Issues with the new 2.1.2 client and driver signature.

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
shawntech
OpenVpn Newbie
Posts: 4
Joined: Wed Aug 18, 2010 3:09 pm

Issues with the new 2.1.2 client and driver signature.

Post by shawntech » Wed Aug 18, 2010 5:35 pm

I am sure this must have somehow been a fluke on my end but I wanted to report it just the same. I just reformatted my workstation this Monday 8/16/10 and when to install the latest client that was released 8/15/10. I installed it on a Windows 7 64bit box and during the instillation process it complained about the issue that the TAP driver has not been digitally signed, I continued with the installation and tried to connect with the client.

It would error out and and say it was unable to use the TAP and that all TAPs were already in use. I resolved the issue by telling windows to ignore digital signatures on drivers. I know the previous was working the week before when I installed it and tested it with no issues. But like I said it may have been on my end some how but just in case it is a bug I figured I would report it.

KeyzerSuze
OpenVpn Newbie
Posts: 4
Joined: Wed Aug 18, 2010 10:01 am

Re: Issues with the new 2.1.2 client and driver signature.

Post by KeyzerSuze » Thu Aug 19, 2010 1:39 am

Hi

I am having the same problem, but I can't turn off digital signing check - how did you do that

Alex

shawntech
OpenVpn Newbie
Posts: 4
Joined: Wed Aug 18, 2010 3:09 pm

Re: Issues with the new 2.1.2 client and driver signature.

Post by shawntech » Thu Aug 19, 2010 1:01 pm

I don't know if this is the best practice way to do it but it worked, bring up a command prompt as administrator and run theses two commands and reboot:

bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
bcdedit.exe -set TESTSIGNING ON

shawntech
OpenVpn Newbie
Posts: 4
Joined: Wed Aug 18, 2010 3:09 pm

Re: Issues with the new 2.1.2 client and driver signature.

Post by shawntech » Thu Aug 19, 2010 5:17 pm

After seeing that KeyzerSuze had the same issue I ran a test with a fresh install of win7 64bit on a VM and loaded the 2.1.2 client, it had the same issue. So it looks like currently the client does come with a unsigned driver at least under win7 64bit.

User avatar
ecrist
Forum Team
Posts: 233
Joined: Wed Nov 26, 2008 10:33 pm
Location: Minneapolis, MN
Contact:

Re: Issues with the new 2.1.2 client and driver signature.

Post by ecrist » Thu Aug 19, 2010 5:49 pm

This is a known issue and one that is being remedied.
OpenVPN Community Administrator
IRC: #openvpn, #openvpn-devel Twitter: @ecrist
Co-Author of Mastering OpenVPN
Author of Troubleshooting OpenVPN

shawntech
OpenVpn Newbie
Posts: 4
Joined: Wed Aug 18, 2010 3:09 pm

Re: Issues with the new 2.1.2 client and driver signature.

Post by shawntech » Fri Aug 20, 2010 12:01 pm

Thanks for the response.

johnb
OpenVpn Newbie
Posts: 1
Joined: Fri Aug 20, 2010 6:41 pm

Re: Issues with the new 2.1.2 client and driver signature.

Post by johnb » Fri Aug 20, 2010 7:34 pm

Thanks, the bcdedit commands worked a treat.

When the issue of driver signing has been resolved, and for those forum readers that are interested, here is an article on enabling the driver signing again:

http://www.itechtalk.com/thread7030.html

If you don't want to read the article, then the commands are:

bcdedit -set loadoptions ENABLE_INTEGRITY_CHECKS
bcdedit -set TESTSIGNING OFF

KeyzerSuze
OpenVpn Newbie
Posts: 4
Joined: Wed Aug 18, 2010 10:01 am

Re: Issues with the new 2.1.2 client and driver signature.

Post by KeyzerSuze » Tue Aug 24, 2010 1:59 am

johnb wrote:Thanks, the bcdedit commands worked a treat.

When the issue of driver signing has been resolved, and for those forum readers that are interested, here is an article on enabling the driver signing again:

http://www.itechtalk.com/thread7030.html

If you don't want to read the article, then the commands are:

bcdedit -set loadoptions ENABLE_INTEGRITY_CHECKS
bcdedit -set TESTSIGNING OFF
problem i had with this was it was in develpment mode and when you turned signing back on the driver wouldn't load. look in device manager there is a ! next to it.

but all is not lost, some kind person in openvpn has sent me a link to a beta for 2.1.3 and it worked a charm, it is signed properly.

Thanks guys

Post Reply