nbt = DISABLED
Tue Sep 22 07:24:34 2020 OpenVPN 2.5_beta4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 11 2020
Tue Sep 22 07:24:34 2020 Windows version 10.0 (Windows 10 or greater) 64bit
Tue Sep 22 07:24:34 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Tue Sep 22 07:24:34 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25356
Tue Sep 22 07:24:34 2020 Need hold release from management interface, waiting...
Tue Sep 22 07:24:35 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25356
Tue Sep 22 07:24:35 2020 MANAGEMENT: CMD 'state on'
Tue Sep 22 07:24:35 2020 MANAGEMENT: CMD 'log all on'
Tue Sep 22 07:24:35 2020 MANAGEMENT: CMD 'echo all on'
Tue Sep 22 07:24:35 2020 MANAGEMENT: CMD 'bytecount 5'
Tue Sep 22 07:24:35 2020 MANAGEMENT: CMD 'hold off'
Tue Sep 22 07:24:35 2020 MANAGEMENT: CMD 'hold release'
Tue Sep 22 07:24:35 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 22 07:24:35 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 22 07:24:35 2020 LZO compression initializing
Tue Sep 22 07:24:35 2020 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Tue Sep 22 07:24:35 2020 MANAGEMENT: >STATE:1600752275,RESOLVE,,,,,,
Tue Sep 22 07:24:35 2020 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Tue Sep 22 07:24:35 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue Sep 22 07:24:35 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue Sep 22 07:24:35 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]REMOTEIP_xx.xx.xx.xx:2000
Tue Sep 22 07:24:35 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Sep 22 07:24:35 2020 Attempting to establish TCP connection with [AF_INET]REMOTEIP_xx.xx.xx.xx:2000 [nonblock]
Tue Sep 22 07:24:35 2020 MANAGEMENT: >STATE:1600752275,TCP_CONNECT,,,,,,
Tue Sep 22 07:24:36 2020 TCP connection established with [AF_INET]REMOTEIP_xx.xx.xx.xx:2000
Tue Sep 22 07:24:36 2020 TCP_CLIENT link local: (not bound)
Tue Sep 22 07:24:36 2020 TCP_CLIENT link remote: [AF_INET]REMOTEIP_xx.xx.xx.xx:2000
Tue Sep 22 07:24:36 2020 MANAGEMENT: >STATE:1600752276,WAIT,,,,,,
Tue Sep 22 07:24:36 2020 MANAGEMENT: >STATE:1600752276,AUTH,,,,,,
Tue Sep 22 07:24:36 2020 TLS: Initial packet from [AF_INET]REMOTEIP_xx.xx.xx.xx:2000, sid=84888651 ab074692
Tue Sep 22 07:24:36 2020 VERIFY OK: depth=1, C=IT, ST=STXXXXX, L=LXXXXX, O=COMPANYXXX, emailAddress=ict@XXXX.com, CN=Mgroup2027
Tue Sep 22 07:24:36 2020 VERIFY KU OK
Tue Sep 22 07:24:36 2020 Validating certificate extended key usage
Tue Sep 22 07:24:36 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Sep 22 07:24:36 2020 VERIFY EKU OK
Tue Sep 22 07:24:36 2020 VERIFY X509NAME OK: C=IT, ST=STXXXXX, L=LXXXXX, O=COMPANYXXX, emailAddress=ict@XXXX.com, CN=vpn.XXXX.com
Tue Sep 22 07:24:36 2020 VERIFY OK: depth=0, C=IT, ST=STXXXXX, L=LXXXXX, O=COMPANYXXX, emailAddress=ict@XXXX.com, CN=vpn.XXXX.com
Tue Sep 22 07:24:36 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Sep 22 07:24:36 2020 [vpn.XXXX.com] Peer Connection Initiated with [AF_INET]REMOTEIP_xx.xx.xx.xx:2000
Tue Sep 22 07:24:37 2020 MANAGEMENT: >STATE:1600752277,GET_CONFIG,,,,,,
Tue Sep 22 07:24:37 2020 SENT CONTROL [vpn.XXXX.com]: 'PUSH_REQUEST' (status=1)
Tue Sep 22 07:24:37 2020 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 192.168.80.0 255.255.255.0,route 192.168.40.0 255.255.255.0,dhcp-option DOMAIN XXX.local,dhcp-option DNS 192.168.1.1,dhcp-option DNS 192.168.1.39,dhcp-option DNS 8.8.8.8,route 192.168.59.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 192.168.59.6 192.168.59.5,peer-id 0,cipher AES-128-GCM'
Tue Sep 22 07:24:37 2020 OPTIONS IMPORT: timers and/or timeouts modified
Tue Sep 22 07:24:37 2020 OPTIONS IMPORT: --ifconfig/up options modified
