I’m hoping this is the right place to bring this issue, i’ve had no luck with
searching or bodging a solution on my own, and may need some help with a
slightly-modified TAP adapter driver.
I’m running into an issue between the TAP adapter and Windows 10 ‘soft
disconnect’ behavior for wireless connections causing recursive routing when
connected to a redirect-gateway VPN. The service/feature in Windows is called
Windows Connection Manager service, poorly documented here:
https://docs.microsoft.com/en-us/windows-hardware/drivers/mobilebroadband/understanding-and-configuring-windows-connection-manager
<https://docs.microsoft.com/en-us/windows-hardware/drivers/mobilebroadband/understanding-and-configuring-windows-connection-manager>
In a nutshell it silently redirects traffic to the more ‘reliable’ Ethernet
OpenVPN adapter, overriding my /32 route and causing all traffic to fail as it
recursively routes my traffic.
Microsoft makes some suggestion to disable the ‘prevent multiple connections to
the Internet’ setting, but doing this does not seem to change the behavior when
weak (but still functional) wireless signal is detected on the WLAN adapter.
Microsoft see this as a problem with OpenVPN and refuse to do anything about it.
https://support.microsoft.com/en-us/help/2919900/windows-connection-manager-disconnects-wlan-if-a-vpn-connection-is-est
<https://support.microsoft.com/en-us/help/2919900/windows-connection-manager-disconnects-wlan-if-a-vpn-connection-is-est>
The upshot is that if Windows detected the TAP adapter as something other than
iftype 0x6 EthernetCSMACD it wouldn’t exhibit this behavior, and Microsoft
suggest 0x53 ‘virtual’ or 0x83 ’tunnel’ as the VPN adapter’s iftype (I’d
suggest 0x84 for the comedy option).
I’ve found someone who’s successfully hacked this to work
https://forums.openvpn.net/viewtopic.php?t=14942
<https://forums.openvpn.net/viewtopic.php?t=14942> but I’m not able to
reproduce it on my own, but it seems reasonable that it should work. I’m
wondering if it makes sense to change the underlying TAP driver (or make the if
type an option) since Windows seems to be getting “smarter” about interfaces
and making routing or even security policy decisions based on the interface
type presented.
The reason I’m posting this to the Dev list is I’ve no idea what the
ramifications of changing the iftype, maybe someone’s looked in to this, but I
haven’t seen any mention on this list about it. It seems reasonable that the
change should be relatively minor, but again i’m not aware of all the corner
cases that might rely on the if type being Ethernet for Windows to work
properly.
Thanks for listening
Karl Mueller
ewi...@gmail.com
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
