Error in creating TAP interface

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
stvitaly
OpenVpn Newbie
Posts: 13
Joined: Thu Dec 24, 2020 12:56 pm

Error in creating TAP interface

Post by stvitaly » Wed Jan 27, 2021 4:07 pm

I am trying to install openvpn manually on machines, as a part of installation since of openVPN 2.5 I need to install TAP drivers first and then use tapctl to create the device itself.
It works totally fine on most of the devices, but there is an error I got from number of machines (not sure what triggered it on those ones specifically).

Driver installation is looking OK:
driver install
pnputil -i -a OemVista.inf
Microsoft PnP Utility

Processing inf : OemVista.inf
Successfully installed the driver.
Driver package added successfully.
Published name : oem202.inf


Total attempted: 1
Number successfully imported: 1

But then on a small percentage of machines I get an error:

device creation
tapctl.exe create
tap_create_adapter: DiInstallDevice failed
Error 0xe0000248
Creating TUN/TAP adapter failed (error 0xe0000248).


Tried to google the error and got that it means:
ERROR_DEVICE_INSTALL_BLOCKED
Any ideas what can be a reason?
Last edited by stvitaly on Wed Jan 27, 2021 5:45 pm, edited 1 time in total.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8686
Joined: Fri Jun 03, 2016 1:17 pm

Re: Error in creating TAP interface

Post by TinCanTech » Wed Jan 27, 2021 4:37 pm

Probably your version of Windows ..

stvitaly
OpenVpn Newbie
Posts: 13
Joined: Thu Dec 24, 2020 12:56 pm

Re: Error in creating TAP interface

Post by stvitaly » Mon Feb 08, 2021 5:35 pm

If someone encounters this in the future - the root case for the above relevant to a GPO section:
Computer Configuration → Administrative Templates→ System→ Device Installation→ Device Installation Restrictions.
The problem itself relevant to the fact that policy: "Allow administrators to override Device Installation Restrictions" does not count system account as an administrator account.
In case you have restricted device installation for non-admins and you are trying to use system account to create and use virtual interfaces (which you type of must to do to use wintun) your device creation will be blocked with this error unless added to an exception in other policy in the section (for example I used "Device Installation Restrictions: Allow installation of devices uses drivers that match these device setup classes")

Post Reply