Page 1 of 1

Windows Server 2016, OpenVPN service not starting and not working properly

Posted: Tue Jun 09, 2020 9:06 pm
by xh43k
I am managing up to date (all updates installed) WIndows Server 2016 where I set up a simple OpenVPN server.

There is (I think) nothing special in config, it is set so connected clients can access LAN resources such as SMB server:
Server Config

port 1xxx
proto udp4
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
topology subnet
server 10.100.1.0 255.255.255.0
push "route 10.100.0.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1


However I do have two problems.

1. OpenVPN service in services list is set up to start automatically, but it NEVER starts automatically after reboot.
2. Even if I start OpenVPN service or even GUI manually, the TAP network interface NEVER gets the IP configuration on first try, I have to disable and enable the interface while server is already running.
This is how it looks after running the server, before re-enabling...
Image

I do not have any connectivity problems, clients can even connect if the TAC interface has no IP config, just they cant access literally anything..

I've been fighting this problem WHOLE DAY and can't find a solution or similar problems on the internet.

PLEASE HELP :(

Re: Windows Server 2016, OpenVPN service not starting and not working properly

Posted: Tue Jun 09, 2020 9:13 pm
by TinCanTech
HAVE YOU CHECKED YOUR LOG ? :geek:

Re: Windows Server 2016, OpenVPN service not starting and not working properly

Posted: Tue Jun 09, 2020 9:28 pm
by xh43k
There is LITERALLY nothing wrong that I can identify in the log...

I just restarted the service again, again interface has no IP, here is the log:

log
Tue Jun 09 23:24:43 2020 OpenVPN 2.4.9 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 16 2020
Tue Jun 09 23:24:43 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Jun 09 23:24:43 2020 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Tue Jun 09 23:24:43 2020 Diffie-Hellman initialized with 2048 bit key
Tue Jun 09 23:24:43 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 09 23:24:43 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 09 23:24:43 2020 interactive service msg_channel=0
Tue Jun 09 23:24:43 2020 open_tun
Tue Jun 09 23:24:43 2020 TAP-WIN32 device [VPN] opened: \\.\Global\{36DC39C1-D44B-4965-BFA9-403CE12FA96F}.tap
Tue Jun 09 23:24:43 2020 TAP-Windows Driver Version 9.24
Tue Jun 09 23:24:43 2020 Set TAP-Windows TUN subnet mode network/local/netmask = 10.100.1.0/10.100.1.1/255.255.255.0 [SUCCEEDED]
Tue Jun 09 23:24:43 2020 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.100.1.1/255.255.255.0 on interface {36DC39C1-D44B-4965-BFA9-403CE12FA96F} [DHCP-serv: 10.100.1.254, lease-time: 31536000]
Tue Jun 09 23:24:43 2020 Sleeping for 10 seconds...
Tue Jun 09 23:24:53 2020 Successful ARP Flush on interface [4] {36DC39C1-D44B-4965-BFA9-403CE12FA96F}
Tue Jun 09 23:24:53 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Jun 09 23:24:53 2020 UDPv4 link local (bound): [AF_INET][undef]:1xxx
Tue Jun 09 23:24:53 2020 UDPv4 link remote: [AF_UNSPEC]
Tue Jun 09 23:24:53 2020 MULTI: multi_init called, r=256 v=256
Tue Jun 09 23:24:53 2020 IFCONFIG POOL: base=10.100.1.2 size=252, ipv6=0
Tue Jun 09 23:24:53 2020 ifconfig_pool_read(), in='xxxxxx,10.100.1.4', TODO: IPv6
Tue Jun 09 23:24:53 2020 succeeded -> ifconfig_pool_set()
Tue Jun 09 23:24:53 2020 ifconfig_pool_read(), in='xxxxxx,10.100.1.8', TODO: IPv6
Tue Jun 09 23:24:53 2020 succeeded -> ifconfig_pool_set()
Tue Jun 09 23:24:53 2020 IFCONFIG POOL LIST
Tue Jun 09 23:24:53 2020 xxxxxx,10.100.1.4
Tue Jun 09 23:24:53 2020 xxxxxx,10.100.1.8
Tue Jun 09 23:24:53 2020 Initialization Sequence Completed

Re: Windows Server 2016, OpenVPN service not starting and not working properly

Posted: Tue Jun 09, 2020 9:33 pm
by TinCanTech
Have you started the Windows DHCP Client service ?

