I've noticed the following problem:
sometimes, when trying to connect to my Access server using Firefox, instead of connecting I get asked to re-download and install OpenVPN Connect.
The problem does not seem to affect Chrome.
Another user has reported that the problem fixes itself with a reboot of his laptop but that wasn't the case for me.
Any ideas on handling this?
Firefox forces re-download of OpenVPN Connect
-
dtsomp
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Apr 23, 2013 9:25 am
-
novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Firefox forces re-download of OpenVPN Connect
There are a number of reasons for this behavior, the most common ones being using an outdated Firefox or OpenVPN Connect Client, or using an antivirus program that disallows access to the local hosts file on the client computer. Here follows some explanation on this;
OpenVPN Access Server and Connect Client communicate using a special page with the address https://client.openvpn.net/. You will be seeing a page that seems to originate from client.openvpn.net. But it is not. I understand that this may seem strange. To understand what is going on I will explain in further detail.
The OpenVPN software on your client computer needs to have administrator level access to perform certain system functions, like setting routes in your network stack and redirecting DNS queries. These steps cannot work if the OpenVPN software is being run as a standard program. In order to ensure that standard limited user accounts can function properly with OpenVPN Connect Client we have divided the program into two separate pieces. One part is a service that runs in the background with special privileges to connect to a VPN server and to set routes and so on, but stays completely hidden. It starts when the operating system starts and remains hidden. In order to control this service and to give users something to operate, the second part is the system tray icon. This system tray program you can control using your mouse and keyboard, and when you click 'connect to...' it will tell the service to perform the required actions. Using this method, your logged on users do not need to have full system access just to run OpenVPN Connect Client successfully.
When accessing the CWS (client web server) interface of the Access Server, a method is required to communicate between the Access Server and the OpenVPN Connect Client service component that is running in the background. To do this, we need to give it a valid address. We chose "client.openvpn.net". In the hosts file of the operating system we redirect client.openvpn.net to a 127.*.*.* IP address. Any IP address that starts with 127.*.*.* can only point to your own computer (localhost). So in effect, client.openvpn.net points to your own computer, not to one of our systems. On any computer with OpenVPN Connect Client you can easily verify this by pinging client.openvpn.net - you will receive a response from your own computer.
OpenVPN Access Server and Connect Client communicate using a special page with the address https://client.openvpn.net/. You will be seeing a page that seems to originate from client.openvpn.net. But it is not. I understand that this may seem strange. To understand what is going on I will explain in further detail.
The OpenVPN software on your client computer needs to have administrator level access to perform certain system functions, like setting routes in your network stack and redirecting DNS queries. These steps cannot work if the OpenVPN software is being run as a standard program. In order to ensure that standard limited user accounts can function properly with OpenVPN Connect Client we have divided the program into two separate pieces. One part is a service that runs in the background with special privileges to connect to a VPN server and to set routes and so on, but stays completely hidden. It starts when the operating system starts and remains hidden. In order to control this service and to give users something to operate, the second part is the system tray icon. This system tray program you can control using your mouse and keyboard, and when you click 'connect to...' it will tell the service to perform the required actions. Using this method, your logged on users do not need to have full system access just to run OpenVPN Connect Client successfully.
When accessing the CWS (client web server) interface of the Access Server, a method is required to communicate between the Access Server and the OpenVPN Connect Client service component that is running in the background. To do this, we need to give it a valid address. We chose "client.openvpn.net". In the hosts file of the operating system we redirect client.openvpn.net to a 127.*.*.* IP address. Any IP address that starts with 127.*.*.* can only point to your own computer (localhost). So in effect, client.openvpn.net points to your own computer, not to one of our systems. On any computer with OpenVPN Connect Client you can easily verify this by pinging client.openvpn.net - you will receive a response from your own computer.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.