DHCP over tap (Set alternate nameserver) DHCP requested before new mac adress set

[Hallelujah]

Hello everyone.

I run into a big problem.

I have set up a Ubuntu server with openvpn and a dhcp3-server.

Here is my openvpn server config (bridge serverr tap0-eth0 through
br0)

--------------8<--------------
port 1194
proto udp
dev tap0
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
mode server
tls-server
client-to-client
ping 10
ping-restart 300
ping-timer-rem
resolv-retry 300
comp-lzo
user nobody
group nogroup
status openvpn-status.log
verb 3
--------------8<--------------

I have set up my DHCP server to lease IP adress depending the MAC
address, range 10.8.0.2 10.8.0.50 for other servers over the world
and range 10.8.0.100 10.8.0.200 for user computers

--------------8<--------------
class "openvpn" {
match if substring(hardware, 1, 2) = 00:FF;
}

subnet 10.8.0.0 netmask 255.255.255.0 {
pool {
deny members of "openvpn";
range 10.8.0.2 10.8.0.50;
}

pool {
allow members of "openvpn";
range 10.8.0.100 10.8.0.200;
}
}
--------------8<--------------


All the clients have the nearly same openvpn config :

--------------8<--------------

client
dev tap
lladdr 00:ff:01:23:45:2f
proto udp
remote vpn.domain.tld 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert ovh.crt
key ovh.key
passtos
ns-cert-type "server"
tls-remote my.domain.tld
comp-lzo
verb 3
mute 20
ping 10
ping-restart 300
ping-timer-rem
resolv-retry 300
route-delay 20
up-delay 10
--------------8<--------------

For up and down, I use a very simple script for Ubuntu computers like
this (up.sh) . It work very well !!!

--------------8<--------------
#!/bin/bash
ifconfig $1 up &
ifup $1 &
dhcp3client $1
exit 0
--------------8<--------------


Under Mac OS X, I use Tunnelblick without up.sh and down.sh

I tried all DNS settings options (set alternate 1 etc ...) but I ran
into the same problem each time : my DHCP server does not lease any
valid IP address !!! Just fallback to a 169.254.x.x IP address
I see theses commands from /var/log/system.log :

-----8<----
ifconfig tap0 lladdr 00:ff:01:23:45:01
ipconfig set tap0 DHCP
-----8<----


After digging a while, I figure out the problem when viewing the log
file of my DHCP server
-----8<----
Jun 30 23:02:35 kerberos dhcpd: DHCPDISCOVER from ba:d0:a8:13:bc:0f
(oberon) via br0
Jun 30 23:02:35 kerberos dhcpd: DHCPOFFER on 10.8.0.38 to
ba:d0:a8:13:bc:0f (oberon) via br0
Jun 30 23:02:36 kerberos kernel: [1232740.066491] martian source
169.254.84.202 from 169.254.84.202, on dev br0
Jun 30 23:02:36 kerberos kernel: [1232740.066497] ll header:
ff:ff:ff:ff:ff:ff:00:ff:01:23:45:01:08:06
Jun 30 23:02:37 kerberos kernel: [1232740.465614] martian source
169.254.84.202 from 169.254.84.202, on dev br0
Jun 30 23:02:37 kerberos kernel: [1232740.465623] ll header:
ff:ff:ff:ff:ff:ff:00:ff:01:23:45:01:08:06
-----8<----

It seems that the DHCP request is sent before a new mac adress is set
(ifconfig tap0 lladdr 00:ff:01:23:45:01) OR the tap0 address is not
set correctly

Is this a bug from the tap driver, from openvpn or from tunnelblick ?

Has anyone of you already solved this kind of problem ?

Many thanks in advance

[jkbull...gmail.com]

That may be a bug in the "alternate" up script.

Have you tried Tunnelblick 3.2beta20 with the standard ("Set nameserver") setting? It has a new script which is supposed to take care of problems like this, and is supposed to work with both tun and tap connections.

Please try it and let us know how that works.

