Page 1 of 2
Re: OpenVPN in Windows 8 consumer preview
Posted: Thu May 10, 2012 6:37 pm
by mokk
Bulvot
Unfortunately it doesn't help
Re: OpenVPN in Windows 8 consumer preview
Posted: Thu May 10, 2012 6:57 pm
by Bulvot
Have you tried using powershell scripts to configure the TAP/TUN adapter manually? In my troubleshooting I found that this worked. You might find a combination of manual configuration activities that causes the adapter to fully "wake up" so that OpenVPN can use it. I tried all of that and more until I narrowed it down to the applet for my environment. I suspect that the root cause here is Windows 8's new boot-up method where it doesn't load everything on boot. Finding something that gets the component going that is needed is probably the current work around for the moment.
I'm assuming you're also leaving the firewall completely disabled while you troubleshoot this. I also configured an OpenVPN server on a local network on a server with a single interface while testing to eliminate any other variables. It helped confirm where the problem was and also allowed for much faster connects and disconnects.
Re: OpenVPN in Windows 8 consumer preview
Posted: Fri May 11, 2012 1:36 pm
by mokk
Well, I think I should describe my situation more precisely. Perhaps you or anyone else can find a solution.
I use OpenVPN virtual network as a channel for my Internet traffic. Some dedicated computer acts as the OpenVPN server: its OpenVPN adapter is used as the target for Windows WAN Miniport Internet Connection Sharing. So "TAP-Win32 Adapter V9" is chosen as "home networking connection" at WAN Miniport's sharing tab. So if this server is Windows 7 everything works fine and every client can successfully use Internet network. Even Windows 8.
But when I try to use such server configuration with Windows 8, it doesn't work. Clients can successfully connect to OpenVPN server which operates on Windows 8 machine but they can't get the Internet traffic. It seems that ICS on Windows 8 works slightly different. So when OpenVPN server is setup on Windows 8 it acts as if it's not been connected to the ICS at all.
I'm terribly sorry for my awful English.
Re: OpenVPN in Windows 8 consumer preview
Posted: Sun May 20, 2012 8:04 pm
by tonitiger
Bulvot wrote:
Anyway, my final solution was to create a batch file (let's call it test.cmd):
@echo off
start c:\windows\system32\control.exe ncpa.cpl
Then add the following lines to the client configuration file:
script-security 2
up c:\\some\\directory\\test.cmd
The down side, of course, is that pops up the applet on your desktop. The upside is that the connection now works.
Thanks a lot...
Now it's working every time
Re: OpenVPN in Windows 8 consumer preview
Posted: Wed Aug 22, 2012 5:13 pm
by Bulvot
I'm using OpenVPN on a Tablet, so it's no uncommon for the tablet to enter and leave various states of connectivity. Local WiFi access, remote WiFi, GSM, etc.
To simplify the task of keeping the VPN tunnel up, I wrote a script. It monitors the VPN connection and performs the following as needed:
-Restarts the OpenVPN service (I have it installed as a service)
-Opens up the network control panel
It also displays various status items so you can quickly see how things look. I've been using it for a couple of months now, so I can vouch for it being rock solid and reliable. I've setup my Windows 8 to automatically start this script on boot, so it is always running. I've added comments (in the windows batch scripting world, that means the line is preceded by "rem"). These should fully describe the parameters at the beginning. I did not comment the entire file so if you're not familiar with the code and are curious what something does, use google or post on here and I'll explain it.
Hopefully this is useful to someone who would like an install and forget solution to keep the VPN connection up on Windows 8.
