60 const static GUID
GUID_DEVCLASS_NET = { 0x4d36e972L, 0xe325, 0x11ce, { 0xbf, 0xc1, 0x08, 0x00, 0x2b, 0xe1, 0x03, 0x18 } };
61 const static GUID
GUID_DEVINTERFACE_NET = { 0xcac88484, 0x7515, 0x4c03, { 0x82, 0xe6, 0x71, 0xa8, 0x7a, 0xba, 0xc3, 0x61 } };
65 #define NI_TEST_FIRST (1<<0)
66 #define NI_IP_NETMASK (1<<1)
67 #define NI_OPTIONS (1<<2)
72 const in_addr_t netmask,
73 const unsigned int flags);
85 static void exec_command(
const char *prefix,
const struct argv *a,
int n,
int msglevel);
113 if (addr.
family == AF_INET)
118 add ?
"add" :
"remove",
126 add ?
"add" :
"remove",
137 msg(
M_WARN,
"TUN: %s address failed using service: %s [status=%u if_index=%d]",
182 msg(
D_LOW,
"%s dns domain on '%s' (if_index = %d) using service",
191 msg(
M_WARN,
"TUN: %s dns domain failed using service: %s [status=%u if_name=%s]",
197 msg(
M_INFO,
"DNS domain %s using service", (add ?
"set" :
"deleted"));
213 int addr_len = add ? len : 0;
214 const char *ip_proto_name = family == AF_INET6 ?
"IPv6" :
"IPv4";
216 if (addr_len == 0 && add)
238 if (addr_len > _countof(dns.
addr))
240 addr_len = _countof(dns.
addr);
242 msg(
M_WARN,
"Number of %s DNS addresses sent to service truncated to %d",
243 ip_proto_name, addr_len);
246 for (
int i = 0; i < addr_len; ++i)
248 if (family == AF_INET6)
258 msg(
D_LOW,
"%s %s dns servers on '%s' (if_index = %d) using service",
268 msg(
M_WARN,
"TUN: %s %s dns failed using service: %s [status=%u if_name=%s]",
274 msg(
M_INFO,
"%s dns servers %s using service", ip_proto_name, (add ?
"set" :
"deleted"));
290 int addr_len = add ? len : 0;
292 if (addr_len == 0 && add)
311 if (addr_len > _countof(wins.
addr))
313 addr_len = _countof(wins.
addr);
315 msg(
M_WARN,
"Number of WINS addresses sent to service truncated to %d",
319 for (
int i = 0; i < addr_len; ++i)
324 msg(
D_LOW,
"%s WINS servers on '%s' (if_index = %d) using service",
334 msg(
M_WARN,
"TUN: %s WINS failed using service: %s [status=%u if_name=%s]",
340 msg(
M_INFO,
"WINS servers %s using service", (add ?
"set" :
"deleted"));
355 const char *family_name = (family == AF_INET6) ?
"IPv6" :
"IPv4";
367 if (family == AF_INET6 && mtu < 1280)
369 msg(
M_INFO,
"NOTE: IPv6 interface MTU < 1280 conflicts with IETF standards and might not work");
379 msg(
M_NONFATAL,
"TUN: setting %s mtu using service failed: %s [status=%u if_index=%d]",
384 msg(
M_INFO,
"%s MTU set to %d on interface %d using service", family_name, mtu, mtu_msg.
iface.
index);
402 argv_printf(&
argv,
"%s%s nicconfig where (InterfaceIndex=%ld) call SetDNSDomain '%s'",
411 #ifdef TARGET_SOLARIS
412 static void solaris_error_close(
struct tuntap *tt,
const struct env_set *
es,
const char *actual,
bool unplumb_inet6);
417 #if defined(TARGET_DARWIN) && HAVE_NET_IF_UTUN_H
418 #include <sys/kern_control.h>
419 #include <net/if_utun.h>
420 #include <sys/sys_domain.h>
426 is_dev_type(
const char *dev,
const char *dev_type,
const char *match_type)
435 return !strcmp(dev_type, match_type);
439 return !strncmp(dev, match_type, strlen(match_type));
479 return "[unknown-dev-type]";
489 const char *dev_type,
490 const char *dev_node,
520 const bool looks_like_netmask = ((addr & 0xFF000000) == 0xFF000000);
525 msg(
M_WARN,
"WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (%s) that looks more like a netmask. %s",
532 if (!looks_like_netmask)
534 msg(
M_WARN,
"WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. %s",
550 in_addr_t remote_netmask)
554 msg(
M_INFO,
"CHECK_ADDR_CLASH type=%d public=%s local=%s, remote_netmask=%s",
565 const in_addr_t test_netmask = 0xFFFFFF00;
566 const in_addr_t public_net =
public &test_netmask;
567 const in_addr_t local_net = local & test_netmask;
568 const in_addr_t remote_net = remote_netmask & test_netmask;
570 if (
public == local ||
public == remote_netmask)
573 "WARNING: --%s address [%s] conflicts with --ifconfig address pair [%s, %s]. %s",
581 if (public_net == local_net || public_net == remote_net)
584 "WARNING: potential conflict between --%s address [%s] and --ifconfig address pair [%s, %s] -- this is a warning only that is triggered when local/remote addresses exist within the same /24 subnet as --ifconfig endpoints. %s",
594 const in_addr_t public_network =
public &remote_netmask;
595 const in_addr_t virtual_network = local & remote_netmask;
596 if (public_network == virtual_network)
599 "WARNING: --%s address [%s] conflicts with --ifconfig subnet [%s, %s] -- local and remote addresses cannot be inside of the --ifconfig subnet. %s",
620 const in_addr_t netmask,
625 in_addr_t lan_gw = 0;
626 in_addr_t lan_netmask = 0;
630 const in_addr_t lan_network = lan_gw & lan_netmask;
631 const in_addr_t network = ip & netmask;
634 if ((network & lan_netmask) == lan_network
635 || (lan_network & netmask) == network)
637 msg(
M_WARN,
"WARNING: potential %s subnet conflict between local LAN [%s/%s] and remote VPN [%s/%s]",
657 if ((rgi.
