Tunnel UP, but no traffic
David Woodhouse
dwmw2 at infradead.org
Thu Sep 22 11:49:26 PDT 2016
On Thu, 2016-09-22 at 21:15 +0300, Ultimat wrote:
> Hello!
>
> I have a trouble with command line tool , details are here: https:/
> /github.com/openconnect/openconnect-gui/issues/132 .
> I think, this trouble is the same as this one: http://lists.infradea
> d.org/pipermail/openconnect-devel/2015-April/002936.html
>
> Can you help me with it or problem is in windows TAP driver?
Do you also have a netmask of 255.255.255.255? This is a limitation of
the Windows TAP driver... which I believe is down to a fundamental
limitation of the Windows network stack. It needs us to pretend to be
Ethernet and even fake doing ARP for the "router" on the subnet.
Perhaps we need to reduce the netmask to a /31 at least for the benefit
of the TAP driver? And maybe for the configuration given to
vpnc-scripts.js too?
Does this help?
diff --git a/tun-win32.c b/tun-win32.c
index a7f2258..b31713c 100644
--- a/tun-win32.c
+++ b/tun-win32.c
@@ -197,6 +197,10 @@ static intptr_t open_tun(struct openconnect_info *vpninfo, char *guid, char *nam
data[0] = inet_addr(vpninfo->ip_info.addr);
data[2] = inet_addr(vpninfo->ip_info.netmask);
data[1] = data[0] & data[2];
+ /* Because of the nasty way it fakes ARP, the Windows TAP
+ * driver really needs a netmask other than 255.255.255.255 */
+ if (data[2] == 0xffffffff)
+ data[2] = 0xfeffffff;
if (!DeviceIoControl(tun_fh, TAP_IOCTL_CONFIG_TUN,
data, sizeof(data), data, sizeof(data),
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160922/622cbf38/attachment-0001.bin>
More information about the openconnect-devel
mailing list