Tue Sep 22 07:24:37 2020 OPTIONS IMPORT: route options modified
Tue Sep 22 07:24:37 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Sep 22 07:24:37 2020 OPTIONS IMPORT: peer-id set
Tue Sep 22 07:24:37 2020 OPTIONS IMPORT: adjusting link_mtu to 1627
Tue Sep 22 07:24:37 2020 OPTIONS IMPORT: data channel crypto options modified
Tue Sep 22 07:24:37 2020 Data Channel: using negotiated cipher 'AES-128-GCM'
Tue Sep 22 07:24:37 2020 Data Channel MTU parms [ L:1555 D:1450 EF:55 EB:406 ET:0 EL:3 ]
Tue Sep 22 07:24:37 2020 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Tue Sep 22 07:24:37 2020 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Tue Sep 22 07:24:37 2020 interactive service msg_channel=944
Tue Sep 22 07:24:37 2020 ROUTE_GATEWAY 192.168.8.253/255.255.255.0 I=15 HWADDR=00:50:b6:be:5a:de
Tue Sep 22 07:24:37 2020 open_tun
Tue Sep 22 07:24:37 2020 Ring buffers registered via service
Tue Sep 22 07:24:37 2020 wintun device [OpenVPN Wintun] opened
Tue Sep 22 07:24:37 2020 do_ifconfig, ipv4=1, ipv6=0
Tue Sep 22 07:24:37 2020 MANAGEMENT: >STATE:1600752277,ASSIGN_IP,,192.168.59.6,,,,
Tue Sep 22 07:24:37 2020 Setting IPv4 dns servers on 'OpenVPN Wintun' (if_index = 19) using service
Tue Sep 22 07:24:38 2020 IPv4 dns servers set using service
Tue Sep 22 07:24:38 2020 IPv4 MTU set to 1500 on interface 19 using service
Tue Sep 22 07:24:38 2020 MANAGEMENT: >STATE:1600752278,ADD_ROUTES,,,,,,
Tue Sep 22 07:24:38 2020 C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 192.168.59.5
Tue Sep 22 07:24:38 2020 Route addition via service succeeded
Tue Sep 22 07:24:38 2020 C:\Windows\system32\route.exe ADD 192.168.80.0 MASK 255.255.255.0 192.168.59.5
Tue Sep 22 07:24:38 2020 Route addition via service succeeded
Tue Sep 22 07:24:38 2020 C:\Windows\system32\route.exe ADD 192.168.40.0 MASK 255.255.255.0 192.168.59.5
Tue Sep 22 07:24:38 2020 Route addition via service succeeded
Tue Sep 22 07:24:38 2020 C:\Windows\system32\route.exe ADD 192.168.59.0 MASK 255.255.255.0 192.168.59.5
Tue Sep 22 07:24:38 2020 Route addition via service succeeded
Tue Sep 22 07:24:38 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Sep 22 07:24:38 2020 Initialization Sequence Completed
Tue Sep 22 07:24:38 2020 MANAGEMENT: >STATE:1600752278,CONNECTED,SUCCESS,192.168.59.6,REMOTEIP_xx.xx.xx.xx,2000,192.168.8.225,61768

Domain is pushed but not configured, routes are ok.
Also DNS servers are set correctly, if I run nslookup (I have metric 10 for this interface) I end up to the correct VPN configured DNS server.
The ipconfig shows:

Code: Select all

Unknown adapter OpenVPN Wintun:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Wintun Userspace Tunnel
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.59.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.1.1
                                       192.168.1.39
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled
The exact same config without windows-driver wintun gets the connection suffix just fine.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: DNS Suffix on Wintun

Post by TinCanTech » Tue Sep 22, 2020 11:11 am

I guess wintun does not support Domain at this time.

https://community.openvpn.net/openvpn/t ... 331#ticket

rimbalza
OpenVpn Newbie
Posts: 5
Joined: Thu Apr 09, 2020 12:17 pm

Re: DNS Suffix on Wintun

Post by rimbalza » Tue Sep 22, 2020 11:26 am

Ok, will wait until that is supported for further tests. This is a crucial functionality to be able to use short names that are really common in the intranets, no one wants to type a 64 char hostname just for a ping!
Will follow on next betas. Thanks.

Post Reply