flags & needed) == needed)
660 if (lan_network == 0xC0A80000 || lan_network == 0xC0A80100)
662 msg(
M_WARN,
"NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.");
762 msg(
M_FATAL,
"Error: problem with tun vs. tap setting");
788 setenv_str(
es,
"ifconfig_remote", ifconfig_remote_netmask);
792 setenv_str(
es,
"ifconfig_netmask", ifconfig_remote_netmask);
801 setenv_str(
es,
"ifconfig_ipv6_local", ifconfig_ipv6_local);
803 setenv_str(
es,
"ifconfig_ipv6_remote", ifconfig_ipv6_remote);
817 const char *dev_type,
819 const char *ifconfig_local_parm,
820 const char *ifconfig_remote_netmask_parm,
821 const char *ifconfig_ipv6_local_parm,
822 int ifconfig_ipv6_netbits_parm,
823 const char *ifconfig_ipv6_remote_parm,
824 struct addrinfo *local_public,
825 struct addrinfo *remote_public,
826 const bool strict_warn,
840 if (ifconfig_local_parm && ifconfig_remote_netmask_parm)
868 ifconfig_remote_netmask_parm,
878 struct addrinfo *curele;
886 for (curele = local_public; curele; curele = curele->ai_next)
888 if (curele->ai_family == AF_INET)
892 ((
struct sockaddr_in *)curele->ai_addr)->sin_addr.s_addr,
898 for (curele = remote_public; curele; curele = curele->ai_next)
900 if (curele->ai_family == AF_INET)
904 ((
struct sockaddr_in *)curele->ai_addr)->sin_addr.s_addr,
939 if (ifconfig_ipv6_local_parm && ifconfig_ipv6_remote_parm)
946 if (inet_pton( AF_INET6, ifconfig_ipv6_local_parm, &tt->
local_ipv6 ) != 1
947 || inet_pton( AF_INET6, ifconfig_ipv6_remote_parm, &tt->
remote_ipv6 ) != 1)
949 msg(
M_FATAL,
"init_tun: problem converting IPv6 ifconfig addresses %s and %s to binary", ifconfig_ipv6_local_parm, ifconfig_ipv6_remote_parm );
1002 msg(
M_FATAL,
"Cannot allocate memory for ring buffer");
1010 msg(
M_FATAL,
"Cannot create events for ring buffer");
1021 #if defined(_WIN32) \
1022 || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD)
1060 #if defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
1061 || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD)
1072 create_arbitrary_remote(
struct tuntap *tt )
1078 if (remote == tt->
local)
1100 #if !defined(TARGET_LINUX)
1106 #if defined(TARGET_LINUX)
1107 if (net_iface_mtu_set(ctx, ifname, tun_mtu) < 0)
1109 msg(
M_FATAL,
"Linux can't set mtu (%d) on %s", tun_mtu, ifname);
1112 if (net_iface_up(ctx, ifname,
true) < 0)
1114 msg(
M_FATAL,
"Linux can't bring %s up", ifname);
1117 if (net_addr_v6_add(ctx, ifname, &tt->
local_ipv6,
1120 msg(
M_FATAL,
"Linux can't add IPv6 to interface %s", ifname);
1122 #elif defined(TARGET_ANDROID)
1127 management_android_control(
management,
"IFCONFIG6", out6);
1128 #elif defined(TARGET_SOLARIS)
1148 "Solaris ifconfig IPv6 (prepare) failed"))
1150 solaris_error_close(tt,
es, ifname,
true);
1169 solaris_error_close(tt,
es, ifname,
true);
1179 #elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \
1180 || defined(TARGET_DARWIN) || defined(TARGET_FREEBSD) \
1181 || defined(TARGET_DRAGONFLY)
1187 "generic BSD ifconfig inet6 failed");
1189 #if defined(TARGET_FREEBSD) && __FreeBSD_version >= 1200000 \
1190 && __FreeBSD_version < 1300000
1210 "FreeBSD BSD 'ifconfig inet6 -ifdisabled' failed");
1213 #if defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \
1214 || defined(TARGET_DARWIN)
1218 #elif defined(TARGET_AIX)
1228 "generic BSD ifconfig inet6 failed");
1231 #elif defined (_WIN32)
1234 msg(
M_INFO,
"******** NOTE: Please manually set the v6 IP of '%s' to %s (if it is not already set)",
1235 ifname, ifconfig_ipv6_local);
1264 argv_printf(&
argv,
"%s%s interface ipv6 set address %lu %s/%d store=active",
1266 ifconfig_ipv6_local, netbits);
1282 msg(
M_FATAL,
"Sorry, but I don't know how to do IPv6 'ifconfig' commands on this operating system. You should ifconfig your TUN/TAP device manually or use an --up script.");
1285 #if !defined(TARGET_LINUX)
1304 #if !defined(_WIN32) && !defined(TARGET_ANDROID)
1311 #if !defined(TARGET_LINUX)
1312 const char *ifconfig_local = NULL;
1313 const char *ifconfig_remote_netmask = NULL;
1324 #if defined(TARGET_LINUX)
1325 if (net_iface_mtu_set(ctx, ifname, tun_mtu) < 0)
1327 msg(
M_FATAL,
"Linux can't set mtu (%d) on %s", tun_mtu, ifname);
1330 if (net_iface_up(ctx, ifname,
true) < 0)
1332 msg(
M_FATAL,
"Linux can't bring %s up", ifname);
1337 if (net_addr_ptp_v4_add(ctx, ifname, &tt->
local,
1340 msg(
M_FATAL,
"Linux can't add IP to interface %s", ifname);
1345 if (net_addr_v4_add(ctx, ifname, &tt->
local,
1348 msg(
M_FATAL,
"Linux can't add IP to interface %s", ifname);
1351 #elif defined(TARGET_ANDROID)
1374 ifconfig_remote_netmask, tun_mtu, top);
1375 management_android_control(
management,
"IFCONFIG", out);
1377 #elif defined(TARGET_SOLARIS)
1386 ifconfig_local, ifconfig_remote_netmask, tun_mtu);
1391 solaris_error_close(tt,
es, ifname,
false);
1400 ifname, ifconfig_local, ifconfig_local,
1401 ifconfig_remote_netmask, tun_mtu);
1407 ifconfig_remote_netmask);
1413 solaris_error_close(tt,
es, ifname,
false);
1429 #elif defined(TARGET_OPENBSD)
1431 in_addr_t remote_end;
1443 "%s %s %s %s mtu %d netmask 255.255.255.255 up -link0",
1445 ifconfig_remote_netmask, tun_mtu);
1449 remote_end = create_arbitrary_remote( tt );
1453 ifconfig_remote_netmask);
1459 ifconfig_remote_netmask, tun_mtu);
1476 #elif defined(TARGET_NETBSD)
1477 in_addr_t remote_end = INADDR_ANY;
1483 ifconfig_remote_netmask, tun_mtu);
1487 remote_end = create_arbitrary_remote(tt);
1490 tun_mtu, ifconfig_remote_netmask);
1501 ifconfig_remote_netmask, tun_mtu);
1518 #elif defined(TARGET_DARWIN)
1527 "NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure");
1535 ifconfig_remote_netmask, tun_mtu);
1543 ifconfig_remote_netmask, tun_mtu);
1548 ifname, ifconfig_local, ifconfig_remote_netmask,
1568 #elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
1575 ifconfig_remote_netmask, tun_mtu);
1581 ifname, ifconfig_local, netbits, tun_mtu );
1587 #elif defined(TARGET_AIX)
1595 msg(
M_FATAL,
"no tun support on AIX (canthappen)");
1600 ifname, ifconfig_local, ifconfig_remote_netmask, tun_mtu);
1607 #elif defined (_WIN32)
1611 "******** NOTE: Please manually set the IP/netmask of '%s' to %s/%s (if it is not already set)",
