From patchwork Sat May 10 18:19:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4245 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:a32a:b0:656:592e:a137 with SMTP id jh42csp76387mab; Sat, 10 May 2025 11:20:03 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXiJsyhvBmxN9zgQkNDMGhtZa6Rdx3QwhLvvE1CYqigAKdvjB1NBQf/vzI7p7cXna8DUSUB33ajiZs=@openvpn.net X-Google-Smtp-Source: AGHT+IG/5ma4CychsOd5XYpFuEcONawYL3AAQWQVolk0fqQl0XvumXnWisn9LEN/3N2lJMqq+RPv X-Received: by 2002:a05:6820:1b09:b0:607:cc1a:572f with SMTP id 006d021491bc7-6084c0e419fmr4687004eaf.6.1746901202768; Sat, 10 May 2025 11:20:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1746901202; cv=none; d=google.com; s=arc-20240605; b=W1SwkT6ZXbG/ZMmJN3b3uBej4bUXEUQviE3FtaOwjOF7TJWRIxdWzcQkxvLO8LkiCJ f2LwyIOWwdK5MCc/4Zah1gw2pJkc0+ozKExu7vjR657IyaS2iFL5wTW0c8zHSsQ8ZXJT IyYedKcmUIUNG1gT9c38o4XkVFd3Yzc8ei/SjdWs3Mea6Sl214TSjESEREbDb1+y83op cWcGsm3mkVkT2vvFFifEGP8EYU3ud2Sf8r5ny9s0HQiJVCpGU9TnN/4Q00thyA1r+1di fHkEEA3+iaxki2CB+5mMb+sfG/ugkPJWZphQYUud7sKxZ2eDqBpFHFM2/u3RlcIgQgZ6 OkRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=U/TQe4JwxZNscAwOhz+wou2aM7wDDGWlyOM96E/hwTw=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=Ja0wakJh2pMYAT1H3jdBdImJerZ8oXRVajA2j48AcBZzwM8/6j029Xqz45QliHXW80 DK2YgZsvWfLOF37C9dDn+AXmnwr61zocT9XrOrOBEjwSTMNnVmLj+39fpN0RkXtr6NDR 3XM8peEiZFdJbNaz5a7hhGvHMdM5xUjQAJ/07DYQinivKZF/XRYzPk7WAAbgL+kvpQSz SmmFbcxp4Ti5jIMtHnecqfF32/waZAbkTX5L0QY1wPBzJeRCCA7vLlF8tlqm2f4WSycZ V2ePE4PNNibjKRKgM2O81vMihrwB2U7ahiJtfLJ96sCpA4UN5alUou+25OJUuSmTCym7 8m+Q==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=UOSrN4+y; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="lhxv/o3I"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=CysbAw0A; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-6083feec55dsi2604326eaf.68.2025.05.10.11.20.02 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 10 May 2025 11:20:02 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=UOSrN4+y; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="lhxv/o3I"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=CysbAw0A; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=U/TQe4JwxZNscAwOhz+wou2aM7wDDGWlyOM96E/hwTw=; b=UOSrN4+yFiuu+LqAXIzqTEInoG Tt4a9nAiUsDznjWCGwALHxNikZOfokEcBK9lDfrSD/ORApaM2O8PHLXW0PscNTlIXIeIc2FZqsZWH wMXIvuJ3WlB5NMLhR0ftDXrH7aTAKEMpEKHEIwGvNlOqPBBl/luyXRJZtOLM7tqjr7Xw=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1uDonj-0003oJ-00; Sat, 10 May 2025 18:19:55 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1uDong-0003oC-VP for openvpn-devel@lists.sourceforge.net; Sat, 10 May 2025 18:19:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=PhImClWkFl0T5OqVM0wFFGchTRSva+LzpRMA0W6iMZ8=; b=lhxv/o3IQsV46AFq98pvTWjlXi 9keZWuYJD12LfNOV0U/n6WteMHljbN1PIReySGTfDMbVOKcrlU1sddWGS2VZum7fxgKUpY/gypAS8 htx48q2kCN9RThZ+vSjMDjSS4X4BrEV6W31qbrOL6+wViGJKOiMf36VonZJmXQZEEfAY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=PhImClWkFl0T5OqVM0wFFGchTRSva+LzpRMA0W6iMZ8=; b=CysbAw0AxX/ZxjU7vmOfN+ftqu +uRDKZdzasumWPfC31F/LOnJogcyWAGhvR40i1yNl3+4jfn1+WozSCTFMESH4PAZnda+ECzqL7hUW B51lFMsgV3kyZZta9gcCCXv8Xnh/weujWq98BZVNqiHwMAH5TZXCarttQyuz3a6jg04w=; Received: from [193.149.48.143] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1uDone-0002R1-Ac for openvpn-devel@lists.sourceforge.net; Sat, 10 May 2025 18:19:52 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 54AIJbns003016 for ; Sat, 10 May 2025 20:19:37 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 54AIJbN9003015 for openvpn-devel@lists.sourceforge.net; Sat, 10 May 2025 20:19:37 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sat, 10 May 2025 20:19:30 +0200 Message-ID: <20250510181937.2993-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.7 (+) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Lev Stipakov The installer currently creates one adapter per driver. When a user tries to start a second VPN connection while another is active, the client fails with an unclear error message: Content analysis details: (1.7 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openvpn.net] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.143 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.143 listed in sa-trusted.bondedsender.org] 0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail) [SPF failed: Rejected by SPF record] 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1uDone-0002R1-Ac Subject: [Openvpn-devel] [PATCH v3] win: create adapter on demand X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1831758675415660904?