Windows server update made my OpenVPN stop working
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Windows server update made my OpenVPN stop working
Thanks very much for your co-operation, I have what I need now.
Please go ahead and do what you want to now..
If you have any further problems then please remember to post your log again.
You can start a new thread or reply to this one, which ever you prefer.
Please go ahead and do what you want to now..
If you have any further problems then please remember to post your log again.
You can start a new thread or reply to this one, which ever you prefer.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Windows server update made my OpenVPN stop working
You can also remove --route-delay 60 60 from your server config now. The default for Windows is 30.
-
- OpenVPN User
- Posts: 29
- Joined: Mon Mar 01, 2021 10:39 pm
Re: Windows server update made my OpenVPN stop working
Great! Thanks!!
-
- OpenVPN User
- Posts: 29
- Joined: Mon Mar 01, 2021 10:39 pm
Re: Windows server update made my OpenVPN stop working
Hey Tim! sorry for reopening such an old post.TinCanTech wrote: ↑Tue Mar 02, 2021 5:28 pm
Next, OpenVPN is now at Version 2.5.1 and we recommend all Windows users to upgrade all servers and clients to that version. It is more secure and a tiny bit faster to initialise. Plus lots of other improvements. However, you make the decision to upgrade or not as you see fit.
https://openvpn.net/community-downloads/
Also, your PKI seems to be a little old:1024 bit is considered to be a bit weak these days.Code: Select all
Diffie-Hellman initialized with 1024 bit key
If you install 2.5.1 (above) you can select Custom and install Easy-RSA 3.
You can then use Easy-RSA 3 to build yourself a new PKI with modern security settings.
If you do then start by reading this:
https://github.com/OpenVPN/easy-rsa/blo ... indows.txt
If you do install Easy-RSA 3 you can also try Easy-TLS:
https://github.com/TinCanTech/easy-tls
If you do then start by reading these:
https://github.com/TinCanTech/easy-tls/ ... troduction
https://github.com/TinCanTech/easy-tls/ ... dows-Usage
I know that is a lot of work, so set your self up with a nice cup of tea and see what you think..
I'm about to upgrade, but I couldn't find a tutorial with Easyrsa-3.
I've read this one, but it uses version 2 of Easyrsa. Then this but when I use "build-ca" it asks for a CA PassPhrase, when I enter anything, I get "extra argument given" and "Easy-RSA error: Failed to create CA private key"
I don't know if I understood it correctly, but I need to setup first the CA and clients and then use Easy-tls right?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Windows server update made my OpenVPN stop working
See:
Code: Select all
./easyrsa help build-ca
Yes.
Coming soon: Openvpn will be able to use self-signed certificates,
which means you will not need to use Easy-RSA-3 at all.
In that case Easy-TLS can build your entire required security credentials.
-
- OpenVPN User
- Posts: 29
- Joined: Mon Mar 01, 2021 10:39 pm
Re: Windows server update made my OpenVPN stop working
I found this post, that led me to this
I created the "C:\temp" as you suggested and used the following code from foolioo because i couldn't find the option to modify vars
I hope this works for the next one having this problem!
I created the "C:\temp" as you suggested and used the following code from foolioo because i couldn't find the option to modify vars
Code: Select all
export EASYRSA_TEMP_DIR="C:/temp"
./easyrsa build-ca
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Windows server update made my OpenVPN stop working
An alternative to specifying a temp-dir is to move Easy-RSA to your Users home folder,
where there should not be any spaces in the path. eg:
where there should not be any spaces in the path. eg:
Code: Select all
C:\Users\tct\easy-rsa
-
- OpenVPN User
- Posts: 29
- Joined: Mon Mar 01, 2021 10:39 pm
Re: Windows server update made my OpenVPN stop working
I tried that but it replies with:
Code: Select all
build-ca [ cmd-opts ]
Creates a new CA
cmd-opts is an optional set of command options from this list:
nopass - do not encrypt the CA key (default is encrypted)
subca - create an intermediate CA keypair and request (default is a root CA)
intca - alias to the above
I hope it comes with a noob-friendly tutorialTinCanTech wrote: ↑Tue Jul 27, 2021 4:19 pm
Coming soon: Openvpn will be able to use self-signed certificates,
which means you will not need to use Easy-RSA-3 at all.
In that case Easy-TLS can build your entire required security credentials.
Nonetheless Thank you!
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Windows server update made my OpenVPN stop working
Read it.Nahuel wrote: ↑Tue Jul 27, 2021 4:24 pmI tried that but it replies with:
and didn't give me much to work with.Code: Select all
build-ca [ cmd-opts ] Creates a new CA cmd-opts is an optional set of command options from this list: nopass - do not encrypt the CA key (default is encrypted) subca - create an intermediate CA keypair and request (default is a root CA) intca - alias to the above
It comes with help, which you have to read ..Nahuel wrote: ↑Tue Jul 27, 2021 3:33 pmI hope it comes with a noob-friendly tutorialTinCanTech wrote: ↑Tue Jul 27, 2021 4:19 pm
Coming soon: Openvpn will be able to use self-signed certificates,
which means you will not need to use Easy-RSA-3 at all.
In that case Easy-TLS can build your entire required security credentials.
Nonetheless Thank you!
-
- OpenVPN Expert
- Posts: 685
- Joined: Tue May 01, 2012 9:30 pm
Re: Windows server update made my OpenVPN stop working
you need to search on Internet sharing service on windows , some thing need to done to make it work again . on server side if openvpn card cant it its ip address you can setting a static for openvpn net work card so it will work more stable after reboot. you can do that
openvpn config and add this line
ip-win32 manual
openvpn card and setting your ip and subnet mask as your server . for example if your server config have line server 10.8.0.0 255.255.255.0 you can set static for your card as
ip 10.8.0.1 SUBNET MASK 255.255.255.0
openvpn config and add this line
ip-win32 manual
openvpn card and setting your ip and subnet mask as your server . for example if your server config have line server 10.8.0.0 255.255.255.0 you can set static for your card as
ip 10.8.0.1 SUBNET MASK 255.255.255.0