1612 ifname, ifconfig_local,
1613 ifconfig_remote_netmask);
1647 msg(
M_FATAL,
"Sorry, but I don't know how to do 'ifconfig' commands on this operating system. You should ifconfig your TUN/TAP device manually or use an --up script.");
1650 #if !defined(TARGET_LINUX)
1664 #ifdef ENABLE_MANAGEMENT
1694 #if defined(TARGET_LINUX)
1702 msg(
M_WARN,
"Linux can't del IP from iface %s",
1710 msg(
M_WARN,
"Linux can't del IP from iface %s",
1714 #elif defined(TARGET_FREEBSD)
1733 #if defined(TARGET_LINUX)
1739 #elif defined(TARGET_FREEBSD)
1785 #ifdef TARGET_SOLARIS
1797 #if defined (TARGET_OPENBSD) || (defined(TARGET_DARWIN) && HAVE_NET_IF_UTUN_H)
1817 #include <netinet/ip.h>
1818 #include <sys/uio.h>
1821 header_modify_read_write_return(
int len)
1825 return len >
sizeof(u_int32_t) ? len -
sizeof(u_int32_t) : 0;
1834 write_tun_header(
struct tuntap *tt, uint8_t *buf,
int len)
1846 type = htonl(AF_INET6);
1850 type = htonl(AF_INET);
1853 iv[0].iov_base = &type;
1854 iv[0].iov_len =
sizeof(type);
1855 iv[1].iov_base = buf;
1856 iv[1].iov_len = len;
1858 return header_modify_read_write_return(writev(tt->fd, iv, 2));
1862 return write(tt->fd, buf, len);
1867 read_tun_header(
struct tuntap *tt, uint8_t *buf,
int len)
1874 iv[0].iov_base = &type;
1875 iv[0].iov_len =
sizeof(type);
1876 iv[1].iov_base = buf;
1877 iv[1].iov_len = len;
1879 return header_modify_read_write_return(readv(tt->fd, iv, 2));
1883 return read(tt->fd, buf, len);
1894 #if defined(TARGET_LINUX) || defined(TARGET_FREEBSD)
1896 tun_dco_enabled(
struct tuntap *tt)
1903 #if !(defined(_WIN32) || defined(TARGET_LINUX))
1905 open_tun_generic(
const char *dev,
const char *dev_type,
const char *dev_node,
1909 char dynamic_name[256];
1910 bool dynamic_opened =
false;
1935 for (
int i = 0; i < 256; ++i)
1938 "/dev/%s%d", dev, i);
1941 if ((tt->fd = open(tunname, O_RDWR)) > 0)
1943 dynamic_opened =
true;
1948 if (!dynamic_opened)
1950 msg(
M_FATAL,
"Cannot allocate TUN/TAP dev dynamically");
1962 if (!dynamic_opened)
1965 if (if_nametoindex( dev ) > 0)
1967 msg(
M_INFO,
"TUN/TAP device %s exists previously, keep at program end", dev );
1971 if ((tt->fd = open(tunname, O_RDWR)) < 0)
1973 msg(
M_ERR,
"Cannot open TUN/TAP dev %s", tunname);
1979 msg(
M_INFO,
"TUN/TAP device %s opened", tunname);
1987 #if defined(TARGET_LINUX) || defined(TARGET_FREEBSD)
1989 open_tun_dco_generic(
const char *dev,
const char *dev_type,
1992 char dynamic_name[256];
1993 bool dynamic_opened =
false;
2009 if (strcmp(dev,
"tun") == 0)
2011 for (
int i = 0; i < 256; ++i)
2018 dynamic_opened =
true;
2019 msg(
M_INFO,
"DCO device %s opened", dynamic_name);
2023 else if (ret == -EPERM)
2028 if (!dynamic_opened)
2030 msg(
M_FATAL,
"Cannot allocate DCO dev dynamically");
2044 msg(
M_INFO,
"DCO device %s already exists, won't be destroyed at shutdown",
2050 msg(
M_ERR,
"Cannot open DCO device %s: %s (%d)", dev,
2051 strerror(-ret), ret);
2055 msg(
M_INFO,
"DCO device %s opened", dev);
2064 #if !defined(_WIN32)
2066 close_tun_generic(
struct tuntap *tt)
2078 #if defined (TARGET_ANDROID)
2080 open_tun(
const char *dev,
const char *dev_type,
const char *dev_node,
struct tuntap *tt,
2083 #define ANDROID_TUNNAME "vpnservice-tun"
2088 int oldtunfd = tt->fd;
2094 management_android_control(
management,
"DNS6SERVER",
2100 management_android_control(
management,
"DNSSERVER",
2116 int android_method = managment_android_persisttun_action(
management);
2118 if (oldtunfd >=0 && android_method == ANDROID_KEEP_OLD_TUN)
2125 opentun = management_android_control(
management,
"OPENTUN", dev);
2132 if (oldtunfd >= 0 && android_method == ANDROID_OPEN_BEFORE_CLOSE)
2140 if ((tt->fd < 0) || !opentun)
2142 msg(
M_ERR,
"ERROR: Cannot open TUN");
2153 close_tun_generic(tt);
2166 return read(tt->fd, buf,
len);
2169 #elif defined(TARGET_LINUX)
2171 #ifndef HAVE_LINUX_SOCKIOS_H
2172 #error header file linux/sockios.h required
2178 open_tun(
const char *dev,
const char *dev_type,
const char *dev_node,
struct tuntap *tt,
2190 else if (tun_dco_enabled(tt))
2192 open_tun_dco_generic(dev, dev_type, tt, ctx);
2199 const char *node = dev_node;
2202 node =
"/dev/net/tun";
2208 if ((tt->fd = open(node, O_RDWR)) < 0)
2210 msg(
M_ERR,
"ERROR: Cannot open TUN/TAP dev %s", node);
2217 ifr.ifr_flags = IFF_NO_PI;
2219 #if defined(IFF_ONE_QUEUE) && defined(SIOCSIFTXQLEN)
2220 ifr.ifr_flags |= IFF_ONE_QUEUE;
2228 ifr.ifr_flags |= IFF_TUN;
2232 ifr.ifr_flags |= IFF_TAP;
2236 msg(
M_FATAL,
"I don't recognize device %s as a tun or tap device",
2243 if (strcmp(dev,
"tun") && strcmp(dev,
"tap"))
2252 if (ioctl(tt->fd, TUNSETIFF, (
void *) &ifr) < 0)
2254 msg(
M_ERR,
"ERROR: Cannot ioctl TUNSETIFF %s", dev);
2257 msg(
M_INFO,
"TUN/TAP device %s opened", ifr.ifr_name);
2262 #if defined(IFF_ONE_QUEUE) && defined(SIOCSIFTXQLEN)
2265 struct ifreq netifr;
2268 if ((ctl_fd = socket(AF_INET, SOCK_DGRAM, 0)) >= 0)
2271 strncpynt(netifr.ifr_name, ifr.ifr_name, IFNAMSIZ);
2272 netifr.ifr_qlen = tt->
options.txqueuelen;
2273 if (ioctl(ctl_fd, SIOCSIFTXQLEN, (
void *) &netifr) >= 0)
2279 msg(
M_WARN |
M_ERRNO,
"Note: Cannot set tx queue length on %s", ifr.ifr_name);
2285 msg(
M_WARN |
M_ERRNO,
"Note: Cannot open control socket on %s", ifr.ifr_name);
2300 open_tun(
const char *dev,
const char *dev_type,
const char *dev_node,
struct tuntap *tt,
2308 #ifdef ENABLE_FEATURE_TUN_PERSIST
2312 #define TUNSETGROUP _IOW('T', 206, int)
2316 tuncfg(
const char *dev,
const char *dev_type,
const char *dev_node,
2317 int persist_mode,
const char *username,
const char *groupname,
2327 open_tun(dev, dev_type, dev_node, tt, ctx);
2328 if (ioctl(tt->fd, TUNSETPERSIST, persist_mode) < 0)
2330 msg(
M_ERR,
"Cannot ioctl TUNSETPERSIST(%d) %s", persist_mode, dev);
2332 if (username != NULL)
2338 msg(
M_ERR,
"Cannot get user entry for %s", username);
2342 msg(
M_ERR,
"Cannot ioctl TUNSETOWNER(%s) %s", username, dev);
2345 if (groupname != NULL)
2351 msg(
M_ERR,
"Cannot get group entry for %s", groupname);
2355 msg(
M_ERR,
"Cannot ioctl TUNSETGROUP(%s) %s", groupname, dev);
2359 msg(
M_INFO,
"Persist state set to: %s", (persist_mode ?
