GUI Works, Service Doesn't Anymore

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Dr-D
OpenVpn Newbie
Posts: 2
Joined: Wed Jan 06, 2021 10:06 pm

GUI Works, Service Doesn't Anymore

Post by Dr-D » Wed Jan 06, 2021 10:28 pm

I have a Windows Server Essentials 2016 machine that has been running OpenVPN perfectly until a few weeks ago when I got a call saying no one could connect anymore. The service no longer connects to the TAP adapter upon startup or when I restart the service. It just always shows that the network cable is unplugged for the TAP adapter now but if I run the GUI then it connects and the TAP adapter shows the cable is plugged in, gives the correct IP address and access again. The problem with that of course is that the system would need to leave a user logged on all the time in order to have OpenVPN working which isn't practical. I've uninstalled and reinstalled using different versions (2.4.8, 2.4.9, 2.4.10 and 2.5.0) but to no avail. It is just this one system doing this and for the life of me I can't find the problem. Has anyone else experienced the service not connecting to the TAP adapter? If so what steps did you take to get it working again if you were able to get it working again? Thank you.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8385
Joined: Fri Jun 03, 2016 1:17 pm

Re: GUI Works, Service Doesn't Anymore

Post by TinCanTech » Wed Jan 06, 2021 10:58 pm

Dr-D wrote:
Wed Jan 06, 2021 10:28 pm
Has anyone else experienced the service not connecting to the TAP adapter?
The service does not connect to the Tap adapter.

https://community.openvpn.net/openvpn/w ... PN-GUI-New

Dr-D
OpenVpn Newbie
Posts: 2
Joined: Wed Jan 06, 2021 10:06 pm

Re: GUI Works, Service Doesn't Anymore

Post by Dr-D » Thu Jan 07, 2021 7:20 pm

That link was of no help as the GUI is working fine, it's the OpenVPN service that won't connect. On all other system if I go into services and stop the OpenVPN service then the TAP adapter says the cable is unplugged, once the service is started then TAP adapter shows that is connected. This one system won't connect with the OpenVPN service, only the GUI. I'm trying to figure out if anyone else had an issue with the OpenVPN service not connecting and if they were able to fix it.

Thanks.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8385
Joined: Fri Jun 03, 2016 1:17 pm

Re: GUI Works, Service Doesn't Anymore

Post by TinCanTech » Fri Jan 08, 2021 9:30 pm

Are you trying to run Openvpn as a service before the users logon ?

Al@COPE
OpenVpn Newbie
Posts: 3
Joined: Sun Feb 10, 2013 4:06 pm

Re: GUI Works, Service Doesn't Anymore

Post by Al@COPE » Mon Jan 11, 2021 12:01 pm

Hi - I had exactly the same problem, the service failed to connect (but no error log!) although using the GUI worked. We use pfSense with the OpenVPN server option, and use the "Client Export" add-on for output of certificate and config bundles. I've found the service-mode of connecting (which launches with system start-up, irrespective of user login) far better for remote support requirements (we started using service mode because pfSense did not originally support the TAP option and the client at the time wouldn't support dynamic GUI TUN connections without full Windows Admin permissions).

I found that the v.2.5 version of the config files is now using a different syntax for the cipher/encryption settings, having replaced the two lines:

cipher AES-256-CBC
ncp-ciphers AES-256-GCM:AES-128-GCM

with:

data-ciphers AES-256-GCM:AES-128-GCM
data-ciphers-fallback AES-256-CBC

I removed v2.5 and installed 2.4.9, then manually edited the config to match the previous encryption/cipher settings, and now the service connects again.

Discovery method: I had the original config file (data-ciphers version) and tried to launch OpenVPN with right-click on this from Explorer. That then gave an error message in the console which got me pointed towards the solution (sorry, can't recall the exact message text).

I also tested the reverted ("ncp-cipher") config with v.2.5 and its service mode, but it wouldn't connect, hence my reverting the client entirely back to 2.4.9, which works (after installing the separate TAP driver, even though we currently use TUN mode currently).

Alec

Post Reply