Duplicate IP address, and permissions problems on Windows

Daniel Lenski dlenski at gmail.com
Thu Apr 8 16:09:46 UTC 2021

On Thu, Apr 8, 2021 at 1:46 AM David Woodhouse <dwmw2 at infradead.org> wrote:
> Unless netsh will do it for us when we ask *it* to set the IP address? OpenConnect doesn't normally bother itself with administrivia like setting IP addresses; its job is to pass packets.

I'm afraid not. I tried playing around with various documented and
undocumented options to netsh, and did not found a way to get it to
set an IP address which is a duplicate of another adapter's address.
That's puzzling since it IS POSSIBLE to set a duplicate IP address
(conflicting with a down adapter) via the Control Panel GUI.

I gave up and asked for any hints on StackExchange:

> I preserved it in the first cut of Wintun support because the existing vpnc-script for Windows actually depends on it... but purely for waiting for the interface to come up. Can we ditch that, let the script set the address for us, and forget we ever saw that O(n²) code because netsh handles the conflicting interfaces for us?

One way we could move this IP-reclaiming code out of OpenConnect
itself would be to make the script do it. However, this would still be
an O(n^2) loop, and it would involve parsing the text output of netsh
or similar… which will get pretty ugly very fast.

(Either that or someone figures out a/the magical option that allows
netsh to handle this itself.)

More information about the WireGuard mailing list