"ON" :
"OFF"));
2369 #if defined(TARGET_LINUX) || defined(TARGET_FREEBSD)
2370 if (tun_dco_enabled(tt))
2375 close_tun_generic(tt);
2382 return write(tt->fd, buf, len);
2388 return read(tt->fd, buf, len);
2391 #elif defined(TARGET_SOLARIS)
2394 #error I need the symbol TUNNEWPPA from net/if_tun.h
2398 open_tun(
const char *dev,
const char *dev_type,
const char *dev_node,
struct tuntap *tt,
2401 int if_fd, ip_muxid, arp_muxid, arp_fd, ppa = -1;
2404 const char *ip_node, *arp_node;
2405 const char *dev_tuntap_type;
2408 struct strioctl strioc_if, strioc_ppa;
2424 ip_node =
"/dev/udp";
2427 dev_node =
"/dev/tun";
2429 dev_tuntap_type =
"tun";
2430 link_type = I_PLINK;
2435 ip_node =
"/dev/udp";
2438 dev_node =
"/dev/tap";
2440 arp_node = dev_node;
2441 dev_tuntap_type =
"tap";
2442 link_type = I_PLINK;
2447 msg(
M_FATAL,
"I don't recognize device %s as a tun or tap device",
2451 if ((tt->ip_fd = open(ip_node, O_RDWR, 0)) < 0)
2453 msg(
M_ERR,
"Can't open %s", ip_node);
2456 if ((tt->fd = open(dev_node, O_RDWR, 0)) < 0)
2458 msg(
M_ERR,
"Can't open %s", dev_node);
2466 while (*ptr && !isdigit((
int) *ptr))
2474 strioc_ppa.ic_cmd = TUNNEWPPA;
2475 strioc_ppa.ic_timout = 0;
2476 strioc_ppa.ic_len =
sizeof(ppa);
2477 strioc_ppa.ic_dp = (
char *)&ppa;
2481 bool found_one =
false;
2482 while (!found_one && ppa < 64)
2484 int new_ppa = ioctl(tt->fd, I_STR, &strioc_ppa);
2487 msg(
M_INFO,
"open_tun: got dynamic interface '%s%d'", dev_tuntap_type, new_ppa );
2492 if (errno != EEXIST)
2494 msg(
M_ERR,
"open_tun: unexpected error trying to find free %s interface", dev_tuntap_type );
2500 msg(
M_ERR,
"open_tun: could not find free %s interface, give up.", dev_tuntap_type );
2505 if ((ppa = ioctl(tt->fd, I_STR, &strioc_ppa)) < 0)
2507 msg(
M_ERR,
"Can't assign PPA for new interface (%s%d)", dev_tuntap_type, ppa );
2511 if ((if_fd = open(dev_node, O_RDWR, 0)) < 0)
2513 msg(
M_ERR,
"Can't open %s (2)", dev_node);
2516 if (ioctl(if_fd, I_PUSH,
"ip") < 0)
2518 msg(
M_ERR,
"Can't push IP module");
2524 if (ioctl(if_fd, IF_UNITSEL, (
char *) &ppa) < 0)
2526 msg(
M_ERR,
"Can't set PPA %d", ppa);
2537 if (ioctl(if_fd, SIOCGLIFFLAGS, &ifr) < 0)
2544 if (ioctl(if_fd, SIOCSLIFNAME, &ifr) < 0)
2546 msg(
M_ERR,
"Can't set PPA %d", ppa);
2548 if (ioctl(if_fd, SIOCGLIFFLAGS, &ifr) <0)
2553 if (ioctl(if_fd, I_PUSH,
"arp") < 0)
2555 msg(
M_ERR,
"Can't push ARP module");
2561 if (ioctl(tt->ip_fd, I_POP, NULL) < 0)
2567 if (ioctl(tt->ip_fd, I_PUSH,
"arp") < 0)
2569 msg(
M_ERR,
"Can't push ARP module\n");
2573 if ((arp_fd = open(arp_node, O_RDWR, 0)) < 0)
2575 msg(
M_ERR,
"Can't open %s\n", arp_node);
2578 if (ioctl(arp_fd, I_PUSH,
"arp") < 0)
2580 msg(
M_ERR,
"Can't push ARP module\n");
2584 strioc_if.ic_cmd = SIOCSLIFNAME;
2585 strioc_if.ic_timout = 0;
2586 strioc_if.ic_len =
sizeof(ifr);
2587 strioc_if.ic_dp = (
char *)𝔦
2588 if (ioctl(arp_fd, I_STR, &strioc_if) < 0)
2590 msg(
M_ERR,
"Can't set ifname to arp\n");
2594 if ((ip_muxid = ioctl(tt->ip_fd, link_type, if_fd)) < 0)
2596 msg(
M_ERR,
"Can't link %s device to IP", dev_tuntap_type);
2601 if ((arp_muxid = ioctl(tt->ip_fd, link_type, arp_fd)) < 0)
2603 msg(
M_ERR,
"Can't link %s device to ARP", dev_tuntap_type);
2610 ifr.lifr_ip_muxid = ip_muxid;
2613 ifr.lifr_arp_muxid = arp_muxid;
2616 if (ioctl(tt->ip_fd, SIOCSLIFMUXID, &ifr) < 0)
2620 ioctl(tt->ip_fd, I_PUNLINK, arp_muxid);
2622 ioctl(tt->ip_fd, I_PUNLINK, ip_muxid);
2623 msg(
M_ERR,
"Can't set multiplexor id");
2634 solaris_close_tun(
struct tuntap *tt)
2653 if (ioctl(tt->ip_fd, SIOCGLIFFLAGS, &ifr) < 0)
2658 if (ioctl(tt->ip_fd, SIOCGLIFMUXID, &ifr) < 0)
2665 if (ioctl(tt->ip_fd, I_PUNLINK, ifr.lifr_arp_muxid) < 0)
2671 if (ioctl(tt->ip_fd, I_PUNLINK, ifr.lifr_ip_muxid) < 0)
2695 solaris_close_tun(tt);
2705 const char *actual,
bool unplumb_inet6 )
2734 sbuf.buf = (
char *)buf;
2735 return putmsg(tt->fd, NULL, &sbuf, 0) >= 0 ? sbuf.len : -1;
2745 sbuf.buf = (
char *)buf;
2746 return getmsg(tt->fd, NULL, &sbuf, &
f) >= 0 ? sbuf.len : -1;
2749 #elif defined(TARGET_OPENBSD)
2752 open_tun(
const char *dev,
const char *dev_type,
const char *dev_node,
struct tuntap *tt,
2755 open_tun_generic(dev, dev_type, dev_node, tt);
2760 struct tuninfo info;
2762 if (ioctl(tt->fd, TUNGIFINFO, &info) < 0)
2767 #ifdef IFF_MULTICAST
2768 info.flags |= IFF_MULTICAST;
2771 if (ioctl(tt->fd, TUNSIFINFO, &info) < 0)
2796 close_tun_generic(tt);
2809 close_tun_generic(tt);
2821 return write_tun_header(tt, buf, len);
2827 return read_tun_header(tt, buf, len);
2830 #elif defined(TARGET_NETBSD)
2847 open_tun(
const char *dev,
const char *dev_type,
const char *dev_node,
struct tuntap *tt,
2854 if (strcmp(dev,
"tap") == 0)
2857 if ((tt->fd = open(
"/dev/tap", O_RDWR)) < 0)
2859 msg(
M_FATAL,
"Cannot allocate NetBSD TAP dev dynamically");
2861 if (ioctl( tt->fd, TAPGIFNAME, (
void *)&ifr ) < 0)
2863 msg(
M_FATAL,
"Cannot query NetBSD TAP device name");
2867 msg(
M_INFO,
"TUN/TAP device %s opened", ifr.ifr_name);
2876 open_tun_generic(dev, dev_type, dev_node, tt);
2881 int i = IFF_POINTOPOINT|IFF_MULTICAST;
2882 ioctl(tt->fd, TUNSIFMODE, &i);
2884 ioctl(tt->fd, TUNSLMODE, &i);
2889 if (ioctl(tt->fd, TUNSIFHEAD, &i) < 0)
2910 close_tun_generic(tt);
2923 close_tun_generic(tt);
2933 netbsd_modify_read_write_return(
int len)
2937 return len >
sizeof(u_int32_t) ? len -
sizeof(u_int32_t) : 0;
2958 type = htonl(AF_INET6);
2962 type = htonl(AF_INET);
2965 iv[0].iov_base = (
char *)&type;
2966 iv[0].iov_len =
sizeof(type);
2967 iv[1].iov_base = buf;
2968 iv[1].iov_len = len;
2970 return netbsd_modify_read_write_return(writev(tt->fd, iv, 2));
2974 return write(tt->fd, buf, len);
2986 iv[0].iov_base = (
char *)&type;
2987 iv[0].iov_len =
sizeof(type);
2988 iv[1].iov_base = buf;
2989 iv[1].iov_len = len;
2991 return netbsd_modify_read_write_return(readv(tt->fd, iv, 2));
2995 return read(tt->fd, buf, len);
2999 #elif defined(TARGET_FREEBSD)
3002 freebsd_modify_read_write_return(
int len)
3006 return len >
sizeof(u_int32_t) ? len -
sizeof(u_int32_t) : 0;
3015 open_tun(
const char *dev,
const char *dev_type,
const char *dev_node,
struct tuntap *tt,
3018 if (tun_dco_enabled(tt))
