So, I'm looking to remotely access my desktop (hereafter referred to as 'server') from my laptop (hereafter referred to as 'client'), because I like being able to work on things when I'm out of the house. As a temporary solution, I've forwarded the necessary ports on my router, and reserved an address in my router as an attempt to secure a "static IP" without actually constricting my router in such a fashion.
As I've done this, I've been able to connect outside my home network by connecting to my public wifi address, being routed to the necessary computer, and then putting my password in, which according to "How Secure Is My Password?" would take 16 Billion years to crack. Honestly, I feel pretty secure, but some friends suggested that my network really wasn't secure.
I did some searching for how to secure things with OpenVPN, and found this [question and response on superuser](https://superuser.com/questions/1252421 ... te-desktop), which suggests the following:
Incredibly vague, but it's a place to start. I did some additional digging, and I came across this reddit guide, which is over a year old, but very helpfully in-depth. I followed it to the letter, including uninstalling OpenVPN from my D drive, and reinstalling it to my SSD C drive. However, after following this guide, I have run into several errors and problems that are preventing me from using my new "OpenVPN server" for remote access.
Problem 1:
Expected Behavior: Connect to the VPN server from the server (desktop).
Actual Behavior: Upon attempting to connect, I received the following error:
The log contained the following:
Code: Select all
Options error: --pull-filter cannot be used with --mode server
Use --help for more information.I did some additional research, and came across this thread, which suggested running OpenVPN as an administrator. A bit tedious, but still workable. I ran OpenVPN as an admin, set it to always run as an admin, and that first alert cleared. However, I ran into the second issue:
Problem 2:
Expected Behavior: Connect to the VPN server from the server (desktop).
Actual Behavior:
The log contained the following:
Code: Select all
Fri Mar 29 11:15:04 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 21 2019
Fri Mar 29 11:15:04 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Mar 29 11:15:04 2019 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10
Enter Management Password:
Fri Mar 29 11:15:04 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Mar 29 11:15:04 2019 Need hold release from management interface, waiting...
Fri Mar 29 11:15:05 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Mar 29 11:15:05 2019 MANAGEMENT: CMD 'state on'
Fri Mar 29 11:15:05 2019 MANAGEMENT: CMD 'log all on'
Fri Mar 29 11:15:05 2019 MANAGEMENT: CMD 'echo all on'
Fri Mar 29 11:15:05 2019 MANAGEMENT: CMD 'bytecount 5'
Fri Mar 29 11:15:05 2019 MANAGEMENT: CMD 'hold off'
Fri Mar 29 11:15:05 2019 MANAGEMENT: CMD 'hold release'
Fri Mar 29 11:15:05 2019 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Fri Mar 29 11:15:05 2019 Diffie-Hellman initialized with 1024 bit key
Fri Mar 29 11:15:05 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 29 11:15:05 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 29 11:15:05 2019 interactive service msg_channel=0
Fri Mar 29 11:15:05 2019 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=13 HWADDR=[MAC address of server]
Fri Mar 29 11:15:05 2019 open_tun
Fri Mar 29 11:15:05 2019 CreateFile failed on TAP device: \\.\Global\{1100F1DE-1030-4C24-9E0A-1BF384B250CE}.tap
Fri Mar 29 11:15:05 2019 MANAGEMENT: Client disconnected
Fri Mar 29 11:15:05 2019 All TAP-Windows adapters on this system are currently in use.
Fri Mar 29 11:15:05 2019 Exiting due to fatal errorI’ve attempted uninstalling + reinstalling OpenVPN and the TAP drivers several times, including deleting all of the files from the installation guide, and re-creating them.
Problem 3:
Expected Behavior: Connecting to the server from the client (laptop) on an external network
Actual Behavior: Upon attempting to connect, I would receive this error on a repeat until I closed the client:
Log:
Code: Select all
Fri Mar 29 11:31:02 2019 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Fri Mar 29 11:31:02 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Mar 29 11:31:02 2019 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Enter Management Password:
Fri Mar 29 11:31:02 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Mar 29 11:31:02 2019 Need hold release from management interface, waiting...
