I have recently got into WTware in a big way and think it's a fantastic product—many thanks for your work on it and the excellent supporting documentation.
I've run into a problem with OpenVPN connections. My OpenVPN server pushes DNS server addresses and a domain name to clients, and enables force tunnelling. This works on all other (iOS/MacOS/Windows) clients, but on my WTware terminal, the DNS server addresses are not being applied. This means that the terminal cannot access internal resources by name.
The terminal is configured as follows:
- OS (5.6.16) stored on USB
- Config file stored on USB
- Connecting over wi-fi
- OpenVPN config file with embedded keys/certs stored in /configs
- Second screen launches Chrome
The config file contains three entries that use domain names (not IP addresses) for the destination, plus one --new-- entry.
When I click on any of the first three entries, I get the error:
Code: Select all
Failed to convert <hostname> to IP address.
Possibly, DNS-server doesn't work or is not specified.
However, if I click "Enter server address" and specify an IP address, it connects just fine.
I know that force-tunnelling is working properly because if I go to Chrome and access whatismyip.com, I see the external address of the VPN endpoint.
I can also use Chrome to examine the logs of the client. Here's what I get:
Code: Select all
[ WPA] [ 65.847252] eth0: SME: Trying to authenticate with b2:48:1a:1f:9d:94 (SSID='SSID' freq=2412 MHz)
[ KERNEL] [ 65.847270] eth0: authenticate with b2:48:1a:1f:9d:94
[ KERNEL] [ 65.915834] eth0: send auth to b2:48:1a:1f:9d:94 (try 1/3)
[ KERNEL] [ 65.918832] eth0: authenticated
[ WPA] [ 65.918914] eth0: Trying to associate with b2:48:1a:1f:9d:94 (SSID='SSID' freq=2412 MHz)
[ initrd] [ 65.925938] State ASSOCIATING before handshake, do nothing.
[ KERNEL] [ 65.924025] eth0: associate with b2:48:1a:1f:9d:94 (try 1/3)
[ KERNEL] [ 65.927334] eth0: RX AssocResp from b2:48:1a:1f:9d:94 (capab=0x411 status=0 aid=1)
[ KERNEL] [ 65.933952] eth0: associated
[ WPA] [ 65.934049] eth0: Associated with b2:48:1a:1f:9d:94
[ KERNEL] [ 65.992724] eth0: Limiting TX power to 20 (20 - 0) dBm as advertised by b2:48:1a:1f:9d:94
[ WPA] [ 66.055859] eth0: WPA: Key negotiation completed with b2:48:1a:1f:9d:94 [PTK=CCMP GTK=CCMP]
[ WPA] [ 66.055884] eth0: CTRL-EVENT-CONNECTED - Connection to b2:48:1a:1f:9d:94 completed [id=0 id_str=]
[ initrd] [ 66.227051] wpa_state=COMPLETED
[ initrd] [ 66.227068] WTpassword empty.
[ initrd] [ 68.344046] dhcp: 328 bytes from 172.20.10.1.
[ initrd] [ 68.344071] 00000000:000001340000000000110000AC140A01AC140A08004300440134000002010600 ...4..............C.D.4......
...
[ initrd] [ 68.344201] 000000e0:0000000000000000000000000000000000000000000000000000000000000000 ................................
[ initrd] [ 70.451982] dhcp: 328 bytes from 172.20.10.1.
[ initrd] [ 70.452016] 00000000:000001340000000000110000AC140A01AC140A08004300440134000002010600 ...4..............C.D.4......
...
[ initrd] [ 70.452140] 000000e0:0000000000000000000000000000000000000000000000000000000000000000 ................................
[ initrd] [ 70.468033] dhcp: server address 172.20.10.1.
[ initrd] [ 70.468054] dhcp: 172.20.10.8/255.255.255.240.
[ initrd] [ 70.468073] dhcp: default gateway 172.20.10.1.
[ initrd] [ 70.468092] dhcp: DNS 172.20.10.1.
[ initrd] [ 70.468111] dhcp: TFTP from siaddr 172.20.10.1.
[ initrd] [ 70.468129] dhcp: TFTP 172.20.10.1.
[ initrd] [ 70.468148] No boot file from DHCP.
[ initrd] [ 70.468167] TFTP binary "", configs prefix "", using "/" slash.
WTC listener is active.
WTC broadcast listener is active.
Send broadcast WTCU discover.
[ initrd] [ 70.468883] Run OpenVPN with user config configs/openvpn.cfg.