[Hallelujah]

Ok it works with the new version BUT the domain/search name seems to be cut (my domain is in.pool-1.org) !

scutil --dns tells me :

$ scutil --dns

DNS configuration

resolver #1

  domain : in.pool

  search domain[0] : in.pool

  nameserver[0] : 10.8.0.1

  order   : 200000

Another issue :)

[Hallelujah]

I've found the bug.

It is on the line 428 of /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh

To match - (minus) in a list you have to prepend it : escaping will not work 

- sDomainName=`echo "$sGetPacketOutput"|grep "domain_name "|grep -Eo ": [A-Za-z\-\.]+"|grep -Eo "[A-Za-z\-\.]+"`

+ sDomainName=`echo "$sGetPacketOutput"|grep "domain_name "|grep -Eo ": [-A-Za-z\-\.]+"|grep -Eo "[-A-Za-z\-\.]+"`

[Nick Williams]

Thanks for reporting this and looking into the solution! You saved me some headache. The thing about regular expressions: you learn something new about them every day.

Jonathan, I looked through the script just to make sure and didn't find any other regular expressions where a hyphen needed to be prepended. It should be as simple as just swapping out line 428, just like he said. Let me know if you have any questions.

Good catch!

Nick

--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To view this discussion on the web visit https://groups.google.com/d/msg/tunnelblick-discuss/-/yjQ_7L4v1-8J.
To post to this group, send email to tunnelbli...@googlegroups.com.
To unsubscribe from this group, send email to tunnelblick-dis...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/tunnelblick-discuss?hl=en.

[jkbull...gmail.com]

Great! Thank you both.

I have just committed the changes as r1575. I will release a new beta "soon" (tonight or tomorrow, probably).

[Hallelujah]

Wel, well, well.

After a reboot, the mac address with DHCP issue is back.

[Marvin Raczek]

Hej, I have a similar problem with the changing and random Mac address.

My research provided me, the answer is in the tap file. The source brings up this lines.http://code.google.com/p/tunnelblick/source/browse/trunk/third_party/tuntap/src/tap/tap.cc

/* generate a random MAC address */

read_random(LLADDR(&lladdr), ETHER_ADDR_LEN);

/* register interface */

if (!tuntap_interface::register_interface(&lladdr, ETHER_BROADCAST_ADDR, ETHER_ADDR_LEN))

return EIO;

 I for me will research more in building my own tap file, i would love it if someone could help.

[jkbull...gmail.com]

I've just noticed the OpenVPN "lladdr" option (see http://www.openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html).

It lets you specify a link layer address (MAC address) that will be used for TAP connections.

[Hallelujah]

Le vendredi 21 octobre 2011 02:27:23 UTC+2, jkbull...gmail.com a écrit :

I've just noticed the OpenVPN "lladdr" option (see http://www.openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html).

It lets you specify a link layer address (MAC address) that will be used for TAP connections.

I tried that already

I compiled my own tap driver manually setting the MAC tap address

diff --git a/tuntap/src/tap/tap.cc b/tuntap/src/tap/tap.cc

index 01a09ce..8a81958 100644

--- a/tuntap/src/tap/tap.cc

+++ b/tuntap/src/tap/tap.cc

@@ -97,6 +97,14 @@ tap_interface::initialize_interface()

        (LLADDR(&lladdr))[0] &= 0xfe;

        (LLADDR(&lladdr))[0] |= 0x02;

 

+       // Hard coded address : LLADDR(&lladdr)

+       LLADDR(&lladdr)[0] = 0x00;

+       LLADDR(&lladdr)[1] = 0xff;

+       LLADDR(&lladdr)[2] = 0x01;

+       LLADDR(&lladdr)[3] = 0x23;

+       LLADDR(&lladdr)[4] = 0x45;

+       LLADDR(&lladdr)[5] = 0x01;

+

        dprintf("tap: random tap address: %02x:%02x:%02x:%02x:%02x:%02x\n",

                        (LLADDR(&lladdr))[0] & 0xff,

                        (LLADDR(&lladdr))[1] & 0xff,

It is surely an issue of tap driver