The code is as follows (just cut and paste into any "filename.cmd" and execute it). hopefully it cut and pastes ok. I didn't see any way to add it as an attachment to this post, but I am happy to email it to anyone who would like it:
Code: Select all
@echo off
mode con: cols=53 lines=11
set vpnfail=0
set vpnrestartcount=0
set sbadip=169.254
rem IMPORTANT!!!
rem You MUST set the below parameters correctly or this script will not function properly.
rem To determine the correct interface number, run "netsh interface ipv4 show interfaces" and use the number in the "idx" column
rem that correspondes to the vpn adapter. It is usually labeled "Local Area Connection". You can change the name by renaming
rem the adapter here: Control Panel\Network and Internet\Network Connections
set ifnum=24
rem Fill in any IP address, hostname, or FQDN that is accessible through the VPN connection.
rem This will be used to test the VPN connection to see if pings are working. The host you specify
rem must respond to pings.
set paddress=ingo
rem This is the network address for the vpn-accessible network
set homegate=10.1.1.0
rem This is the subnet to look for to indicate which network is currently connected (should always be a class A, B or C address here)
set homenet=10.1.1
rem This is the VPN subnet to look for to indicate that the vpn routes are up
set vpnnet=10.1.2
rem This is the number of times you are willing to let the check fail before restarting the VPN service
rem Keep in mind that it sometimes takes several seconds for the vpn to come fully up even if it reports "connected".
rem Don't set this number too low. 4 is a reasonable number.
set vfailcnt=4
rem This is the number of seconds to wait between checks.
set vchckslp=3
rem This is the TCP port that your OpenVPN Service is listening on
rem This must be added to your openvpn opvn configuration file:
rem management 127.0.0.1 8645
set ovport=8645
rem Additionally, these settings on your opvn configuration file might be useful:
rem resolv-retry infinite
rem connect-retry 5
rem keepalive 10 60
rem tun-mtu 1500
rem tun-mtu-extra 32
:start
set vpnip=
set vpnstatus=
set vpnroutes=
set openstate=
set vpnping=
set vpnservice=
call :getip
call :getroutes
call :getping
call :openstatus
call :getstatus
cls
echo VPN Status: %vpnstatus%
echo OpenVPN State: %openstate%
echo Current VPN Adapter IP: %vpnip%
echo VPN Routes: %vpnroutes%
echo Last Ping Response Time: %vpnping%
echo Failure Count: %vpnfail%
echo Restart Count: %vpnrestartcount%
if "%vpnfail%" geq "%vfailcnt%" call :vpnrestart
timeout /t %vchckslp% /nobreak >nul
goto start
:getip
for /f "tokens=2" %%i in ('netsh interface ipv4 show ipaddresses 24 ^| find ^"Parameters^" ') do @set vpnip=%%i
for /f "tokens=4" %%i in ('netsh interface ipv4 show ipaddresses 24 ^| find ^"DAD State^" ') do @set vpnipstate=%%i
if "%vpnipstate%" == "Deprecated" set vpnip=Unassigned
set vpnipstate=
goto :EOF
:getroutes
if "%vpnip%" == "Unassigned" set vpnroutes=No VPN Connection& goto :EOF
for /f "tokens=4" %%i in ('route print ^| find ^"%homegate%^"') do @set vpngate=%%i
for /f %%i in ('echo %vpngate% ^| find ^"%homenet%^"') do @set vpnroutes=Connected to Home Network
for /f %%i in ('echo %vpngate% ^| find ^"%vpnnet%^"') do @set vpnroutes=Good VPN Routes
if defined vpnroutes goto :EOF
set vpnroutes=Bad VPN Routes
set vpngate=
goto :EOF
:getping
if "%vpnroutes%" == "Bad VPN Routes" set vpnping=No Valid Route Available& goto :EOF
if "%vpnroutes%" == "No VPN Connection" set vpnping=No Valid Route Available& goto :EOF