= X-GMAIL-MSGID: =?utf-8?q?1831758675415660904?= From: Lev Stipakov The installer currently creates one adapter per driver. When a user tries to start a second VPN connection while another is active, the client fails with an unclear error message: "All ovpn-dco adapters on this system are currently in use or disabled." This message does not guide the user toward resolving the issue, such as by running the shortcut "Add a new dco-win virtual network adapter." To improve user experience, the client will now create an adapter on demand when no available adapters exist. The client sends a command specifying the adapter type to the interactive service, which then executes tapctl.exe to create a new adapter. This feature requires the interactive service, but this should not pose a problem since even our automatic service has recently started relying on the interactive service. GitHub: #728 Change-Id: I621d44ec6b0facc524875c15ddfd11ec47b06c15 Signed-off-by: Lev Stipakov Acked-by: Selva Nair --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/943 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Selva Nair diff --git a/include/openvpn-msg.h b/include/openvpn-msg.h index 8b48053..2cf8d40 100644 --- a/include/openvpn-msg.h +++ b/include/openvpn-msg.h @@ -47,7 +47,8 @@ msg_register_ring_buffers, msg_set_mtu, msg_add_wins_cfg, - msg_del_wins_cfg + msg_del_wins_cfg, + msg_create_adapter } message_type_t; typedef struct { @@ -172,4 +173,15 @@ int mtu; } set_mtu_message_t; +typedef enum { + ADAPTER_TYPE_DCO, + ADAPTER_TYPE_TAP, + ADAPTER_TYPE_WINTUN +} adapter_type_t; + +typedef struct { + message_header_t header; + adapter_type_t adapter_type; +} create_adapter_message_t; + #endif /* ifndef OPENVPN_MSG_H_ */ diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index a0c22b1..34a049e 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2231,6 +2231,7 @@ ALLOC_OBJ_CLEAR(tt, struct tuntap); tt->backend_driver = DRIVER_DCO; + tt->options.msg_channel = c->options.msg_channel; const char *device_guid = NULL; /* not used */ tun_open_device(tt, c->options.dev_node, &device_guid, &c->gc); diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 4f7de6c..0bde6ef 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -451,6 +451,71 @@ argv_free(&argv); } +/** + * Requests the interactive service to create a VPN adapter of the specified type. + * + * @param msg_channel Handle to the interactive service communication pipe. + * @param driver_type Adapter type to create (e.g., TAP, Wintun, DCO). + * + * @return true on success, false on failure. + */ +static bool +do_create_adapter_service(HANDLE msg_channel, enum tun_driver_type driver_type) +{ + bool ret = false; + ack_message_t ack; + struct gc_arena gc = gc_new(); + + adapter_type_t t; + switch (driver_type) + { + case WINDOWS_DRIVER_TAP_WINDOWS6: + t = ADAPTER_TYPE_TAP; + break; + + case WINDOWS_DRIVER_WINTUN: + t = ADAPTER_TYPE_WINTUN; + break; + + case DRIVER_DCO: + t = ADAPTER_TYPE_DCO; + break; + + default: + msg(M_NONFATAL, "Invalid backend driver %s", print_tun_backend_driver(driver_type)); + goto out; + } + + create_adapter_message_t msg = { + .header = { + msg_create_adapter, + sizeof(create_adapter_message_t), + 0 + }, + .adapter_type = t + }; + + if (!send_msg_iservice(msg_channel, &msg, sizeof(msg), &ack, "create_adapter")) + { + goto out; + } + + if (ack.error_number != NO_ERROR) + { + msg(M_NONFATAL, "TUN: creating %s adapter using service failed: %s [status=%u]", + print_tun_backend_driver(driver_type), strerror_win32(ack.error_number, &gc), ack.error_number); + } + else + { + msg(M_INFO, "%s adapter created using service", print_tun_backend_driver(driver_type)); + ret = true; + } + +out: + gc_free(&gc); + return ret; +} + #endif /* ifdef _WIN32 */ #ifdef TARGET_SOLARIS @@ -6589,9 +6654,8 @@ const struct tap_reg *tap_reg = get_tap_reg(gc); const struct panel_reg *panel_reg = get_panel_reg(gc); const struct device_instance_id_interface *device_instance_id_interface = get_device_instance_id_interface(gc); - uint8_t actual_buffer[256]; - at_least_one_tap_win(tap_reg); + uint8_t actual_buffer[256]; /* * Lookup the device name in the registry, using the --dev-node high level name. @@ -6622,6 +6686,7 @@ else { int device_number = 0; + int adapters_created = 0; /* Try opening all TAP devices until we find one available */ while (true) @@ -6637,7 +6702,22 @@ if (!*device_guid) { - msg(M_FATAL, "All %s adapters on this system are currently in use or disabled.", print_tun_backend_driver(tt->backend_driver)); + /* try to create an adapter a few times if we have a service pipe handle */ + if ((++adapters_created > 10) || !do_create_adapter_service(tt->options.msg_channel, tt->backend_driver)) + { + msg(M_FATAL, "All %s adapters on this system are currently in use or disabled.", print_tun_backend_driver(tt->backend_driver)); + } + else + { + /* we have created a new adapter so we must reinitialize adapters structs */ + tap_reg = get_tap_reg(gc); + panel_reg = get_panel_reg(gc); + device_instance_id_interface = get_device_instance_id_interface(gc); + + device_number = 0; + + continue; + } } if (tt->backend_driver != windows_driver) diff --git a/src/openvpnserv/common.c b/src/openvpnserv/common.c index 4a11e6c..198835e 100644 --- a/src/openvpnserv/common.c +++ b/src/openvpnserv/common.c @@ -96,6 +96,14 @@ goto out; } + swprintf(default_value, _countof(default_value), L"%ls\\bin", install_path); + error = GetRegString(key, L"bin_dir", s->bin_dir, sizeof(s->bin_dir), + default_value); + if (error != ERROR_SUCCESS) + { + goto out; + } + error = GetRegString(key, L"config_ext", s->ext_string, sizeof(s->ext_string), L".ovpn"); if (error != ERROR_SUCCESS) diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index f06d386..8a7b50d 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -125,6 +125,7 @@ register_ring_buffers_message_t rrb; set_mtu_message_t mtu; wins_cfg_message_t wins; + create_adapter_message_t create_adapter; } pipe_message_t; typedef struct { @@ -3107,6 +3108,52 @@ return err; } +/** + * Creates a VPN adapter of the specified type by invoking tapctl.exe. + * + * @param msg Adapter creation request specifying the type. + * + * @return NO_ERROR on success, otherwise a Windows error code. + */ +static DWORD +HandleCreateAdapterMessage(const create_adapter_message_t *msg) +{ + const WCHAR *hwid; + + switch (msg->adapter_type) + { + case ADAPTER_TYPE_DCO: + hwid = L"ovpn-dco"; + break; + + case ADAPTER_TYPE_TAP: + hwid = L"root\\tap0901"; + break; + + case ADAPTER_TYPE_WINTUN: + hwid = L"wintun"; + break; + + default: + return ERROR_INVALID_PARAMETER; + } + + WCHAR cmd[MAX_PATH]; + WCHAR args[MAX_PATH]; + + if (swprintf_s(cmd, _countof(cmd), L"%s\\tapctl.exe", settings.bin_dir) < 0) + { + return ERROR_BUFFER_OVERFLOW; + } + + if (swprintf_s(args, _countof(args), L"tapctl create --hwid %s", hwid) < 0) + { + return ERROR_BUFFER_OVERFLOW; + } + + return ExecCommand(cmd, args, 10000); +} + static VOID HandleMessage(HANDLE pipe, PPROCESS_INFORMATION proc_info, DWORD bytes, DWORD count, LPHANDLE events, undo_lists_t *lists) @@ -3206,6 +3253,13 @@ } break; + case msg_create_adapter: + if (msg.header.size == sizeof(msg.create_adapter)) + { + ack.error_number = HandleCreateAdapterMessage(&msg.create_adapter); + } + break; + default: ack.error_number = ERROR_MESSAGE_TYPE; MsgToEventLog(MSG_FLAGS_ERROR, L"Unknown message type %d", msg.header.type); diff --git a/src/openvpnserv/service.h b/src/openvpnserv/service.h index cbe213b..cebc67f 100644 --- a/src/openvpnserv/service.h +++ b/src/openvpnserv/service.h @@ -63,6 +63,7 @@ typedef struct { WCHAR exe_path[MAX_PATH]; WCHAR config_dir[MAX_PATH]; + WCHAR bin_dir[MAX_PATH]; WCHAR ext_string[16]; WCHAR log_dir[MAX_PATH]; WCHAR ovpn_admin_group[MAX_NAME];