OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

OpenVPN in Windows 8 consumer preview

https://forums.openvpn.net/viewtopic.php?t=10013

Page 1 of 2

OpenVPN in Windows 8 consumer preview

Posted: Wed Mar 07, 2012 4:11 pm
by elmux
Hello

I know this is a problem which was often diskussed on this forum. It is the problem with openvpn not be able to configure the tap adapter. With openvpn-2.2.2 I was happy to see, that the problem is solved for windows 7. It works great! With 2.1 the problem appeared mostly after a power resume (after standby).

Now I did some tests with the Windows 8 consumer preview. Sure this version is not yet released. But unfortunately the problem seems to be back. And in my opinion it is much worse.
I tried already with all the workarounds with route-delay options , route-method, TAP adaptor reset, tap-sleep, ip-win32 netsh, ...
Sometimes it is working good and then another time it absolutely won't configure the tap adapter (especially after a reboot).

I tried as well with openvpn-2.3-alpha1, but it doesn't change anything.

Did you notify already this problem? At the moment it is not a big issue as Windows 8 is not yet released. Has anyone an idea, why it is bad again?

Here the log output:
Fri Mar 02 12:51:13 2012 us=750000 Current Parameter Settings:
Fri Mar 02 12:51:13 2012 us=750000 config = 'sophiaconfig.ovpn'
Fri Mar 02 12:51:13 2012 us=750000 mode = 0
Fri Mar 02 12:51:13 2012 us=750000 show_ciphers = DISABLED
Fri Mar 02 12:51:13 2012 us=750000 show_digests = DISABLED
Fri Mar 02 12:51:13 2012 us=750000 show_engines = DISABLED
Fri Mar 02 12:51:13 2012 us=750000 genkey = DISABLED
Fri Mar 02 12:51:13 2012 us=750000 key_pass_file = '[UNDEF]'
Fri Mar 02 12:51:13 2012 us=750000 show_tls_ciphers = DISABLED
Fri Mar 02 12:51:13 2012 us=750000 Connection profiles [default]:
Fri Mar 02 12:51:13 2012 us=750000 proto = udp
Fri Mar 02 12:51:13 2012 us=750000 local = '[UNDEF]'
Fri Mar 02 12:51:13 2012 us=750000 local_port = 0
Fri Mar 02 12:51:13 2012 us=750000 remote = '10.10.2.4'
Fri Mar 02 12:51:13 2012 us=750000 remote_port = 1194
Fri Mar 02 12:51:13 2012 us=750000 remote_float = DISABLED
Fri Mar 02 12:51:13 2012 us=750000 bind_defined = DISABLED
Fri Mar 02 12:51:13 2012 us=750000 bind_local = DISABLED
Fri Mar 02 12:51:13 2012 us=750000 connect_retry_seconds = 5
Fri Mar 02 12:51:13 2012 us=750000 connect_timeout = 10
Fri Mar 02 12:51:13 2012 us=750000 NOTE: --mute triggered...
Fri Mar 02 12:51:13 2012 us=750000 253 variation(s) on previous 20 message(s) suppressed by --mute
Fri Mar 02 12:51:13 2012 us=750000 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Fri Mar 02 12:51:13 2012 us=750000 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Fri Mar 02 12:51:13 2012 us=750000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Mar 02 12:51:13 2012 us=890000 LZO compression initialized
Fri Mar 02 12:51:13 2012 us=890000 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Mar 02 12:51:13 2012 us=890000 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Mar 02 12:51:13 2012 us=890000 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Mar 02 12:51:13 2012 us=890000 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Mar 02 12:51:13 2012 us=890000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Mar 02 12:51:13 2012 us=890000 Local Options hash (VER=V4): 'd79ca330'
Fri Mar 02 12:51:13 2012 us=890000 Expected Remote Options hash (VER=V4): 'f7df56b8'
Fri Mar 02 12:51:13 2012 us=890000 UDPv4 link local: [undef]
Fri Mar 02 12:51:13 2012 us=890000 UDPv4 link remote: 10.10.2.4:1194
Fri Mar 02 12:51:13 2012 us=890000 TLS: Initial packet from 10.10.2.4:1194, sid=90fd922b 5c74dee1
Fri Mar 02 12:51:13 2012 us=921000 VERIFY OK: depth=1, /C=CH/L=Guemligen/O=USP/OU=ca/CN=chgut1ca.u-s-p.ch
Fri Mar 02 12:51:13 2012 us=921000 VERIFY X509NAME OK: /C=CH/L=Guemligen/O=USP/CN=chgut2fw01.u-s-p.ch
Fri Mar 02 12:51:13 2012 us=921000 VERIFY OK: depth=0, /C=CH/L=Guemligen/O=USP/CN=chgut2fw01.u-s-p.ch