3020 open_tun_dco_generic(dev, dev_type, tt, ctx);
3024 open_tun_generic(dev, dev_type, dev_node, tt);
3029 int i = IFF_POINTOPOINT | IFF_MULTICAST;
3032 i = IFF_BROADCAST | IFF_MULTICAST;
3035 if (ioctl(tt->fd, TUNSIFMODE, &i) < 0)
3042 if (ioctl(tt->fd, TUNSIFHEAD, &i) < 0)
3064 close_tun_generic(tt);
3078 close_tun_generic(tt);
3082 "FreeBSD 'destroy tun interface' failed (non-critical)");
3097 iph = (
struct ip *) buf;
3101 type = htonl(AF_INET6);
3105 type = htonl(AF_INET);
3108 iv[0].iov_base = (
char *)&type;
3109 iv[0].iov_len =
sizeof(type);
3110 iv[1].iov_base = buf;
3111 iv[1].iov_len = len;
3113 return freebsd_modify_read_write_return(writev(tt->fd, iv, 2));
3117 return write(tt->fd, buf, len);
3129 iv[0].iov_base = (
char *)&type;
3130 iv[0].iov_len =
sizeof(type);
3131 iv[1].iov_base = buf;
3132 iv[1].iov_len = len;
3134 return freebsd_modify_read_write_return(readv(tt->fd, iv, 2));
3138 return read(tt->fd, buf, len);
3142 #elif defined(TARGET_DRAGONFLY)
3145 dragonfly_modify_read_write_return(
int len)
3149 return len >
sizeof(u_int32_t) ? len -
sizeof(u_int32_t) : 0;
3158 open_tun(
const char *dev,
const char *dev_type,
const char *dev_node,
struct tuntap *tt,
3161 open_tun_generic(dev, dev_type, dev_node, tt);
3168 ioctl(tt->fd, TUNSLMODE, &i);
3170 ioctl(tt->fd, TUNSIFHEAD, &i);
3179 close_tun_generic(tt);
3192 iph = (
struct ip *) buf;
3196 type = htonl(AF_INET6);
3200 type = htonl(AF_INET);
3203 iv[0].iov_base = (
char *)&type;
3204 iv[0].iov_len =
sizeof(type);
3205 iv[1].iov_base = buf;
3206 iv[1].iov_len = len;
3208 return dragonfly_modify_read_write_return(writev(tt->fd, iv, 2));
3212 return write(tt->fd, buf, len);
3224 iv[0].iov_base = (
char *)&type;
3225 iv[0].iov_len =
sizeof(type);
3226 iv[1].iov_base = buf;
3227 iv[1].iov_len = len;
3229 return dragonfly_modify_read_write_return(readv(tt->fd, iv, 2));
3233 return read(tt->fd, buf, len);
3237 #elif defined(TARGET_DARWIN)
3253 #ifdef HAVE_NET_IF_UTUN_H
3261 utun_open_helper(
struct ctl_info ctlInfo,
int utunnum)
3263 struct sockaddr_ctl sc;
3266 fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL);
3275 if (ioctl(fd, CTLIOCGINFO, &ctlInfo) == -1)
3284 sc.sc_id = ctlInfo.ctl_id;
3285 sc.sc_len =
sizeof(sc);
3286 sc.sc_family = AF_SYSTEM;
3287 sc.ss_sysaddr = AF_SYS_CONTROL;
3289 sc.sc_unit = utunnum+1;
3295 if (connect(fd, (
struct sockaddr *)&sc,
sizeof(sc)) < 0)
3310 open_darwin_utun(
const char *dev,
const char *dev_type,
const char *dev_node,
struct tuntap *tt)
3312 struct ctl_info ctlInfo;
3316 socklen_t utunname_len =
sizeof(utunname);
3320 if (dev_node && (strcmp(
"utun", dev_node) != 0 ))
3322 if (sscanf(dev_node,
"utun%d", &utunnum) != 1)
3324 msg(
M_FATAL,
"Cannot parse 'dev-node %s' please use 'dev-node utunX'"
3325 "to use a utun device number X", dev_node);
3332 if (strlcpy(ctlInfo.ctl_name, UTUN_CONTROL_NAME,
sizeof(ctlInfo.ctl_name)) >=
3333 sizeof(ctlInfo.ctl_name))
3335 msg(
M_ERR,
"Opening utun: UTUN_CONTROL_NAME too long");
3341 for (utunnum = 0; utunnum < 255; utunnum++)
3345 ASSERT(snprintf(ifname,
sizeof(ifname),
"utun%d", utunnum) > 0);
3346 if (if_nametoindex(ifname))
3350 fd = utun_open_helper(ctlInfo, utunnum);
3361 fd = utun_open_helper(ctlInfo, utunnum);
3373 if (getsockopt(fd, SYSPROTO_CONTROL, UTUN_OPT_IFNAME, utunname, &utunname_len))
3380 msg(
M_INFO,
"Opened utun device %s", utunname);
3387 open_tun(
const char *dev,
const char *dev_type,
const char *dev_node,
struct tuntap *tt,
3390 #ifdef HAVE_NET_IF_UTUN_H
3393 || (dev_node && !strncmp(dev_node,
"utun", 4)))
3400 msg(
M_FATAL,
"Cannot use utun devices with --dev-type %s",
3406 open_darwin_utun(dev, dev_type, dev_node, tt);
3413 msg(
M_INFO,
"Failed to open utun device. Falling back to /dev/tun device");
3414 open_tun_generic(dev, dev_type, NULL, tt);
3432 if (dev_node && strcmp(dev_node,
"tun")==0)
3437 open_tun_generic(dev, dev_type, dev_node, tt);
3451 const char *ifconfig_ipv6_local =
3460 close_tun_generic(tt);
3469 #ifdef HAVE_NET_IF_UTUN_H
3472 return write_tun_header(tt, buf, len);
3476 return write(tt->fd, buf, len);
3482 #ifdef HAVE_NET_IF_UTUN_H
3485 return read_tun_header(tt, buf, len);
3489 return read(tt->fd, buf, len);
3492 #elif defined(TARGET_AIX)
3495 open_tun(
const char *dev,
const char *dev_type,
const char *dev_node,
struct tuntap *tt,
3499 char dynamic_name[20];
3510 msg(
M_FATAL,
"no support for 'tun' devices on AIX" );
3513 if (strncmp( dev,
"tap", 3 ) != 0 || dev_node)
3515 msg(
M_FATAL,
"'--dev %s' and/or '--dev-node' not supported on AIX, use '--dev tap0', 'tap1', etc.", dev );
3518 if (strcmp( dev,
"tap" ) == 0)
3521 for (i = 0; i<99; i++)
3524 if (access( tunname, F_OK ) < 0 && errno == ENOENT)
3531 msg(
M_FATAL,
"cannot find unused tap device" );
3541 while (isdigit(*p) )
3547 msg(
M_FATAL,
"TAP device name must be '--dev tapNNNN'" );
3555 if (access( tunname, F_OK ) < 0 && errno == ENOENT)
3575 if ((tt->fd = open(tunname, O_RDWR)) < 0)
3577 msg(
M_ERR,
"Cannot open TAP device '%s'", tunname);
3582 msg(
M_INFO,
"TUN/TAP device %s opened", tunname);
3611 close_tun_generic(tt);
3624 return write(tt->fd, buf, len);
3630 return read(tt->fd, buf, len);
3633 #elif defined(_WIN32)
3675 err = GetLastError();
3676 if (err == ERROR_IO_PENDING)
3732 dmsg(
D_WIN32_IO,
"WIN32 I/O: TAP Write immediate return [%d,%d]",
3738 err = GetLastError();
3739 if (err == ERROR_IO_PENDING)
3773 err = GetLastError();
3791 HDEVINFO dev_info_set;
3796 dev_info_set = SetupDiGetClassDevsEx(&
GUID_DEVCLASS_NET, NULL, NULL, DIGCF_PRESENT, NULL, NULL, NULL);
3797 if (dev_info_set == INVALID_HANDLE_VALUE)
3799 err = GetLastError();
3804 for (DWORD i = 0;; ++i)
3806 SP_DEVINFO_DATA device_info_data;
3809 char net_cfg_instance_id_string[] =
"NetCfgInstanceId";
3811 char device_instance_id[256];
3815 ULONG dev_interface_list_size;
3818 ZeroMemory(&device_info_data,
sizeof(SP_DEVINFO_DATA));
3819 device_info_data.cbSize =
sizeof(SP_DEVINFO_DATA);
3820 res = SetupDiEnumDeviceInfo(dev_info_set, i, &device_info_data);
3823 if (GetLastError() == ERROR_NO_MORE_ITEMS)
3833 dev_key = SetupDiOpenDevRegKey(dev_info_set, &device_info_data, DICS_FLAG_GLOBAL, 0, DIREG_DRV, KEY_QUERY_VALUE);