[ initrd] [ 70.468905] +--- Executing "/sbin/modprobe tun"
[ initrd] [ 70.470004] +- Errorlevel: 0, output:
[ KERNEL] [ 70.469860] tun: Universal TUN/TAP device driver, 1.6
[ KERNEL] [ 70.469861] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
File is empty.
[ initrd] [ 70.470117] +------------------------
[ initrd] [ 70.470132] +--- Executing "/usr/sbin/openvpn /etc/client.conf"
[SYSLOG] <29>Oct 17 20:49:38 openvpn[1000]: OpenVPN 2.3.10 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
[SYSLOG] <29>Oct 17 20:49:38 openvpn[1000]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
[ initrd] [ 70.474344] +- Errorlevel: 0, output:
File is empty.
[ initrd] [ 70.474395] +------------------------
[SYSLOG] <28>Oct 17 20:49:38 openvpn[1001]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
[SYSLOG] <29>Oct 17 20:49:38 openvpn[1001]: Control Channel Authentication: tls-auth using INLINE static key file
[SYSLOG] <29>Oct 17 20:49:38 openvpn[1001]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
[SYSLOG] <29>Oct 17 20:49:38 openvpn[1001]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
[SYSLOG] <29>Oct 17 20:49:38 openvpn[1001]: Socket Buffers: R=[163840->163840] S=[163840->163840]
[SYSLOG] <29>Oct 17 20:49:39 openvpn[1001]: UDPv4 link local: [undef]
[SYSLOG] <29>Oct 17 20:49:39 openvpn[1001]: UDPv4 link remote: [AF_INET]<ip address>:1194
[SYSLOG] <29>Oct 17 20:49:39 openvpn[1001]: TLS: Initial packet from [AF_INET]<ip address>:1194, sid=330c4b50 58063d66
[SYSLOG] <29>Oct 17 20:49:39 openvpn[1001]: VERIFY OK: depth=1, C=JP, ST=<ca details>
[SYSLOG] <29>Oct 17 20:49:39 openvpn[1001]: VERIFY OK: depth=0, C=JP, ST=<ca details>
[SYSLOG] <29>Oct 17 20:49:39 openvpn[1001]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
[SYSLOG] <28>Oct 17 20:49:39 openvpn[1001]: WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
[SYSLOG] <29>Oct 17 20:49:39 openvpn[1001]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
[SYSLOG] <29>Oct 17 20:49:39 openvpn[1001]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
[SYSLOG] <28>Oct 17 20:49:39 openvpn[1001]: WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
[SYSLOG] <29>Oct 17 20:49:39 openvpn[1001]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
[SYSLOG] <29>Oct 17 20:49:39 openvpn[1001]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
[SYSLOG] <29>Oct 17 20:49:39 openvpn[1001]: [server] Peer Connection Initiated with [AF_INET]<ip address>:1194
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,dhcp-option DOMAIN <domain name>,dhcp-option DNS 192.168.2.203,dhcp-option DNS 192.168.2.204,register-dns,redirect-gateway def1,route-gateway 192.168.20.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.20.3 255.255.255.0'
[SYSLOG] <27>Oct 17 20:49:41 openvpn[1001]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: register-dns (2.3.10)
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: OPTIONS IMPORT: timers and/or timeouts modified
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: OPTIONS IMPORT: --ifconfig/up options modified
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: OPTIONS IMPORT: route options modified
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: OPTIONS IMPORT: route-related options modified
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: ROUTE_GATEWAY 172.20.10.1/255.255.255.240 IFACE=eth0 HWADDR=<mac address>
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: TUN/TAP device tun0 opened
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: TUN/TAP TX queue length set to 100
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: /sbin/ip link set dev tun0 up mtu 1500
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: /sbin/ip addr add dev tun0 192.168.20.3/24 broadcast 192.168.20.255
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: /sbin/ip route add <ip address>/32 via 172.20.10.1
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: /sbin/ip route add 0.0.0.0/1 via 192.168.20.1
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: /sbin/ip route add 128.0.0.0/1 via 192.168.20.1
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: /sbin/ip route add 192.168.2.0/24 via 192.168.20.1
[SYSLOG] <29>Oct 17 20:49:41 openvpn[1001]: Initialization Sequence Completed
If I visit the DNS log of the terminal, I see:
Code: Select all
WTware 5.6.16
nameserver 172.20.10.1
Could you tell me if there is something I can do to fix this, or if you would like more information or testing?
Thanks very much for your time.