Fri Mar 02 12:51:14 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Mar 02 12:51:14 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 02 12:51:14 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Mar 02 12:51:14 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 02 12:51:14 2012 us=140000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Mar 02 12:51:14 2012 us=140000 [chgut2fw01.u-s-p.ch] Peer Connection Initiated with 10.10.2.4:1194
Fri Mar 02 12:51:16 2012 us=468000 SENT CONTROL [chgut2fw01.u-s-p.ch]: 'PUSH_REQUEST' (status=1)
Fri Mar 02 12:51:16 2012 us=468000 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.255.250.1,ping 10,ping-restart 120,ip-win32 dynamic,route 172.16.20.0 255.255.255.192,route 172.16.20.64 255.255.255.192,route 172.16.20.128 255.255.255.192,route 172.16.20.192 255.255.255.192,ifconfig 10.255.250.2 255.255.255.0'
Fri Mar 02 12:51:16 2012 us=468000 OPTIONS IMPORT: timers and/or timeouts modified
Fri Mar 02 12:51:16 2012 us=468000 OPTIONS IMPORT: --ifconfig/up options modified
Fri Mar 02 12:51:16 2012 us=468000 OPTIONS IMPORT: route options modified
Fri Mar 02 12:51:16 2012 us=468000 OPTIONS IMPORT: route-related options modified
Fri Mar 02 12:51:16 2012 us=468000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Mar 02 12:51:16 2012 us=484000 ROUTE default_gateway=10.0.2.2
Fri Mar 02 12:51:16 2012 us=484000 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{96CA5E31-01B9-41F6-8078-2A760FDDFB09}.tap
Fri Mar 02 12:51:16 2012 us=484000 TAP-Win32 Driver Version 9.9
Fri Mar 02 12:51:16 2012 us=484000 TAP-Win32 MTU=1500
Fri Mar 02 12:51:16 2012 us=500000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.255.250.2/255.255.255.0 on interface {96CA5E31-01B9-41F6-8078-2A760FDDFB09} [DHCP-serv: 10.255.250.0, lease-time: 31536000]
Fri Mar 02 12:51:16 2012 us=500000 Successful ARP Flush on interface [15] {96CA5E31-01B9-41F6-8078-2A760FDDFB09}
Fri Mar 02 12:51:21 2012 us=656000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:21 2012 us=656000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:26 2012 us=812000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:26 2012 us=812000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:27 2012 us=968000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:27 2012 us=968000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:29 2012 us=125000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:29 2012 us=125000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:30 2012 us=281000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:30 2012 us=281000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:31 2012 us=437000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:31 2012 us=437000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:32 2012 us=593000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:32 2012 us=593000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:33 2012 us=750000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:33 2012 us=750000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:34 2012 us=906000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:34 2012 us=906000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:36 2012 us=62000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:36 2012 us=62000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:37 2012 us=234000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:37 2012 us=234000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:38 2012 us=468000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:38 2012 us=468000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:39 2012 us=703000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:39 2012 us=703000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:40 2012 us=937000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:40 2012 us=937000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:42 2012 us=171000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:42 2012 us=171000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:43 2012 us=406000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:43 2012 us=406000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:44 2012 us=640000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:44 2012 us=640000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:45 2012 us=875000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:45 2012 