for /f "tokens=3 delims==" %%i in ('ping -w 3000 -n 1 %paddress% ^| find ^"Reply^"') do @set vpnping=%%i
if defined vpnping set vpnping=%vpnping: TTL=%& goto :EOF
set vpnping=No Response
goto :EOF
:openstatus
echo state>%0\..\openvpnstate.scr
echo exit>>%0\..\openvpnstate.scr
for /f "tokens=2 delims=," %%i in ('type %0\..\openvpnstate.scr ^|nc 127.0.0.1 %ovport%') do set openstate=%%i& goto :EOF
for /f "tokens=2 delims=," %%i in ('type %0\..\openvpnstate.scr ^|nc -i 1 127.0.0.1 %ovport%') do set openstate=%%i
del /q %0\..\openstate.scr >nul 2>nul
goto :EOF
:getstatus
for /f %%i in ('net start ^| find ^"OpenVPN^"') do @set vpnservice=%%i
if not defined vpnservice set vpnstatus=Service Stopped&set vpnfail=999& goto :EOF
if "%openstate%" neq "CONNECTED" set vpnstatus=Disconnected& set vpnfail=0& goto :EOF
for /f %%i in ('echo %vpnip% ^| find ^"%sbadip%^"') do @set vpnstatus=Bad IP& set /a vpnfail=%vpnfail% + 1& goto :EOF
for /f "tokens=3" %%i in ('netsh interface ipv4 show interfaces %ifnum% ^| find ^"State^"') do @if "%%i" == "disconnected" set vpnstatus=Disconnected& set vpnfail=0& goto nextstat
if "%vpnroutes%" == "Bad VPN Routes" set vpnstatus=Good IP but Bad Routes& set /a vpnfail=%vpnfail% +1& goto :EOF
if "%vpnping%" == "No Response" set vpnstatus=Bad or Slow Connection& set /a vpnfail=%vpnfail% + 1& goto :EOF
set vpnstatus=Good Connection
set vpnfail=0
goto :EOF
:nextstat
if "%openstate%" neq "CONNECTED" goto :EOF
set vpnstatus=Connected with Bad Network Configuration
set /a vpnfail=4
start %windir%\system32\control.exe %windir%\ncpa.cpl
goto :EOF
:vpnrestart
if "%vpnstatus%" == "Service Stopped" goto restart
if "%openstate%" neq "CONNECTED" goto :EOF
:restart
echo.
echo.
echo Restarting VPN Service...
set vpnfail=0
ipconfig /flushdns>nul 2>nul
set /a vpnrestartcount=%vpnrestartcount% + 1
net stop "openvpn service" >nul 2>nul
timeout /t 2 /nobreak >nul
net start "openvpn service" >nul 2>nul
goto :EOF
Re: OpenVPN in Windows 8 consumer preview
Posted: Sun Jan 13, 2013 6:23 pm
by Clodo
I investigate on this issue, the "Waiting for TUN/TAP interface to come up" under Windows 8.
Test environment:
- Fresh, clean install of Windows 8 PRO Retail under a VirtualBox VM.
- OpenVPN 2.3.0
At connection, always waiting the TUN/TAP interface, forever until OpenVPN continue and finish with a "Initialization Sequence Completed With Errors".
Some people, for example here:
http://blogs.radicalsystems.com.au/lsil ... windows-8/
and also 'Bulvot' in this thread say to open the "Control Panel -> Network connections" to resolve.
True. Sistematic. If for example wait five "Waiting for TUN/TAP" and i open the control panel, OpenVPN unlock (see the adapter) in realtime.
So, control panel do something, i suppose it change somethings on the TAP network interface.
People around internet say it's because CP start the "Netman" service.
Also, some other people, for example here:
http://visualplanet.org/blog/?p=127
say that issue is caused by missing "RAS Connection Manager Administration Kit (CMAK)" in Windows 8 default installation.
Actually, in my test environment,
i don't have installed the "RAS Connection Manager Administration Kit (CMAK)",
i don't have started or set auto the service "Netman",
i simply run
Code: Select all
netsh interface set interface "Local Area Connection" ENABLED
When i detect in the log the message "Waiting for TUN/TAP interface to come up".
("Local Area Connection" is my TAP-Windows interface).
I still think that OpenVPN developer must investigate about this issue.
