no openssl_applink error on new version 2.5.4 win64

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
Boydie
OpenVpn Newbie
Posts: 2
Joined: Tue Oct 05, 2021 2:45 pm

no openssl_applink error on new version 2.5.4 win64

Post by Boydie » Tue Oct 05, 2021 2:50 pm

Hi
Tried the new version 2.5.4 which came out today (05Oct21) found that we get an error about "no openssl_applink" and the connection stops.
Reverted back to version 2.5.3 (17June21) and the connection/vpn works as expected.
Install was for 64bit windows.

Is this expected behaviour for this new version?

Cheers

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: no openssl_applink error on new version 2.5.4 win64

Post by TinCanTech » Tue Oct 05, 2021 3:06 pm

Please give the exact version of Windows you are using.

Boydie
OpenVpn Newbie
Posts: 2
Joined: Tue Oct 05, 2021 2:45 pm

Re: no openssl_applink error on new version 2.5.4 win64

Post by Boydie » Tue Oct 05, 2021 5:57 pm

Exact version unknown as I had to work it all out via a teams based remote session. As it was a new install for our lovely IT I suspect it will be latest enterprise edition.

larsen
OpenVpn Newbie
Posts: 5
Joined: Tue Oct 05, 2021 7:22 pm

Re: no openssl_applink error on new version 2.5.4 win64

Post by larsen » Tue Oct 05, 2021 7:23 pm

Same problem here on three different clients.
Windows 10, 21H1

User avatar
Taciturn
OpenVpn Newbie
Posts: 2
Joined: Wed Oct 06, 2021 5:13 am

Re: no openssl_applink error on new version 2.5.4 win64

Post by Taciturn » Wed Oct 06, 2021 5:17 am

Same problem. Windows Server 2012 R2, all updates.
cipher BF-CBC do not work with "no openssl_applink", cipher CHACHA20-POLY1305 work fine. Windows Server 2008 R2 — all ciphers works.

cron2
Developer
Posts: 24
Joined: Tue Jan 12, 2010 8:08 pm

Re: no openssl_applink error on new version 2.5.4 win64

Post by cron2 » Wed Oct 06, 2021 6:11 am

Is this a config with pkcs12 in it? This seems to trigger some new surprises in OpenSSL if built with vcpkg - and none of our test cases today (on windows) use pkcs12 based anythings, so that did not get caught.

larsen
OpenVpn Newbie
Posts: 5
Joined: Tue Oct 05, 2021 7:22 pm

Re: no openssl_applink error on new version 2.5.4 win64

Post by larsen » Wed Oct 06, 2021 7:05 am

cron2 wrote:
Wed Oct 06, 2021 6:11 am
Is this a config with pkcs12 in it?
Yes

User avatar
Taciturn
OpenVpn Newbie
Posts: 2
Joined: Wed Oct 06, 2021 5:13 am

Re: no openssl_applink error on new version 2.5.4 win64

Post by Taciturn » Wed Oct 06, 2021 7:32 am

cron2 wrote:
Wed Oct 06, 2021 6:11 am
Is this a config with pkcs12 in it?
Yes.

mixology
OpenVpn Newbie
Posts: 9
Joined: Fri May 03, 2013 7:02 am

Re: no openssl_applink error on new version 2.5.4 win64

Post by mixology » Wed Oct 06, 2021 8:04 am

Same problem here with Windows 21H2 and all the updates. I'm using cipher AES-256-GCM. Reverted to 2.5.3

cron2
Developer
Posts: 24
Joined: Tue Jan 12, 2010 8:08 pm

Re: no openssl_applink error on new version 2.5.4 win64

Post by cron2 » Wed Oct 06, 2021 8:54 am

So, found the issue. It is related to MSVC builds of 2.5.4 and "--pkcs12" in use in the openvpn config (which was not explicitly tested since nothing in the pkcs12 support in openvpn has changed since a very long time - but on windows, with MSVC builds, some special care needs to be taken).

We'll have a new 2.5.4 installer with a bugfix for this constellation out later today (if everything goes as planned).

larsen
OpenVpn Newbie
Posts: 5
Joined: Tue Oct 05, 2021 7:22 pm

Re: no openssl_applink error on new version 2.5.4 win64

Post by larsen » Wed Oct 06, 2021 9:31 pm

Just installed "OpenVPN-2.5.4-I602-amd64.msi" and the VPN connects again. Thx!

Post Reply