3834 if (dev_key == INVALID_HANDLE_VALUE)
3841 status = RegQueryValueEx(dev_key,
3842 net_cfg_instance_id_string,
3847 if (
status != ERROR_SUCCESS)
3852 len =
sizeof(device_instance_id);
3853 res = SetupDiGetDeviceInstanceId(dev_info_set, &device_info_data, device_instance_id, len, &len);
3859 cr = CM_Get_Device_Interface_List_Size(&dev_interface_list_size,
3862 CM_GET_DEVICE_INTERFACE_LIST_PRESENT);
3864 if (cr != CR_SUCCESS)
3869 char *dev_interface_list =
gc_malloc(dev_interface_list_size,
false, gc);
3872 dev_interface_list_size,
3873 CM_GET_DEVICE_INTERFACE_LIST_PRESENT);
3874 if (cr != CR_SUCCESS)
3879 char *dev_if = dev_interface_list;
3882 while (strlen(dev_if) > 0)
3900 last->
next = dev_iif;
3904 dev_if += strlen(dev_if) + 1;
3908 RegCloseKey(dev_key);
3911 SetupDiDestroyDeviceInfoList(dev_info_set);
3933 if (
status != ERROR_SUCCESS)
3935 msg(
M_FATAL,
"Error opening registry key: %s", ADAPTER_KEY);
3941 char enum_name[256];
3942 char unit_string[256];
3944 char component_id_string[] =
"ComponentId";
3945 char component_id[256];
3946 char net_cfg_instance_id_string[] =
"NetCfgInstanceId";
3947 BYTE net_cfg_instance_id[256];
3950 len =
sizeof(enum_name);
3960 if (
status == ERROR_NO_MORE_ITEMS)
3964 else if (
status != ERROR_SUCCESS)
3966 msg(
M_FATAL,
"Error enumerating registry subkeys of key: %s",
3971 ADAPTER_KEY, enum_name);
3980 if (
status != ERROR_SUCCESS)
3986 len =
sizeof(component_id);
3987 status = RegQueryValueEx(
3989 component_id_string,
3992 (LPBYTE)component_id,
3995 if (
status != ERROR_SUCCESS || data_type != REG_SZ)
3998 unit_string, component_id_string);
4002 len =
sizeof(net_cfg_instance_id);
4003 status = RegQueryValueEx(
4005 net_cfg_instance_id_string,
4008 net_cfg_instance_id,
4011 if (
status == ERROR_SUCCESS && data_type == REG_SZ)
4024 else if (strcasecmp(component_id,
"ovpn-dco") == 0)
4052 RegCloseKey(unit_key);
4057 RegCloseKey(adapter_key);
4065 HKEY network_connections_key;
4073 NETWORK_CONNECTIONS_KEY,
4076 &network_connections_key);
4078 if (
status != ERROR_SUCCESS)
4080 msg(
M_FATAL,
"Error opening registry key: %s", NETWORK_CONNECTIONS_KEY);
4085 char enum_name[256];
4086 char connection_string[256];
4087 HKEY connection_key;
4088 WCHAR name_data[256];
4090 const WCHAR name_string[] = L
"Name";
4092 len =
sizeof(enum_name);
4094 network_connections_key,
4102 if (
status == ERROR_NO_MORE_ITEMS)
4106 else if (
status != ERROR_SUCCESS)
4108 msg(
M_FATAL,
"Error enumerating registry subkeys of key: %s",
4109 NETWORK_CONNECTIONS_KEY);
4113 "%s\\%s\\Connection",
4114 NETWORK_CONNECTIONS_KEY, enum_name);
4123 if (
status != ERROR_SUCCESS)
4125 dmsg(
D_REGISTRY,
"Error opening registry key: %s", connection_string);
4129 len =
sizeof(name_data);
4130 status = RegQueryValueExW(
4138 if (
status != ERROR_SUCCESS || name_type != REG_SZ)
4141 NETWORK_CONNECTIONS_KEY, connection_string, name_string);
4150 n = WideCharToMultiByte(CP_UTF8, 0, name_data, -1, NULL, 0, NULL, NULL);
4152 WideCharToMultiByte(CP_UTF8, 0, name_data, -1,
name, n, NULL, NULL);
4167 RegCloseKey(connection_key);
4172 RegCloseKey(network_connections_key);
4184 const unsigned int mask = 3;
4185 const char *err = NULL;
4187 if (local == remote)
4189 err =
"must be different";
4192 if ((local & (~mask)) != (remote & (~mask)))
4194 err =
"must exist within the same 255.255.255.252 subnet. This is a limitation of --dev tun when used with the TAP-WIN32 driver";
4197 if ((local & mask) == 0
4198 || (local & mask) == 3
4199 || (remote & mask) == 0
4200 || (remote & mask) == 3)
4202 err =
"cannot use the first or last address within a given 255.255.255.252 subnet. This is a limitation of --dev tun when used with the TAP-WIN32 driver";
4210 msg(
M_FATAL,
"There is a problem in your selection of --ifconfig endpoints [local=%s, remote=%s]. The local and remote VPN endpoints %s. Try '" PACKAGE " --show-valid-subnets' option for more info.",
4223 printf(
"On Windows, point-to-point IP support (i.e. --dev tun)\n");
4224 printf(
"is emulated by the TAP-Windows driver. The major limitation\n");
4225 printf(
"imposed by this approach is that the --ifconfig local and\n");
4226 printf(
"remote endpoints must be part of the same 255.255.255.252\n");
4227 printf(
"subnet. The following list shows examples of endpoint\n");
4228 printf(
"pairs which satisfy this requirement. Only the final\n");
4229 printf(
"component of the IP address pairs is at issue.\n\n");
4230 printf(
"As an example, the following option would be correct:\n");
4231 printf(
" --ifconfig 10.7.0.5 10.7.0.6 (on host A)\n");
4232 printf(
" --ifconfig 10.7.0.6 10.7.0.5 (on host B)\n");
4233 printf(
"because [5,6] is part of the below list.\n\n");
4235 for (i = 0; i < 256; i += 4)
4237 printf(
"[%3d,%3d] ", i+1, i+2);
4255 bool warn_panel_null =
false;
4256 bool warn_panel_dup =
false;
4257 bool warn_tap_dup =
false;
4268 msg(msglev,
"Available adapters [name, GUID, driver]:");
4287 warn_panel_dup =
true;
4289 else if (links == 0)
4293 warn_panel_null =
true;
4294 msg(msglev,
"[NULL] %s", tr->
guid);
4303 if (tr != tr1 && !strcmp(tr->
guid, tr1->
guid))
4305 warn_tap_dup =
true;
4313 msg(warnlev,
"WARNING: Some TAP-Windows adapters have duplicate GUIDs");
4318 msg(warnlev,
"WARNING: Some TAP-Windows adapters have duplicate links from the Network Connections control panel");
4321 if (warn_panel_null)
4323 msg(warnlev,
"WARNING: Some TAP-Windows adapters have no link from the Network Connections control panel");
4385 msg(
M_FATAL,
"There are no TAP-Windows, Wintun or ovpn-dco adapters "
4386 "on this system. You should be able to create an adapter "
4387 "by using tapctl.exe utility.");
4397 uint8_t *actual_name,
4398 int actual_name_size,
4399 const struct tap_reg *tap_reg_src,
4408 ASSERT(device_number >= 0);
4419 ASSERT(actual_name_size > 0);
4424 for (i = 0; i < device_number; i++)
4450 if (windows_driver != NULL)
4463 uint8_t *actual_name,
4464 int actual_name_size,
4483 ASSERT(actual_name_size > 0);
4529 const IP_ADAPTER_INFO *
4533 IP_ADAPTER_INFO *pi = NULL;
4536 if ((
status = GetAdaptersInfo(NULL, &size)) != ERROR_BUFFER_OVERFLOW)
4538 msg(
M_INFO,