Regards.
Re: OpenVPN in Windows 8 consumer preview
Posted: Sat Feb 02, 2013 9:45 am
by chuckles
Huh.
I seem to have stumbled upon a permanent fix for getting OpenVPN connection to work with Windows 8 Pro using the info from previous posts.
1) first step was to completely remove my installation OpenVPN.
2) open the Network Adapter applet (I just used the command window and entered "start c:\windows\system32\control.exe ncpa.cpl"
3) leave the applet open and then reinstall OpenVPN running the installer as administrator. After installation, there was a TAP-Windows Adapter V9 in Network connections with red X
4) Change the properties of openvpn.exe and the gui applications to run as an administrator.
Now when I open the main application or use the GUI, I always get a connection - I don't have to open the Network Adapter applet ever again.
Re: OpenVPN in Windows 8 consumer preview
Posted: Wed Feb 13, 2013 10:12 pm
by LighScan
I should've seen this one coming... Got a new laptop from work with Windows 8 on it, everything works smooth except... vpn. *sigh*.
So after reading this topic and spending a few hours (more like wasting them) on getting this to work, I failed. I can't get the connection up and running.
Okay so basically:
- The program OpenVPN which I can download and install from website from my work, is very outdated and doesn't run under Windows 8 (great job sys-admins @ work
)
- OpenVPN Desktop Client is actually able to make a connection (yes, running as "Administrator")
- Same problem as described in this topic occurs: the network interface doesn't get updated with the info, thus the connection works only half (openvpn works but doesn't share..., simply put).
It doesn't work by running the network applet, compability mode, etc.
What am I doing wrong?
Re: OpenVPN in Windows 8 consumer preview
Posted: Sat Mar 02, 2013 12:31 am
by AU_Squirrel
Having a similar issue. I have configured OpenVPN to run as admin. I do connect to the server however the windows 8 firewall is blocking any packets not originating from the gateway. It has placed the Tap adapter in the public space.
For testing I can ssh into the gateway box and then connect to any workstation on the internal network. I can ping my gateway box from the laptop. I can't ping or traceroute to the laptop from the gateway or any internal network.
I run a wireshark capture on the tap adapter and packets from the internal network are arriving. It appears that the windows 8 firewall is blocking them as it has placed the Tap adapter in the public networks group. This setting will not allow incoming ICMP or other packets into the workstation. To date I have not found a way of adding the Tap adapter to the private network group. Most options require me to run the gpedit.msc which is not installed on the laptop.
Re: OpenVPN in Windows 8 consumer preview
Posted: Mon Mar 04, 2013 11:09 pm
by rfigueroa
Same issue here, also solved by opening the applet before.
We're running OpenVPN as Service, so I modified the script to stop open the applet and start the service:
Code: Select all
net stop OpenVPNService
start c:\windows\system32\control.exe ncpa.cpl
net start OpenVPNService
So the user needs to run this script as Administrator every time he wants to connect.
Are there any issue opened that we can follow to be notified when this get resolved?
Re: OpenVPN in Windows 8 consumer preview
Posted: Tue Mar 05, 2013 8:07 am
by rseiler
My primary problem in Win8 Pro RTM with the latest OpenVPN client (Feb 14) is that perhaps around every other or every third time, it GPF's when connecting. I then have to go in and disable/enable the TAP adapter (Local Area Connection) and reconnect. Quite annoying.
