Going in circles with OpenVPN GUI

Use this forum to share your VPN or network disasters. Show diagrams, traffic graphs, or whatever else you need (a video of you letting the 'smoke' out of our network gear).

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
bickertn
OpenVpn Newbie
Posts: 7
Joined: Sun Jan 16, 2022 1:01 am

Going in circles with OpenVPN GUI

Post by bickertn » Sun Jan 16, 2022 1:10 am

Using a win10 laptop and Netgear Orbi 750 router.
I just configured my Netgear Orbi router for dynamic dns and the VPN for openvpn using TAP. I downloaded (I believe) the open source version from the community download page and dropped the files generated by the Orbi in the openvpn config folder. I have a desktop icon for "OpenVPN GUI" and it show up in the tray and as a running service. I right click on the tray to open the CONTEXT menu and it says "OpenVPN GUI" (or "unpin") and when I click I get a message that it's already "OpenVPN GUI is already running. Right click on the tray icon to start" - which is what I already did - and if I do it again, I'm going in circles. I tried clicking on "client1.ovpn" in the Openvpn context folder, but it doesn't change the running in circles dynamic. I'm stuck - I hope someone can help.
Thanks,
bickertn

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Going in circles with OpenVPN GUI

Post by TinCanTech » Sun Jan 16, 2022 2:13 pm

Sounds like icon blindness.

bickertn
OpenVpn Newbie
Posts: 7
Joined: Sun Jan 16, 2022 1:01 am

Re: Going in circles with OpenVPN GUI

Post by bickertn » Sun Jan 16, 2022 2:26 pm

Double click or right click on the icon sends me into the same loop: "OpenVPN GUI is already running. Right click on the tray icon to start"
I didn't mention that I also clicked on the icon because, (a) the app is pointing to the tray, and (b) I didn't think mentioning this would add anything to diagnosing the problem.
I'm new to OpenVPN and to this forum, although it's not that different from forums for other open source software I enjoy using (NPVR, Kodi, ...).
If I'm going about trying to resolve this issue the wrong way, it would be helpful if someone pointed me in a better direction. With 27 views and only the 1 response above (from TinCanTech), clearly something isn't clicking.
Thanks for any insights you can provide, including: I didn't see an answer after searching, so is this problem "typical" or "unusual?"
bickertn

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Going in circles with OpenVPN GUI

Post by TinCanTech » Sun Jan 16, 2022 3:23 pm


bickertn
OpenVpn Newbie
Posts: 7
Joined: Sun Jan 16, 2022 1:01 am

Re: Going in circles with OpenVPN GUI

Post by bickertn » Sun Jan 16, 2022 5:06 pm

Thank you for the link, TinCanTech.
I completed through the 3rd step (previously), by importing config file, manually - starting from the Netgear Orbi router to generate the config files (it comes set up to work with OpenVPN) and copied them to the OpenVPN config folder. I see it "RUNNING" in SERVICES. That said, I am unable to confirm if this was sufficient for openvpn to use the "client1.ovpn" generated by the router - since I cannot get it to provide a window with actions that can be taken (e.g., cannot access screen to "Import File") - just the loop when right clicking the tray (or desktop) icon = "already open, right click tray icon." I tried downloading "OpenVPN Connect" but it isn't compatible with TAP (= error msg "TAP mode is not supported").
Everything else that follows in the instructions found at the link you provided are, likewise, inaccessible since I cannot get the GUI to open and display anything on screen - only the endless right click loop.
I hope I am being clear enough and not coming across as clueless. I'm usually good with this type of installation / configuration, but cannot get a foothold with this yet.
Any and all additional guidance is most appreciated.
bickertn

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Going in circles with OpenVPN GUI

Post by TinCanTech » Sun Jan 16, 2022 5:10 pm

Did you try the three finger salute ..