"GetAdaptersInfo #1 failed (status=%u) : %s",
4544 pi = (PIP_ADAPTER_INFO)
gc_malloc(size,
false, gc);
4545 if ((
status = GetAdaptersInfo(pi, &size)) != NO_ERROR)
4547 msg(
M_INFO,
"GetAdaptersInfo #2 failed (status=%u) : %s",
4556 const IP_PER_ADAPTER_INFO *
4560 IP_PER_ADAPTER_INFO *pi = NULL;
4565 if ((
status = GetPerAdapterInfo(index, NULL, &size)) != ERROR_BUFFER_OVERFLOW)
4567 msg(
M_INFO,
"GetPerAdapterInfo #1 failed (status=%u) : %s",
4573 pi = (PIP_PER_ADAPTER_INFO)
gc_malloc(size,
false, gc);
4574 if ((
status = GetPerAdapterInfo((ULONG)index, pi, &size)) == ERROR_SUCCESS)
4580 msg(
M_INFO,
"GetPerAdapterInfo #2 failed (status=%u) : %s",
4589 static const IP_INTERFACE_INFO *
4593 IP_INTERFACE_INFO *ii = NULL;
4596 if ((
status = GetInterfaceInfo(NULL, &size)) != ERROR_INSUFFICIENT_BUFFER)
4598 msg(
M_INFO,
"GetInterfaceInfo #1 failed (status=%u) : %s",
4604 ii = (PIP_INTERFACE_INFO)
gc_malloc(size,
false, gc);
4605 if ((
status = GetInterfaceInfo(ii, &size)) == NO_ERROR)
4611 msg(
M_INFO,
"GetInterfaceInfo #2 failed (status=%u) : %s",
4619 static const IP_ADAPTER_INDEX_MAP *
4626 for (i = 0; i < list->NumAdapters; ++i)
4628 const IP_ADAPTER_INDEX_MAP *inter = &list->Adapter[i];
4629 if (index == inter->Index)
4643 const IP_ADAPTER_INFO *
4648 const IP_ADAPTER_INFO *a;
4651 for (a = ai; a != NULL; a = a->Next)
4653 if (a->Index == index)
4662 const IP_ADAPTER_INFO *
4674 const IP_ADDR_STRING *ip = &ai->IpAddressList;
4698 const IP_ADDR_STRING *iplist = &ai->IpAddressList;
4708 iplist = iplist->Next;
4714 const char *ip_str = iplist->IpAddress.String;
4715 const char *netmask_str = iplist->IpMask.String;
4716 bool succeed1 =
false;
4717 bool succeed2 =
false;
4719 if (ip_str && netmask_str && strlen(ip_str) && strlen(netmask_str))
4721 *ip =
getaddr(getaddr_flags, ip_str, 0, &succeed1, NULL);
4722 *netmask =
getaddr(getaddr_flags, netmask_str, 0, &succeed2, NULL);
4723 ret = (succeed1 ==
true && succeed2 ==
true);
4736 in_addr_t ip_adapter = 0;
4737 in_addr_t netmask_adapter = 0;
4739 return (
status && ip_adapter == ip && netmask_adapter == netmask);
4747 const IP_ADAPTER_INFO *
4773 for (i = 0; i < n; ++i)
4775 in_addr_t ip, netmask;
4811 if (highest_netmask)
4813 *highest_netmask = 0;
4819 for (i = 0; i < n; ++i)
4821 in_addr_t adapter_ip, adapter_netmask;
4824 if (adapter_ip && adapter_netmask && (ip & adapter_netmask) == (adapter_ip & adapter_netmask))
4826 if (highest_netmask && adapter_netmask > *highest_netmask)
4828 *highest_netmask = adapter_netmask;
4846 in_addr_t highest_netmask = 0;
4847 int lowest_metric = INT_MAX;
4862 if (first || hn > highest_netmask)
4864 highest_netmask = hn;
4867 lowest_metric = metric;
4876 else if (hn == highest_netmask)
4882 if (metric >= 0 && metric < lowest_metric)
4885 lowest_metric = metric;
4892 dmsg(
D_ROUTE_DEBUG,
"DEBUG: IP Locate: ip=%s nm=%s index=%d count=%d metric=%d",
4896 count ? *count : -1,
4906 *netmask = highest_netmask;
4918 #define DHCP_STATUS_UNDEF 0
4919 #define DHCP_STATUS_ENABLED 1
4920 #define DHCP_STATUS_DISABLED 2
4933 if (ai->DhcpEnabled)
4959 const IP_ADDR_STRING *ip = &a->IpAddressList;
4963 const DWORD
context = ip->Context;
4965 if ((
status = DeleteIPAddress((ULONG)
context)) == NO_ERROR)
4967 msg(
M_INFO,
"Successfully deleted previously set dynamic IP/netmask: %s/%s",
4968 ip->IpAddress.String,
4973 const char *empty =
"0.0.0.0";
4974 if (strcmp(ip->IpAddress.String, empty)
4975 || strcmp(ip->IpMask.String, empty))
4977 msg(
M_INFO,
"NOTE: could not delete previously set dynamic IP/netmask: %s/%s (status=%u)",
4978 ip->IpAddress.String,
4999 if (GetAdapterIndex(wbuf, &aindex) != NO_ERROR)
5005 index = (DWORD)aindex;
5020 if (!strcmp(guid,
list->AdapterName))
5022 index =
list->Index;
5043 msg(
M_INFO,
"NOTE: could not get adapter index for %s", guid);
5057 buf_printf(&out,
"%s", ip->IpAddress.String);
5058 if (strlen(ip->IpMask.String))
5075 msg(msglev,
"%s", a->Description);
5076 msg(msglev,
" Index = %d", (
int)a->Index);
5077 msg(msglev,
" GUID = %s", a->AdapterName);
5079 msg(msglev,
" MAC = %s",
format_hex_ex(a->Address, a->AddressLength, 0, 1,
":", gc));
5084 msg(msglev,
" DHCP LEASE OBTAINED = %s",
time_string(a->LeaseObtained, 0,
false, gc));
5085 msg(msglev,
" DHCP LEASE EXPIRES = %s",
time_string(a->LeaseExpires, 0,
false, gc));
5111 msg(msglev,
"SYSTEM ADAPTER LIST");
5114 const IP_ADAPTER_INFO *a;
5117 for (a = ai; a != NULL; a = a->Next)
5140 msg(
M_ERR,
"Error: init SA failed");
5143 status = SetKernelObjectSecurity(hand, DACL_SECURITY_INFORMATION, &
sa.sd);
5146 msg(
M_ERRNO,
"Error: SetKernelObjectSecurity failed on %s", device_path);
5160 const char *device_guid = NULL;
5162 uint8_t actual_buffer[256];
5163 char device_path[256];
5174 msg(
M_FATAL,
"TAP-Windows adapter '%s' not found", dev_node);
5189 FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
5193 if (hand == INVALID_HANDLE_VALUE)
5195 msg(
M_ERR,
"CreateFile failed on TAP device: %s", device_path);
5203 int device_number = 0;
5210 sizeof(actual_buffer),
5233 FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
5237 if (hand == INVALID_HANDLE_VALUE)
5239 msg(
M_WARN,
"CreateFile failed on TAP device: %s", device_path);
5265 DWORD
status = IpReleaseAddress((IP_ADAPTER_INDEX_MAP *)inter);
5273 msg(
M_WARN,
"NOTE: Release of DHCP-assigned IP address lease on TAP-Windows adapter failed: %s (code=%u)",
5305 DWORD
status = IpRenewAddress((IP_ADAPTER_INDEX_MAP *)inter);
5313 msg(
M_WARN,
"WARNING: Failed to renew DHCP IP address lease on TAP-Windows adapter: %s (code=%u)",
5339 for (i = 0; i < n; ++i)
5353 msg(msglevel,
"%s: command failed", prefix);
5366 const char err[] =
"ERROR: Windows ipconfig command failed";
5395 const char *ip_str = src->IpAddress.String;
5397 bool succeed =
false;
5403 if (!ip_str || !strlen(ip_str))
5408 ip =
getaddr(getaddr_flags, ip_str, 0, &succeed, NULL);
5422 msg(
M_INFO,
"ip_addr_string_to_array [%d]", *dest_len);
5423 for (i = 0; i < *dest_len; ++i)
5436 int a2len =
SIZE(a2);
5446 for (i = 0; i < a1len; ++i)
5464 for (i = 0; i < len; ++i)
5482 DWORD adapter_index)
5494 for (
int i = 0; i < addr_len; ++i)
5496 const char *fmt = (i == 0) ?
