Home page logo

basics logo Security Basics mailing list archives

[VPN] DHCP not working on tinc 1.0.3 for windows
From: João Paulo Caldas Campello <protecao () gmail com>
Date: Tue, 21 Dec 2004 17:39:07 -0300


    Dunno if that's the correct list to send VPN-related questions,
but I've found no better choice. My problem is very specific. Below
there's a description of the scenario and issues.

* Scenario:

   - Daemon: TINC VPN daemon (http://www.tinc-vpn.org/) running on a
Linux 2.4.x box with bridge mode support enabled between local (eth0)
and vpn (vpn) interfaces, creating a new "br0" interface.
   - Client: TINC 1.0.2 running on Windows XP.
   - VPN working fine with "switch" mode on a Linux bridged interface.

     So, the virtual interface on WinXP is on the "same network
segment" of the Linux box, which makes possible to query (via
broadcast) a DHCP server on a server located on the Linux's physical
local network.

     It works fine! My WinXP box can auto-configure it's network
adapter through DHCP server on the Linux side.

* Issues:

   - After I upgraded the WinXP box to SP2, the virtual interface
(TAP) for the "TAP-Win32 Adapter" has just disappeared. This is,
indeed, a documented bug related to the way WinXP SP2 deals with
network adapters names.

   - The solution recommended by TINC VPN site is to upgrade to TINC
for Windows version 1.0.3 (no update needed on Linux side).

     Done that, there is a new virtual interface (TAPDEV) for the new
"TAP-Win32 Adapter V8" Adapter. All we have to do is tweak the TINC
client configuration file to use the new interface, if it was
installed with a different name from the previous one.

     After all necessary changes were made, TINC client can connect
again to the VPN server located on the Linux box.

     The problem is that I can no longer auto-configure the virtual
interface (TAPDEV) on WinXP through the DHCP server on Linux's
physical local network.

     If the interface is manually configured, the VPN works fine.
* Debugging:

     1. Sniffing (tcpdump) on Linux side (on 'br0' interface) shows me
that the DHCP client query (broadcast) done by WinXP box is passing
through the VPN and getting to the Linux's local network, therefore
reaching the DHCP server.

    In fact, the DHCP server sees the request and replies to it, as shown below:

Client request (A): >  xid:0x54b89a0a [|bootp] (ttl
128, id 39927, len 328)

Server reply (B):
172.X.Y.1.bootps >  xid:0x54b89a0a
Y:172.X.Y.10 S:172.X.Y.1 ether 0:ff:63:56:ab:f [|bootp] (ttl 128, id
1975, len 337)

     2. Sniffing (windump) on the WinXP side (on virtual TAP
interface) shows me only the initial query (A) already shown above.

     WinDump doesn't show any information about the server's reply.

     Because the VPN is working fine with manual IP configuration, I
conclude there's no problem in traffic flow from Linux to Windows, but
there's probably a bug in the TINC VPN client (v1.0.3) for Windows
that doesn't decapsulate the DHCP server's reply and, thus, prevents
the traffic for getting to the virtual TAP interface on my WinXP box.
In fact, that's just an assumption.

     Additionally, I tried to use the "Win-32 TAP Adapter V8"
(tap0801) from OpenVPN's site in substituion of the "Win-32 TAP
Adapter" (tapdev) from the TINC VPN site. The results are the same: no
DHCP server's reply on WinXP side.

     Google returned no related solution and even no related problem.

     Does anyone have an idea, suggestion or I'm doing something wrong?

Thanks in advance,

Joao Paulo.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]