bickertn
OpenVpn Newbie
Posts: 7
Joined: Sun Jan 16, 2022 1:01 am

Re: Going in circles with OpenVPN GUI

Post by bickertn » Sun Jan 16, 2022 8:09 pm

TinCanTech - thanks for hanging in there with me.
Just did, but task manager does not list openvpn.
Rebooted (again), openvpn starts with reboot, but "loop - right click tray icon" remains.
Services = OpenVPN interactive service = running / automatic
Program listed as: OpenVPN 2.5.5-1602 amd64 (laptop is x64 but running 11th gen i7 - any issue with the "amd" designation?)
Is the problem I'm (still) having unusual?
Should I uninstall and start over - but still use the config files generated previously by the Orbi router? Drop them in - or is there a better way while (re)installing openvpn?
Thanks,
bickertn

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Going in circles with OpenVPN GUI

Post by TinCanTech » Sun Jan 16, 2022 9:02 pm

I suspect you are simply using the wrong desktop icon..

bickertn
OpenVpn Newbie
Posts: 7
Joined: Sun Jan 16, 2022 1:01 am

Re: Going in circles with OpenVPN GUI

Post by bickertn » Mon Jan 17, 2022 12:46 am

Thanks for the feedback.
The desktop icon is "OpenVPN GUI"
I went into Program Files, opened "bin" and right clicked on "openvpn.exe" and "open" - nothing happened (SERVICES remained the same "OpenVPN Interactive Service / Running" and then right clicked "openvpn-gui.exe" and "open" and got the same error message, "already running ... right click on tray icon." I believe this confirms that I've been clicking on the correct icon.
bickertn

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Going in circles with OpenVPN GUI

Post by TinCanTech » Mon Jan 17, 2022 1:34 am

The icon you keep using is to launch the GUI but the GUI is already running..

The very first section of the help above explains how to use Windows.

bickertn
OpenVpn Newbie
Posts: 7
Joined: Sun Jan 16, 2022 1:01 am

Re: Going in circles with OpenVPN GUI

Post by bickertn » Mon Jan 17, 2022 5:03 pm

TinCanTech - Sorry for wasting so much of your time. When I saw openvpn icon in the tray, I didn't look for a second tray item (hidden); this is the first app I'm using that includes 2 icons in the tray. No excuse: I didn't look closely enough at the diagram in the instructions so I didn't notice what the icon I needed looks like. Foolish mistake, made me think of a line from Casey Jones (Grateful Dead): "two good eyes, but you still don't see"
Three messages display each time I open it (same as I get from the client win10 laptop log :
1. WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set
2. DEPRECATED OPTION: -cipher set to ‘AES-128-CBC’ but missing in -data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore – cipher for cipher negotiations. Add ‘AES-128-CBC’ to -data ciphers or change -cipher ‘AES-128-CBC’ to silence this warning.
3. WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Looks like I can just leave #1 as is.
Re, #2, I searched for posts focused on this cipher warning, but the one I found ended with "don't know enough about your router" so solution not included. I tried to edit the "client1.ovpn" file using notepad (from "cipher AES-123-CBC" to "cipher AES-256-GCM:AES-128-GCM:AES-128-CBC) but do not have permission (at least using this route). Went so support page "Change encryption cipher in Access Server" but the cmd line didn't recognize the first step in the instructions: /usr/local/openvpn_as/scripts/. STUCK ON THIS ONE.
Re, #3, went to recommended link, "http://openvpn.net/howto.html#mitm" but my read of this is that I need to log into the server. I tried by navigating to the host name I set up for dynamic dns - and got a login page. Entered username = openvpn and my router password "BUT this isn't correct. I looked for c:/users/username/openvpn/init.log for a password, but that file is not there - at least not in this folder - so I appear to be unable to access the server directly. STUCK ON THIS ONE TOO.

Thank you, once again, for any help you can send my way.
bickertn

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Going in circles with OpenVPN GUI

Post by TinCanTech » Mon Jan 17, 2022 5:28 pm

bickertn wrote:
Mon Jan 17, 2022 5:03 pm
When I saw openvpn icon in the tray, I didn't look for a second tray item (hidden); this is the first app I'm using that includes 2 icons in the tray
There can be only one Open-VPN-GUI in the tray, you are probably confusing something else with openvpn.
bickertn wrote:
Mon Jan 17, 2022 5:03 pm
1. WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set
This is a safe setting, leave it as it is.
bickertn wrote:
Mon Jan 17, 2022 5:03 pm
2. DEPRECATED OPTION: -cipher set to ‘AES-128-CBC’ but missing in -data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore – cipher for cipher negotiations. Add ‘AES-128-CBC’ to -data ciphers or change -cipher ‘AES-128-CBC’ to silence this warning.
Use --data-ciphers instead of --cipher. Take note, that you should check your server setting also.
bickertn wrote:
Mon Jan 17, 2022 5:03 pm
3. WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Put simply, add this to your client config:

Code: Select all

remote-cert-tls server
if that breaks the VPN then it means you need a new server certificate.

bickertn
OpenVpn Newbie
Posts: 7
Joined: Sun Jan 16, 2022 1:01 am

Re: Going in circles with OpenVPN GUI

Post by bickertn » Tue Jan 18, 2022 10:19 am

TinCanTech - thanks for this last round of guidance. I'll be travelling through early March, so if changes are required on the server, I will need to pick this up again at that time. I will use some of my down time to study openvpn further. If I can make the connection while away, all the better.
Take care and stay well,
bickertn

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Going in circles with OpenVPN GUI

Post by TinCanTech » Tue Jan 18, 2022 3:08 pm

bickertn wrote:
Tue Jan 18, 2022 10:19 am
I will use some of my down time to study openvpn further
Start here: https://community.openvpn.net/openvpn/wiki/HOWTO

Read it at least five times.

engle007
OpenVpn Newbie
Posts: 2
Joined: Fri May 06, 2022 3:02 am

Re: Going in circles with OpenVPN GUI

Post by engle007 » Fri May 06, 2022 3:15 am

bickertn - I was wondering if you ever solved your issues described here. I just had to replace a router and purchased a Netgear Orbi. I am having the exact same experience and error messages that you describe trying to set up OpenVPN.. I have read through SOME of the documents TinCanTech recommended but I need to read them a few more times. I set up the VPN included with my prior Synology router but it was not complicated at all. The instructions for OpenVpn do not sound so difficult either until you start "going in circles" as you described.
I'm sorry you had this experience but I was so relieved to see it wasn't just me.
Any info update would be appreciated. Thanks.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Going in circles with OpenVPN GUI

Post by openvpn_inc » Tue May 10, 2022 11:39 am

Hi engle,

Honestly I am not impressed by the openvpn implementations in most routers. To be specific, none I have seen, not even the open source routers. Furthermore there are hardware / encryption issues which make most routers poorly suited to being an openvpn server.

What exactly are you hoping to accomplish with a VPN?

You might want to check out our OpenVPN Access Server software and OpenVPN Cloud service. If it's just for you, it's free (gratis) to use indefinitely with no other restriction.

regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

engle007
OpenVpn Newbie
Posts: 2
Joined: Fri May 06, 2022 3:02 am

Re: Going in circles with OpenVPN GUI

Post by engle007 » Tue Jun 07, 2022 4:21 pm

Hello rob0,
Sorry for the delay. I thought I would get an email notification if someone replied.
What I am trying to do is establish a VPN tunnel to my security camera feeds which is on a network card without internet connectivity. I need to connect to the ip address of the computer that houses the 2nd network interface card.
I had this setup and working with my prior Synology router with it's built-in support for Synology VPN. However that router developed unrelated problems that forced me to get a new router. The support for OpenVPN was a bonus to the WIFI 6 support.
The only traffic would be me connecting from outside the network. I'm wanting to use a VPN to avoid opening ports that would be potential security soft spots. I was trying to avoid setting up a true VPN that all my internet traffic would go through. I have a couple of family members that occasionally work from home and my IT skills are not up to ensuring that I would not cause problems for them.
I will check out the two links you sent and see if they might help me.

Thanks.

Mike

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Going in circles with OpenVPN GUI

Post by TinCanTech » Tue Jun 07, 2022 4:49 pm

engle007 wrote:
Tue Jun 07, 2022 4:21 pm
I was trying to avoid setting up a true VPN that all my internet traffic would go through
A VPN is a VPN, regardless of what you send through it. There's no such thing as a True VPN.

What you choose to send through it is usually based on routing decisions. See --redirect-gateway in the manual.

Post Reply