Faulting application name: openvpn-gui.exe, version: 2.0.0.0, time stamp: 0x511d035b
Faulting module name: msvcrt.dll, version: 7.0.9200.16384, time stamp: 0x5010ac20
Exception code: 0xc0000005
Fault offset: 0x0000000000001264
Faulting process id: 0xa58
Faulting application start time: 0x01ce18b23178df37
Faulting application path: C:\Program Files\OpenVPN\bin\openvpn-gui.exe
Faulting module path: C:\Windows\system32\msvcrt.dll
Report Id: 51d08b26-8566-11e2-bef4-74f06debe923
Faulting package full name:
Faulting package-relative application ID:
Re: OpenVPN in Windows 8 consumer preview
Posted: Tue Mar 05, 2013 10:20 am
by rseiler
What's the deal with not being able to edit a post after only a couple minutes? Anyway, I found a better thread for the crashing issue here:
topic11901.html
Re: OpenVPN in Windows 8 consumer preview
Posted: Mon Apr 15, 2013 3:58 pm
by egroeper
Clodo wrote:
Actually, in my test environment,
i don't have installed the "RAS Connection Manager Administration Kit (CMAK)",
i don't have started or set auto the service "Netman",
i simply run
Code: Select all
netsh interface set interface "Local Area Connection" ENABLED
When i detect in the log the message "Waiting for TUN/TAP interface to come up".
("Local Area Connection" is my TAP-Windows interface).
Thanks! This works here, too.
I put this into a batch script (enabletap.cmd):
Code: Select all
C:\Windows\System32\netsh interface set interface %1 Enabled
This script is called by OpenVPN GUI:
Code: Select all
script-security 2
up enabletap.cmd
After these changes the timeouts for the tap device are gone and the tunnel seems to work every time.
Re: OpenVPN in Windows 8 consumer preview
Posted: Wed Feb 05, 2014 10:50 pm
by Videonisse
Can anyone confirm if OpenVPN still needs a workaround to initiate the first connection in Win 8.1, or if the problem is solved?
Re: OpenVPN in Windows 8 consumer preview
Posted: Wed Feb 05, 2014 11:05 pm
by rseiler
It's long solved.
Re: OpenVPN in Windows 8 consumer preview
Posted: Thu Feb 06, 2014 1:05 am
by Videonisse
rseiler wrote:It's long solved.
I updated OpenVPN on a Win 8 PC few months ago and the problem existed after the update. I have not updated to Win 8.1 yet.
Should it be solved in OpenVPN or in Win 8.1?
Re: OpenVPN in Windows 8 consumer preview
Posted: Thu Feb 06, 2014 1:27 am
by rseiler
We might be talking about different problems then, but it was a client update that solved my problem a long time ago, not Windows. What do you mean by "Initiate the first connection"? It works here for any and all connections.
Re: OpenVPN in Windows 8 consumer preview
Posted: Thu Feb 06, 2014 3:46 am
by linnea
I do experience same problem too but after the client update my openvpn works fine.
Re: OpenVPN in Windows 8 consumer preview
Posted: Mon Sep 22, 2014 11:53 am
by voter
The probelm ist still there in Windows 8.1 and OpenVPN with GUI v5 : after coming back from stand-by no more OpenVPN connection is possible.
The simple solution - opening Network Connection panel, helps.
With old OpenVPN v1.5.6 and old TAP driver the problem is not appearing.
Re: OpenVPN in Windows 8 consumer preview
Posted: Sat Dec 13, 2014 1:21 am
by ananda
My problem was on server side, but the solution may be similar on the client. More precisely, for me the problem was only present on reboot, openvpn was unable to set tap-adapter address (I guess it was not logged), and then had no chance to setup the route.
The basic idea for me was to manualy set as much as possible in windows:
- Set the TAP-Win32 adapter Media Status property to "Always Connected"
- Set the address of the adapter let's say 10.8.0.4/255.255.255.252 (client first default address)
- Add a static route to this network using the tap-adapter: route add 10.8.0.0 mask 255.255.255 10.8.0.5 if your-tap-adapter
(make it persistent using -p if you want)
- in openvpn config (it was in server mode in my case, but it should also work):
# don't let openvpn set the adapter address
ip-win32 manual
# I assume this line is no longer needed, but I didn't try and it didn't hurt...
ifconfig 10.8.0.4 10.8.0.5
# route 10.8.0.0 255.255.255.0 (no longer needed, it's already here)
Hope this helps.