Fri Mar 29 11:31:02 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Mar 29 11:31:02 2019 MANAGEMENT: CMD 'state on'
Fri Mar 29 11:31:02 2019 MANAGEMENT: CMD 'log all on'
Fri Mar 29 11:31:02 2019 MANAGEMENT: CMD 'echo all on'
Fri Mar 29 11:31:02 2019 MANAGEMENT: CMD 'bytecount 5'
Fri Mar 29 11:31:02 2019 MANAGEMENT: CMD 'hold off'
Fri Mar 29 11:31:02 2019 MANAGEMENT: CMD 'hold release'
Fri Mar 29 11:31:02 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 29 11:31:02 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 29 11:31:02 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.[SIP]:1194
Fri Mar 29 11:31:02 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Mar 29 11:31:02 2019 UDP link local: (not bound)
Fri Mar 29 11:31:02 2019 UDP link remote: [AF_INET]192.168.1.[SIP]:1194
Fri Mar 29 11:31:02 2019 MANAGEMENT: >STATE:1553880662,WAIT,,,,,,
Fri Mar 29 11:32:02 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Mar 29 11:32:02 2019 TLS Error: TLS handshake failed
Fri Mar 29 11:32:02 2019 SIGUSR1[soft,tls-error] received, process restarting
Fri Mar 29 11:32:02 2019 MANAGEMENT: >STATE:1553880722,RECONNECTING,tls-error,,,,,
Fri Mar 29 11:32:02 2019 Restart pause, 5 second(s)
Fri Mar 29 11:32:07 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.[SIP]:1194
Fri Mar 29 11:32:07 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Mar 29 11:32:07 2019 UDP link local: (not bound)
Fri Mar 29 11:32:07 2019 UDP link remote: [AF_INET]192.168.1.[SIP]:1194
Fri Mar 29 11:32:07 2019 MANAGEMENT: >STATE:1553880727,WAIT,,,,,,
Fri Mar 29 11:33:07 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Mar 29 11:33:07 2019 TLS Error: TLS handshake failed
Fri Mar 29 11:33:07 2019 SIGUSR1[soft,tls-error] received, process restarting
Fri Mar 29 11:33:07 2019 MANAGEMENT: >STATE:1553880787,RECONNECTING,tls-error,,,,,
Fri Mar 29 11:33:07 2019 Restart pause, 5 second(s)
Fri Mar 29 11:33:12 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.[SIP]:1194
Fri Mar 29 11:33:12 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Mar 29 11:33:12 2019 UDP link local: (not bound)
Fri Mar 29 11:33:12 2019 UDP link remote: [AF_INET]192.168.1.[SIP]:1194
Fri Mar 29 11:33:12 2019 MANAGEMENT: >STATE:1553880792,WAIT,,,,,,
Fri Mar 29 11:33:55 2019 SIGTERM[hard,] received, process exiting
Fri Mar 29 11:33:55 2019 MANAGEMENT: >STATE:1553880835,EXITING,SIGTERM,,,,,I’ve attempted uninstalling + reinstalling OpenVPN and the TAP drivers several times, including deleting all of the files from the installation guide, and re-creating them.
Problem 4
Expected Behavior: Connect to the internet after connecting to the server from the client (laptop) from the internal network
Actual Behavior: Very strange, but when I’m actually inside the same network as the server, it can “successfully connect.” However, whenever I attempt to connect to the internet while on that server:
I am unable to do so. I just get DNS errors indefinitely.
Upon attempting to connect to the remote desktop, I received this error:
Clicking ‘Help’ does not actually trigger anything.
Attempted Solutions: I’ve attempted uninstalling + reinstalling OpenVPN and the TAP drivers several times, including deleting all of the files from the installation guide, and re-creating them.
UPDATE: So, for whatever reason, with nothing changing over the last four days, the TAP adapter now looks totally normal. I can re-enable it over and over, from any screen, and it will just say “Unidentified Network”, with no red X. HOWEVER, the above issues, Problems 1-4 still occur in an identical fashion.Problem 5
Expected Behavior: I expect the TAP adapter to be functioning properly, and connecting to the internet as necessary. Look something like this.
Actual Behavior: The TAP adapter continually gives a Network Cable Unplugged Error, despite the fact that it is a digital adapter, and as such, does not have a physical plug that can be plugged or unplugged.
I believe that this may be the source of all of the above issues, but I cannot verify this.
Attempted Solutions: I’ve attempted uninstalling + reinstalling OpenVPN and the TAP drivers several times, including deleting all of the files from the installation guide, and re-creating them.