Re: Windows Server 2016, OpenVPN service not starting and not working properly

Posted: Tue Jun 09, 2020 9:36 pm
by xh43k
Of course it's automatically started as well...

Image

Re: Windows Server 2016, OpenVPN service not starting and not working properly

Posted: Tue Jun 09, 2020 9:46 pm
by TinCanTech
Please set your server config to use "verb 4" for the log and post the log.

We don't need to see any clients connecting only the stuff about the server setting up the TAP adapter.

Do you have a funky firewall running ? Maybe try disabling it if you do ..

You can also try deleting the TAP adapter and installing a new one ..
See TAP Utilities in your Windows Menu.

Re: Windows Server 2016, OpenVPN service not starting and not working properly

Posted: Tue Jun 09, 2020 10:07 pm
by xh43k
I might actually have found a solution for second problem in another thread -> viewtopic.php?t=20358

I wonder why OpenVPN doesn't notice user about this important feature being disabled...

"netsh interface ipv4 set global dhcpmediasense=enabled" solved the problem with interface not getting an IP.

But the problem of OpenVPN service not starting on startup is still there :(

Re: Windows Server 2016, OpenVPN service not starting and not working properly

Posted: Tue Jun 09, 2020 10:29 pm
by TinCanTech
xh43k wrote:
Tue Jun 09, 2020 10:07 pm
I might actually have found a solution for second problem in another thread -> viewtopic.php?t=20358
Nice find 8-)
xh43k wrote:
Tue Jun 09, 2020 10:07 pm
I wonder why OpenVPN doesn't notice user about this important feature being disabled...
I have asked upstream.
xh43k wrote:
Tue Jun 09, 2020 10:07 pm
"netsh interface ipv4 set global dhcpmediasense=enabled" solved the problem with interface not getting an IP.
Good.
xh43k wrote:
Tue Jun 09, 2020 10:07 pm
But the problem of OpenVPN service not starting on startup is still there
Possibly a dependency ? or try the "Legacy-Service" .. ?

Re: Windows Server 2016, OpenVPN service not starting and not working properly

Posted: Tue Jun 09, 2020 10:39 pm
by xh43k
Well, the legacy service actually started after reboot.

I guess both of my problems are solved now, thanks ! :)

Re: Windows Server 2016, OpenVPN service not starting and not working properly

Posted: Wed Jun 10, 2020 11:23 am
by TinCanTech
xh43k wrote:
Tue Jun 09, 2020 10:07 pm
I wonder why OpenVPN doesn't notice user about this important feature being disabled...

"netsh interface ipv4 set global dhcpmediasense=enabled" solved the problem with interface not getting an IP.
There is a patch waiting to be merged which warns the user of this in future.

Re: Windows Server 2016, OpenVPN service not starting and not working properly

Posted: Thu Jun 11, 2020 4:51 pm
by 300000
open command type " ncpa.cpl " press enter then choose openvpn network card then choose ipv4 and enter this ip



10.100.1.0
255.255.255.0

we set an server have an ip when server restart jus add this one to your server config and save it . it should work for you.


ip-win32 manual

Re: Windows Server 2016, OpenVPN service not starting and not working properly

Posted: Thu Jun 11, 2020 4:58 pm
by xh43k
300000 wrote:
Thu Jun 11, 2020 4:51 pm
open command type " ncpa.cpl " press enter then choose openvpn network card then choose ipv4 and enter this ip



10.100.1.0
255.255.255.0

we set an server have an ip when server restart jus add this one to your server config and save it . it should work for you.


ip-win32 manual
Thanks for the hint but there is no need for that since setting this option helped and server now gets IP properly at every start

Code: Select all

netsh interface ipv4 set global dhcpmediasense=enabled