us=875000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:47 2012 us=109000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:47 2012 us=109000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:48 2012 us=281000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:48 2012 us=281000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:49 2012 us=453000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:49 2012 us=453000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:50 2012 us=625000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:50 2012 us=625000 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 02 12:51:51 2012 us=796000 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Fri Mar 02 12:51:51 2012 us=796000 C:\WINDOWS\system32\route.exe ADD 172.16.20.0 MASK 255.255.255.192 10.255.250.1
Fri Mar 02 12:51:51 2012 us=796000 Warning: route gateway is not reachable on any active network adapters: 10.255.250.1
Fri Mar 02 12:51:51 2012 us=796000 Route addition via IPAPI failed [adaptive]
Fri Mar 02 12:51:51 2012 us=796000 Route addition fallback to route.exe
OK!
Fri Mar 02 12:51:51 2012 us=812000 C:\WINDOWS\system32\route.exe ADD 172.16.20.64 MASK 255.255.255.192 10.255.250.1
Fri Mar 02 12:51:51 2012 us=812000 Warning: route gateway is not reachable on any active network adapters: 10.255.250.1
Fri Mar 02 12:51:51 2012 us=812000 Route addition via IPAPI failed [adaptive]
Fri Mar 02 12:51:51 2012 us=812000 Route addition fallback to route.exe
OK!
Fri Mar 02 12:51:51 2012 us=843000 C:\WINDOWS\system32\route.exe ADD 172.16.20.128 MASK 255.255.255.192 10.255.250.1
Fri Mar 02 12:51:51 2012 us=843000 Warning: route gateway is not reachable on any active network adapters: 10.255.250.1
Fri Mar 02 12:51:51 2012 us=843000 Route addition via IPAPI failed [adaptive]
Fri Mar 02 12:51:51 2012 us=843000 Route addition fallback to route.exe
OK!
Fri Mar 02 12:51:51 2012 us=859000 C:\WINDOWS\system32\route.exe ADD 172.16.20.192 MASK 255.255.255.192 10.255.250.1
Fri Mar 02 12:51:51 2012 us=875000 Warning: route gateway is not reachable on any active network adapters: 10.255.250.1
Fri Mar 02 12:51:51 2012 us=875000 Route addition via IPAPI failed [adaptive]
Fri Mar 02 12:51:51 2012 us=875000 Route addition fallback to route.exe
OK!
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 10.0.2.2 p=0 i=12 t=4 pr=3 a=3343 h=0 m=266/0/0/0/0
10.0.2.0 255.255.255.0 10.0.2.15 p=0 i=12 t=3 pr=2 a=3343 h=0 m=266/0/0/0/0
10.0.2.15 255.255.255.255 10.0.2.15 p=0 i=12 t=3 pr=2 a=3343 h=0 m=266/0/0/0/0
10.0.2.255 255.255.255.255 10.0.2.15 p=0 i=12 t=3 pr=2 a=3343 h=0 m=266/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=3372 h=0 m=306/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=3372 h=0 m=306/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=3372 h=0 m=306/0/0/0/0
172.16.20.0 255.255.255.192 10.255.250.1 p=0 i=12 t=4 pr=3 a=0 h=0 m=11/0/0/0/0
172.16.20.64 255.255.255.192 10.255.250.1 p=0 i=12 t=4 pr=3 a=0 h=0 m=11/0/0/0/0
172.16.20.128 255.255.255.192 10.255.250.1 p=0 i=12 t=4 pr=3 a=0 h=0 m=11/0/0/0/0
172.16.20.192 255.255.255.192 10.255.250.1 p=0 i=12 t=4 pr=3 a=0 h=0 m=11/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=3372 h=0 m=306/0/0/0/0
224.0.0.0 240.0.0.0 10.0.2.15 p=0 i=12 t=3 pr=2 a=3361 h=0 m=266/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=3372 h=0 m=306/0/0/0/0
255.255.255.255 255.255.255.255 10.0.2.15 p=0 i=12 t=3 pr=2 a=3361 h=0 m=266/0/0/0/0
SYSTEM ADAPTER LIST
TAP-Win32 Adapter V9
Index = 15
GUID = {96CA5E31-01B9-41F6-8078-2A760FDDFB09}
IP = 0.0.0.0/0.0.0.0
MAC = 00:ff:96:ca:5e:31
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Fri Mar 02 12:51:51 2012
DHCP LEASE EXPIRES = Wed Dec 31 16:00:00 1969
DNS SERV =
Intel(R) PRO/1000 MT Desktop Adapter
Index = 12
GUID = {55CAE6F0-EA1F-4629-8074-378F39C7A5FE}
IP = 10.0.2.15/255.255.255.0
MAC = 08:00:27:47:5e:2d
GATEWAY = 10.0.2.2/255.255.255.255
DHCP SERV = 10.0.2.2/255.255.255.255
DHCP LEASE OBTAINED = Fri Mar 02 11:56:08 2012
DHCP LEASE EXPIRES = Wed Dec 31 16:00:00 1969
DNS SERV = 192.168.1.29/255.255.255.255 192.168.1.38/255.255.255.255 172.17.4.212/255.255.255.255
Fri Mar 02 12:51:51 2012 us=984000 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )

Client config:
client
dev tun
remote 10.10.2.4 1194
nobind
persist-key
persist-tun
tls-client
tls-remote chgut2fw01.u-s-p.ch
ca cacert/caCert.pem
cert cert/userCert.pem
key key/userKey.pem
comp-lzo
verb 4
mute 20
ping 10
ping-restart 60
# and optional with methods "route-delay 20", "route-method exe" and "tap-sleep 10"

Server config:
mode server
local 10.10.2.4
proto udp
port 1194
dev tun
topology subnet
user root
group root
cd /etc/openvpn
tls-server
ca cacerts/caCert.pem
cert cert/chgut2fwCert.pem
key key/chgut2fwKey.pem
crl-verify crls/crl.pem
dh key/dh1024.pem
ifconfig 10.255.250.1 255.255.255.0
ifconfig-pool 10.255.250.2 10.255.250.254 255.255.255.0
ifconfig-pool-persist /var/state/openvpn/ipp_wan0-udp-1194-0
push "topology subnet"
push "ip-win32 dynamic"
push "dhcp-option DOMAIN u-s-p.ch"
push "route-gateway 10.255.250.1"
push "route 172.16.20.0 255.255.255.0"
push "route 192.168.200.0 255.255.255.0"
push "route 192.168.220.0 255.255.255.0"
script-security 2 execve
client-to-client
keepalive 10 120
reneg-sec 3600
cipher BF-CBC
comp-lzo
max-clients 100
persist-key
persist-tun
status /var/state/openvpn/status_wan0-udp-1194-0 20
status-version 2
verb 4
mute 20

Thanks.

Best regards
Elmar

Re: OpenVPN in Windows 8 consumer preview

Posted: Wed Mar 07, 2012 4:19 pm
by janjust
seems like MickeySoft broke the way OpenVPN assigns an IP address to the tap-win32 adapter using DHCP (again).
I'm sure developers would like to see a wireshark/tcpdump trace during the connection process.

As for work-arounds, try adding

Code: Select all

route-delay 5 30
tap-sleep 5

Re: OpenVPN in Windows 8 consumer preview

Posted: Thu Mar 08, 2012 7:00 am
by elmux
Hello

Thanks for your reply.
Unfortunately the options route-delay and tap-sleep don't help. I have captured the packets on the tap adapter, but there were no dhcp packets.

However I have a dump of a session, where openvpn was able to configure the tap adapter:

# tcpdump -r tap_dev_dump.pcap -vvv
reading from file tap_dev_dump.pcap, link-type EN10MB (Ethernet)
07:44:37.300279 IP (tos 0x0, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 340)
0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:ff:96:ca:5e:31 (oui Unknown), length 312, xid 0x5d8908f3, Flags [none] (0x0000)
Client-Ethernet-Address 00:ff:96:ca:5e:31 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Client-ID Option 61, length 7: ether 00:ff:96:ca:5e:31
Requested-IP Option 50, length 4: 10.255.250.2
Hostname Option 12, length 11: "chgutXcl05^@"
FQDN Option 81, length 13: "chgutXcl05"
Vendor-Class Option 60, length 8: "MSFT 5.0"
Parameter-Request Option 55, length 13:
Subnet-Mask, Domain-Name, Default-Gateway, Domain-Name-Server
Netbios-Name-Server, Netbios-Node, Netbios-Scope, Router-Discovery
Static-Route, Classless-Static-Route, Classless-Static-Route-Microsoft, Option 252
Vendor-Option
END Option 255, length 0
07:44:37.300350 IP (tos 0x0, ttl 16, id 0, offset 0, flags [none], proto UDP (17), length 278)
10.255.250.254.bootps > 255.255.255.255.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 250, xid 0x5d8908f3, Flags [none] (0x0000)
Server-IP 10.255.250.254
Client-Ethernet-Address 00:ff:96:ca:5e:31 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: NACK
Server-ID Option 54, length 4: 10.255.250.254
END Option 255, length 0
07:44:37.324250 IP (tos 0x0, ttl 16, id 0, offset 0, flags [none], proto UDP (17), length 300)
10.255.250.254.bootps > 255.255.255.255.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 272, xid 0x3f5bbd6b, Flags [none] (0x0000)
Your-IP 10.255.250.2
Server-IP 10.255.250.254
Client-Ethernet-Address 00:ff:96:ca:5e:31 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Server-ID Option 54, length 4: 10.255.250.254
Lease-Time Option 51, length 4: 31536000
Subnet-Mask Option 1, length 4: 255.255.255.0
Domain-Name Option 15, length 8: "u-s-p.ch"
END Option 255, length 0
07:44:37.324707 IP (tos 0x0, ttl 16, id 0, offset 0, flags [none], proto UDP (17), length 300)
10.255.250.254.bootps > 255.255.255.255.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 272, xid 0x3f5bbd6b, Flags [none] (0x0000)
Your-IP 10.255.250.2
Server-IP 10.255.250.254
Client-Ethernet-Address 00:ff:96:ca:5e:31 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: ACK
Server-ID Option 54, length 4: 10.255.250.254
Lease-Time Option 51, length 4: 31536000
Subnet-Mask Option 1, length 4: 255.255.255.0
Domain-Name Option 15, length 8: "u-s-p.ch"
END Option 255, length 0

Here the log, where the configuration was unsuccesful:

Wed Mar 07 22:47:21 2012 us=718000 Current Parameter Settings:
Wed Mar 07 22:47:21 2012 us=718000 config = 'config.ovpn'
Wed Mar 07 22:47:21 2012 us=718000 mode = 0
Wed Mar 07 22:47:21 2012 us=718000 show_ciphers = DISABLED
Wed Mar 07 22:47:21 2012 us=718000 show_digests = DISABLED
Wed Mar 07 22:47:21 2012 us=718000 show_engines = DISABLED
Wed Mar 07 22:47:21 2012 us=718000 genkey = DISABLED
Wed Mar 07 22:47:21 2012 us=718000 key_pass_file = '[UNDEF]'
Wed Mar 07 22:47:21 2012 us=718000 show_tls_ciphers = DISABLED
Wed Mar 07 22:47:21 2012 us=718000 Connection profiles [default]:
Wed Mar 07 22:47:21 2012 us=718000 proto = udp
Wed Mar 07 22:47:21 2012 us=718000 local = '[UNDEF]'
Wed Mar 07 22:47:21 2012 us=718000 local_port = 0
Wed Mar 07 22:47:21 2012 us=718000 remote = '10.10.2.4'
Wed Mar 07 22:47:21 2012 us=718000 remote_port = 1194
Wed Mar 07 22:47:21 2012 us=718000 remote_float = DISABLED
Wed Mar 07 22:47:21 2012 us=718000 bind_defined = DISABLED
Wed Mar 07 22:47:21 2012 us=718000 bind_local = DISABLED
Wed Mar 07 22:47:21 2012 us=718000 connect_retry_seconds = 5
Wed Mar 07 22:47:21 2012 us=718000 connect_timeout = 10
Wed Mar 07 22:47:21 2012 us=718000 NOTE: --mute triggered...
Wed Mar 07 22:47:21 2012 us=718000 214 variation(s) on previous 20 message(s) suppressed by --mute
Wed Mar 07 22:47:21 2012 us=718000 OpenVPN 2.3-alpha1 Win32-MSVC++ [SSL (OpenSSL)] [LZO2] [PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on Feb 21 2012
Wed Mar 07 22:47:21 2012 us=718000 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Wed Mar 07 22:47:21 2012 us=718000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Mar 07 22:47:21 2012 us=828000 LZO compression initialized
Wed Mar 07 22:47:21 2012 us=828000 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Mar 07 22:47:21 2012 us=843000 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Mar 07 22:47:21 2012 us=843000 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Mar 07 22:47:21 2012 us=843000 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Mar 07 22:47:21 2012 us=843000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Mar 07 22:47:21 2012 us=843000 Local Options hash (VER=V4): '41690919'
Wed Mar 07 22:47:21 2012 us=843000 Expected Remote Options hash (VER=V4): '530fdded'
Wed Mar 07 22:47:21 2012 us=843000 UDPv4 link local: [undef]
Wed Mar 07 22:47:21 2012 us=843000 UDPv4 link remote: [AF_INET]10.10.2.4:1194
Wed Mar 07 22:47:21 2012 us=843000 TLS: Initial packet from [AF_INET]10.10.2.4:1194, sid=8c59aa08 6f2ab081
Wed Mar 07 22:47:21 2012 us=859000 VERIFY OK: depth=1, C=CH, L=Guemligen, O=USP, OU=ca, CN=chgut1ca.u-s-p.ch
Wed Mar 07 22:47:21 2012 us=859000 VERIFY X509NAME OK: C=CH, L=Guemligen, O=USP, CN=chgut2fw01.u-s-p.ch
Wed Mar 07 22:47:21 2012 us=859000 VERIFY OK: depth=0, C=CH, L=Guemligen, O=USP, CN=chgut2fw01.u-s-p.ch
Wed Mar 07 22:47:21 2012 us=921000 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 07 22:47:21 2012 us=921000 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 07 22:47:21 2012 us=921000 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 07 22:47:21 2012 us=921000 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 07 22:47:21 2012 us=921000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Mar 07 22:47:21 2012 us=921000 [chgut2fw01.u-s-p.ch] Peer Connection Initiated with [AF_INET]10.10.2.4:1194
Wed Mar 07 22:47:24 2012 us=78000 SENT CONTROL [chgut2fw01.u-s-p.ch]: 'PUSH_REQUEST' (status=1)
Wed Mar 07 22:47:24 2012 us=78000 PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.255.250.1,ping 10,ping-restart 120,ip-win32 dynamic,dhcp-option DOMAIN u-s-p.ch,route 172.16.20.0 255.255.255.0,route 192.168.200.0 255.255.255.0,route 192.168.220.0 255.255.255.0,ifconfig 10.255.250.2 255.255.255.0'
Wed Mar 07 22:47:24 2012 us=78000 OPTIONS IMPORT: timers and/or timeouts modified
Wed Mar 07 22:47:24 2012 us=78000 OPTIONS IMPORT: --ifconfig/up options modified
Wed Mar 07 22:47:24 2012 us=78000 OPTIONS IMPORT: route options modified
Wed Mar 07 22:47:24 2012 us=78000 OPTIONS IMPORT: route-related options modified
Wed Mar 07 22:47:24 2012 us=78000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Mar 07 22:47:24 2012 us=78000 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 I=12 HWADDR=08:00:27:47:5e:2d
Wed Mar 07 22:47:24 2012 us=93000 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Mar 07 22:47:24 2012 us=93000 open_tun, tt->ipv6=0
Wed Mar 07 22:47:24 2012 us=93000 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{96CA5E31-01B9-41F6-8078-2A760FDDFB09}.tap
Wed Mar 07 22:47:24 2012 us=93000 TAP-Win32 Driver Version 9.9
Wed Mar 07 22:47:24 2012 us=93000 TAP-Win32 MTU=1500
Wed Mar 07 22:47:24 2012 us=93000 Set TAP-Win32 TUN subnet mode network/local/netmask = 10.255.250.0/10.255.250.2/255.255.255.0 [SUCCEEDED]
Wed Mar 07 22:47:24 2012 us=93000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.255.250.2/255.255.255.0 on interface {96CA5E31-01B9-41F6-8078-2A760FDDFB09} [DHCP-serv: 10.255.250.254, lease-time: 31536000]
