diff mbox series

[Openvpn-devel,v1] tun.c: set IPv4 address temporary on Windows

Message ID 20251210075906.27693-1-gert@greenie.muc.de
State New
Headers show
Series [Openvpn-devel,v1] tun.c: set IPv4 address temporary on Windows | expand

Commit Message

Gert Doering Dec. 10, 2025, 7:59 a.m. UTC 
From: Lev Stipakov <lev@openvpn.net>

Use store=active to set IPv4 address temporary so that
it will be removed on reboot. This makes the behavior
consistent with deletion and IPv6, where we already use
store=active.

https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/netsh-interface

GitHub: https://github.com/OpenVPN/openvpn/issues/915

Change-Id: I07311f397e6cd278b90c33f024e927c282cd03e4
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1430
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1430
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Gert Doering <gert@greenie.muc.de>

Comments

Gert Doering Dec. 10, 2025, 9:17 a.m. UTC | #1 
Arguably this is a bug, but it's a bug in a dark corner of a niche use
case - *if* running OpenVPN on windows with privileges, *and* not using
DHCP but "ip-win32 netsh", *and* still using IPv4, then we install the
IPv4 address using no explicit "store=<nnn>" command - which defaults to
"permanent" (unlike "ip address add ..." on a unixoid system, which is
never persistent) - so the IPv4 address sticks across reboots.

First mistake... and then, on session end, we try to remove it with
"store=active" - which makes it go away *up to the next reboot*, and
then it's back, possibly interfering with future uses.

So this patch adds the "store=active" to the netsh.exe call inside
openvpn.exe for IPv4.  This will fix it for all future assignments, but
not for "existing leftovers" - these will need to be fixed manually (once).

(One of the grand plans for 2.8 is "rip out all this from openvpn, only
support a single method, which is IPAPI via interactive service" - but
for 2.7 and 2.6, this is a bug that needs to be fixed short term)

The backport to 2.6 is trivial, though "cherrypick" does not work out of
the box due to the clang-reformat of the function call.


This said, I have not actually *tested* it, beyond "does it compile" - the
issue is clearly understood, the fix is clear, and it's just a string
change (as far as openvpn is concerned).


Your patch has been applied to the master and release/2.6 branch (bug).

commit 93c9b47cb0916c16ef76e6ecb5bf3f2ba7d267aa (master)
commit 3aacb621b56015f92cc0ae79987fa29c33842a2d (release/2.6)
Author: Lev Stipakov
Date:   Wed Dec 10 08:59:00 2025 +0100

     tun.c: set IPv4 address temporary on Windows

     Signed-off-by: Lev Stipakov <lev@openvpn.net>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1430
     Message-Id: <20251210075906.27693-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34975.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 0299285..849eddc 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -5119,8 +5119,8 @@ 
         }
         else
         {
-            /* example: netsh interface ip set address 42 static 10.3.0.1 255.255.255.0 */
-            argv_printf(&argv, "%s%s interface ip set address %lu static %s %s", get_win_sys_path(),
+            /* example: netsh interface ip set address 42 static 10.3.0.1 255.255.255.0 store=active */
+            argv_printf(&argv, "%s%s interface ip set address %lu static %s %s store=active", get_win_sys_path(),
                         NETSH_PATH_SUFFIX, adapter_index, print_in_addr_t(ip, 0, &gc),
                         print_in_addr_t(netmask, 0, &gc));