TUN: adding address failed using service - Windows 11

[MaxMan_556688]

Hello everyone, I need your help
I can't get openvpn to work under windows 11. Linux and Windows 10 work without problems. I have already read here in the forum. The error is actually a sign of missing admin rights, isn't it? I have also tried to start as admin, but that doesn't change anything.
I also get the error message: "OpenVPNServiceInteractive" is not started. Tasks requiring administrative access may not work. If I deactivate this and start openvpn manually with admin rights, the gui starts but I still get the error. Attached is the log file.

Code: Select all

2023-02-15 16:23:26 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2023-02-15 16:23:26 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Feb  6 2023
2023-02-15 16:23:26 Windows version 10.0 (Windows 10 or greater), amd64 executable
2023-02-15 16:23:26 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2023-02-15 16:23:26 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2023-02-15 16:23:26 Need hold release from management interface, waiting...
2023-02-15 16:23:26 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:53409
2023-02-15 16:23:26 MANAGEMENT: CMD 'state on'
2023-02-15 16:23:26 MANAGEMENT: CMD 'log on all'
2023-02-15 16:23:26 MANAGEMENT: CMD 'echo on all'
2023-02-15 16:23:26 MANAGEMENT: CMD 'bytecount 5'
2023-02-15 16:23:26 MANAGEMENT: CMD 'state'
2023-02-15 16:23:26 MANAGEMENT: CMD 'hold off'
2023-02-15 16:23:26 MANAGEMENT: CMD 'hold release'
2023-02-15 16:23:27 MANAGEMENT: CMD 'username "Auth" "hTcE2tLkwXQfgskJx5KsCWhn"'
2023-02-15 16:23:27 MANAGEMENT: CMD 'password [...]'
2023-02-15 16:23:27 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2023-02-15 16:23:27 NOTE: --fast-io is disabled since we are running on Windows
2023-02-15 16:23:27 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2023-02-15 16:23:27 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2023-02-15 16:23:27 TCP/UDP: Preserving recently used remote address: [AF_INET]217.138.216.227:1194
2023-02-15 16:23:27 ovpn-dco device [OpenVPN Data Channel Offload] opened
2023-02-15 16:23:27 UDP link local: (not bound)
2023-02-15 16:23:27 UDP link remote: [AF_INET]217.138.216.227:1194
2023-02-15 16:23:27 MANAGEMENT: >STATE:1676474607,WAIT,,,,,,
2023-02-15 16:23:27 MANAGEMENT: >STATE:1676474607,AUTH,,,,,,
2023-02-15 16:23:27 TLS: Initial packet from [AF_INET]217.138.216.227:1194, sid=8fb922a2 eeadc748
2023-02-15 16:23:27 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-02-15 16:23:27 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA
2023-02-15 16:23:27 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
2023-02-15 16:23:27 VERIFY KU OK
2023-02-15 16:23:27 Validating certificate extended key usage
2023-02-15 16:23:27 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-02-15 16:23:27 VERIFY EKU OK
2023-02-15 16:23:27 VERIFY OK: depth=0, CN=de-ber-v023.prod.surfshark.com
2023-02-15 16:23:27 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-02-15 16:23:27 [de-ber-v023.prod.surfshark.com] Peer Connection Initiated with [AF_INET]217.138.216.227:1194
2023-02-15 16:23:27 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-02-15 16:23:27 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-02-15 16:23:28 MANAGEMENT: >STATE:1676474608,GET_CONFIG,,,,,,
2023-02-15 16:23:28 SENT CONTROL [de-ber-v023.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
2023-02-15 16:23:28 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.27 255.255.255.0,peer-id 24,cipher AES-256-GCM'
2023-02-15 16:23:28 OPTIONS IMPORT: timers and/or timeouts modified
2023-02-15 16:23:28 OPTIONS IMPORT: explicit notify parm(s) modified
2023-02-15 16:23:28 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2023-02-15 16:23:28 NOTE: setsockopt SO_SNDBUF=524288 failed
2023-02-15 16:23:28 NOTE: setsockopt SO_RCVBUF=524288 failed
2023-02-15 16:23:28 Socket Buffers: R=[0->0] S=[0->0]
2023-02-15 16:23:28 OPTIONS IMPORT: --ifconfig/up options modified
2023-02-15 16:23:28 OPTIONS IMPORT: route options modified
2023-02-15 16:23:28 OPTIONS IMPORT: route-related options modified
2023-02-15 16:23:28 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-02-15 16:23:28 OPTIONS IMPORT: peer-id set
2023-02-15 16:23:28 OPTIONS IMPORT: data channel crypto options modified
2023-02-15 16:23:29 interactive service msg_channel=500
2023-02-15 16:23:29 MANAGEMENT: >STATE:1676474609,ASSIGN_IP,,10.8.8.27,,,,
2023-02-15 16:23:29 INET address service: add 10.8.8.27/24
2023-02-15 16:23:29 TUN: adding address failed using service: Element nicht gefunden.   [status=1168 if_index=17]
2023-02-15 16:23:30 IPv4 dns servers set using service
2023-02-15 16:23:30 TUN: setting IPv4 mtu using service failed: Element nicht gefunden.   [status=1168 if_index=17]
2023-02-15 16:23:30 Block_DNS: adding block dns filters using service failed: Element nicht gefunden.   [status=0x490 if_index=17]
2023-02-15 16:23:30 MANAGEMENT: Client disconnected
2023-02-15 16:23:30 Blocking DNS failed!
2023-02-15 16:23:30 Exiting due to fatal error

Edit: I have now tried an older version, which works without problems, 2.5.5 . Does 2.6.0 not work with Windows 11?

[stipa]

According to log you've pasted, it looks like you have some third-party filter driver (such as Citrix DNE) which breaks DCO adapter. This should be fixed in the latest version - https://swupdate.openvpn.org/community/ ... -amd64.msi. Could you give it a try?

What comes to interactive service - can you check that it is installed and running by executing following powershell command:

Code: Select all

PS C:\Users\lev> Get-Service -Name *OpenVPN*

Status   Name               DisplayName
------   ----               -----------
Running  OpenVPNService     OpenVPNService
Running  OpenVPNServiceInt… OpenVPN Interactive Service
Stopped  OpenVPNServiceLeg… OpenVPN Legacy Service

[MaxMan_556688]

Hey thanks for the feedback. Everything works with 2.6.0-I005. Yesterday I tried 2.6.0-I004. Thank you very much.
Attached is the powershell command.

Code: Select all

PS C:\Users> Get-Service -Name *OpenVPN*

Status   Name               DisplayName
------   ----               -----------
Running  OpenVPNServiceI... OpenVPN Interactive Service

[greysun]

Running 2.6.1 and Win10, same error.

2023-03-27 22:51:08 IPv4 dns servers set using service
2023-03-27 22:51:08 IPv4 MTU set to 1500 on interface 8 using service
2023-03-27 22:51:08 Block_DNS: adding block dns filters using service failed: Element nicht gefunden. [status=0x490 if_index=8]
2023-03-27 22:51:08 MANAGEMENT: Client disconnected
2023-03-27 22:51:08 Blocking DNS failed!
2023-03-27 22:51:08 Exiting due to fatal error