At certain points, when I go into the network settings, the TAP adapter will show up as an unidentified network. When I disable and re-enable it from *this* screen, when I disable and re-enable the adapter from this screen, it will look like this. Under regular circumstances, the TAP does not appear as a network, and I can only view it after clicking ‘Change Adapter Settings’.
Whenever I disable/re-enable the adapter from this screen, the ‘Network Cable Unplugged’ error does not clear, even if I was able to get it to clear previously by re-enabling it from the Network and Sharing center.
I’ve tried reinstalling the TAP adapter individually, in addition to alongside OpenVPN. I’ve tried this trick from YouTube. I’ve tried resetting the IP stack several dozen times.
The TAP adapter (miraculously) appearing in the Network and Sharing Center, disabling it there, then re-enabling it in the adapter settings is the only way to get the error to go away, and even after the error has gone away, I still get the same above problems, where I cannot connect from another network, and when connecting on the same network, I can’t actually access anything.
System Information
Home Network:
Code: Select all
Windows IP Configuration
Host Name . . . . . . . . . . . . : DESKTOP-[HOME]
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : [MAC Address]
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : [ipv6 address]%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.[SIP]Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, March 29, 2019 1:25:05 PM
Lease Expires . . . . . . . . . . : Saturday, March 30, 2019 1:25:04 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : [ipv6 address]
DHCPv6 Client DUID. . . . . . . . : [ipv6 address]
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Code: Select all
Ethernet adapter TAP:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : [MAC Address]
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : [ipv6 address]%3(Preferred)
IPv4 Address. . . . . . . . . . . : 10.8.0.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Lease Obtained. . . . . . . . . . : Friday, March 29, 2019 1:29:11 PM
Lease Expires . . . . . . . . . . : Saturday, March 28, 2020 1:29:10 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 10.8.0.2
DHCPv6 IAID . . . . . . . . . . . : [ipv6 address]
DHCPv6 Client DUID. . . . . . . . : [ipv6 address]
DNS Servers . . . . . . . . . . . : [DNS address]::1%1
[DNS address]::2%1
[DNS address]::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Code: Select all
Host Name: DESKTOP-[Home Name]
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.17134 N/A Build 17134
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Windows User
Registered Organization:
Product ID: 00331-10000-00001-AA782
Original Install Date: 9/23/2018, 2:30:18 PM
System Boot Time: 3/29/2019, 1:24:56 PM
System Manufacturer: To Be Filled By O.E.M.
System Model: To Be Filled By O.E.M.
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: AMD64 Family 23 Model 1 Stepping 1 AuthenticAMD ~3200 Mhz
BIOS Version: American Megatrends Inc. P5.00, 7/5/2018
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-06:00) Central Standard Time (US & Canada)
Total Physical Memory: 16,317 MB
Available Physical Memory: 12,360 MB
Virtual Memory: Max Size: 32,701 MB
Virtual Memory: Available: 26,169 MB
Virtual Memory: In Use: 6,532 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\DESKTOP-[Home Name]
Hotfix(s): 10 Hotfix(s) Installed.
[01]: KB4100347
[02]: KB4230204
[03]: KB4456655
[04]: KB4465663
[05]: KB4477137
[06]: KB4480979
[07]: KB4485449
[08]: KB4487038
[09]: KB4489907
[10]: KB4489868
Network Card(s): 2 NIC(s) Installed.
[01]: TAP-Windows Adapter V9
Connection Name: TAP
DHCP Enabled: Yes
DHCP Server: 10.8.0.2
IP address(es)
[01]: 10.8.0.1
[02]: [IPv6 address]
[02]: Realtek PCIe GBE Family Controller
Connection Name: Ethernet
DHCP Enabled: Yes
DHCP Server: 192.168.1.1
IP address(es)
[01]: 192.168.1.[SIP]
[02]: [IPv6 address]
Hyper-V Requirements: VM Monitor Mode Extensions: Yes
Virtualization Enabled In Firmware: Yes
Second Level Address Translation: Yes
Data Execution Prevention Available: YesSeriously, thank you for looking over this. I know it’s a lot, and that there’s probably nothing that can be done. HOWEVER, if you can think of any other things for me to try, please comment below, and I will try it and respond with the results.
I’m not entirely sure what information can be used to track me down, harm me or my data, so if there is something censored that is important as part of troubleshooting, please let me know, and I will DM you the relevant information.
TL;DR: I tried to install a VPN server so I could access my desktop from my laptop, everything’s gone pear-shaped.