5497 "%s%s interface ipv6 set dns %lu static %s"
5498 :
"%s%s interface ipv6 add dns %lu %s";
5519 const in_addr_t *addr_list,
5521 const IP_ADDR_STRING *current,
5522 DWORD adapter_index,
5523 const bool test_first)
5527 bool delete_first =
false;
5528 bool is_dns = !strcmp(type,
"dns");
5535 delete_first =
true;
5540 delete_first =
true;
5558 for (i = 0; i < addr_len; ++i)
5562 const char *fmt = count ?
5563 "%s%s interface ip add %s %lu %s"
5564 :
"%s%s interface ip set %s %lu static %s";
5586 msg(
M_INFO,
"NETSH: %lu %s %s [already set]",
5606 dest[0].Next = NULL;
5611 dest[0].Next = &dest[1];
5612 dest[1].Next = NULL;
5618 DWORD adapter_index,
5620 const in_addr_t netmask,
5621 const unsigned int flags)
5625 const IP_ADAPTER_INFO *ai = NULL;
5626 const IP_PER_ADAPTER_INFO *pai = NULL;
5639 msg(
M_INFO,
"NETSH: %lu %s/%s [already set]",
5661 IP_ADDR_STRING wins[2];
5668 pai ? &pai->DnsServerList : NULL,
5671 if (ai && ai->HaveWins)
5695 "%s%s interface ip set address %lu dhcp",
5730 msg(
M_NONFATAL,
"TUN: enabling dhcp using service failed: %s [status=%u if_index=%d]",
5735 msg(
M_INFO,
"DHCP enabled on interface %d using service",
dhcp.iface.index);
5750 MIB_IPINTERFACE_ROW ipiface;
5751 InitializeIpInterfaceEntry(&ipiface);
5752 const char *family_name = (family == AF_INET6) ?
"IPv6" :
"IPv4";
5753 ipiface.Family = family;
5754 ipiface.InterfaceIndex = iface_index;
5755 if (family == AF_INET6 && mtu < 1280)
5757 msg(
M_INFO,
"NOTE: IPv6 interface MTU < 1280 conflicts with IETF standards and might not work");
5760 err = GetIpInterfaceEntry(&ipiface);
5761 if (err == NO_ERROR)
5763 if (family == AF_INET)
5765 ipiface.SitePrefixLength = 0;
5767 ipiface.NlMtu = mtu;
5768 err = SetIpInterfaceEntry(&ipiface);
5771 if (err != NO_ERROR)
5773 msg(
M_WARN,
"TUN: Setting %s mtu failed: %s [status=%lu if_index=%d]",
5778 msg(
M_INFO,
"%s MTU set to %d on interface %d using SetIpInterfaceEntry()", family_name, mtu, iface_index);
5814 else if (strcmp(
BSTR(&actual),
"NULL"))
5816 return BSTR(&actual);
5842 msg(
M_INFO,
"NOTE: now trying netsh (this may take some time)");
5868 msg(
M_WARN,
"write_dhcp_u8: buffer overflow building DHCP options");
5882 const int size =
len *
sizeof(uint32_t);
5887 msg(
M_WARN,
"write_dhcp_u32_array: buffer overflow building DHCP options");
5890 if (size < 1 || size > 255)
5893 msg(
M_WARN,
"write_dhcp_u32_array: size (%d) must be > 0 and <= 255", size);
5898 for (i = 0; i <
len; ++i)
5908 const int len = strlen(str);
5912 msg(
M_WARN,
"write_dhcp_str: buffer overflow building DHCP options");
5915 if (len < 1 || len > 255)
5918 msg(
M_WARN,
"write_dhcp_str: string '%s' must be > 0 bytes and <= 255 bytes", str);
5936 int array_len,
bool *error)
5941 int label_length_pos;
5943 for (i = 0; i < array_len; i++)
5945 const char *ptr = str_array[i];
5947 if (strlen(ptr) +
len + 1 >
sizeof(tmp_buf))
5950 msg(
M_WARN,
"write_dhcp_search_str: temp buffer overflow building DHCP options");
5958 label_length_pos =
len++;
5962 if (*ptr ==
'.' || *ptr ==
'\0')
5964 tmp_buf[label_length_pos] = (
len-label_length_pos)-1;
5965 label_length_pos =
len;
5971 tmp_buf[
len++] = *ptr++;
5980 msg(
M_WARN,
"write_search_dhcp_str: buffer overflow building DHCP options");
5986 msg(
M_WARN,
"write_dhcp_search_str: search domain string must be <= 255 bytes");
6033 msg(
M_WARN,
"build_dhcp_options_string: buffer overflow building DHCP options");
6053 const int pre_sleep = 1;
6055 buf_printf(&cmd,
"openvpn --verb %d --tap-sleep %d", verb, pre_sleep);
6088 msg(
M_WARN,
"Register_dns failed using service: %s [status=0x%x]",
6094 msg(
M_INFO,
"Register_dns request sent to the service");
6127 msg(
M_NONFATAL,
"Register ring buffers failed using service: %s [status=0x%x]",
6133 msg(
M_INFO,
"Ring buffers registered via service");
6153 buf_printf(&cmd,
"openvpn --verb %d --register-dns --rdns-internal", verb);
6167 dsa = (local | (~netmask)) + offset;
6171 dsa = (local & netmask) + offset;
6176 msg(
M_FATAL,
"ERROR: There is a clash between the --ifconfig local address and the internal DHCP server address -- both are set to %s -- please use the --ip-win32 dynamic option to choose a different free address from the --ifconfig subnet for the internal DHCP server",