Wed Mar 07 22:47:24 2012 us=93000 DHCP option string: 0f08752d 732d702e 6368
Wed Mar 07 22:47:24 2012 us=93000 Sleeping for 5 seconds...
Wed Mar 07 22:47:29 2012 us=109000 Successful ARP Flush on interface [15] {96CA5E31-01B9-41F6-8078-2A760FDDFB09}
Wed Mar 07 22:47:34 2012 us=187000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:34 2012 us=187000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:39 2012 us=203000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:39 2012 us=203000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:40 2012 us=218000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:40 2012 us=218000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:41 2012 us=234000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:41 2012 us=234000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:42 2012 us=250000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:42 2012 us=250000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:43 2012 us=265000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:43 2012 us=265000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:44 2012 us=281000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:44 2012 us=281000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:45 2012 us=546000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:45 2012 us=546000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:46 2012 us=812000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:46 2012 us=812000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:48 2012 us=78000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:48 2012 us=78000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:49 2012 us=687000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:49 2012 us=687000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:50 2012 us=953000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:50 2012 us=953000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:52 2012 us=218000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:52 2012 us=218000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:53 2012 us=484000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:53 2012 us=484000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:54 2012 us=750000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:54 2012 us=750000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:55 2012 us=968000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:55 2012 us=968000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:57 2012 us=187000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:57 2012 us=187000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:47:58 2012 us=406000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:47:58 2012 us=406000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:48:00 2012 us=109000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:48:00 2012 us=109000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:48:01 2012 us=328000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:48:01 2012 us=328000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:48:02 2012 us=546000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:48:02 2012 us=546000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:48:03 2012 us=765000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:48:03 2012 us=765000 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 07 22:48:04 2012 us=984000 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Mar 07 22:48:04 2012 us=984000 C:\Windows\system32\route.exe ADD 172.16.20.0 MASK 255.255.255.0 10.255.250.1
Wed Mar 07 22:48:04 2012 us=984000 Warning: route gateway is not reachable on any active network adapters: 10.255.250.1
Wed Mar 07 22:48:04 2012 us=984000 Route addition via IPAPI failed [adaptive]
Wed Mar 07 22:48:04 2012 us=984000 Route addition fallback to route.exe
Wed Mar 07 22:48:04 2012 us=984000 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
OK!
Wed Mar 07 22:48:05 2012 C:\Windows\system32\route.exe ADD 192.168.200.0 MASK 255.255.255.0 10.255.250.1
Wed Mar 07 22:48:05 2012 Warning: route gateway is not reachable on any active network adapters: 10.255.250.1
Wed Mar 07 22:48:05 2012 Route addition via IPAPI failed [adaptive]
Wed Mar 07 22:48:05 2012 Route addition fallback to route.exe
Wed Mar 07 22:48:05 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
OK!
Wed Mar 07 22:48:05 2012 us=15000 C:\Windows\system32\route.exe ADD 192.168.220.0 MASK 255.255.255.0 10.255.250.1
Wed Mar 07 22:48:05 2012 us=31000 Warning: route gateway is not reachable on any active network adapters: 10.255.250.1
Wed Mar 07 22:48:05 2012 us=31000 Route addition via IPAPI failed [adaptive]
Wed Mar 07 22:48:05 2012 us=31000 Route addition fallback to route.exe
Wed Mar 07 22:48:05 2012 us=31000 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
OK!
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 10.0.2.2 p=0 i=12 t=4 pr=3 a=13924 h=0 m=10/0/0/0/0
10.0.2.0 255.255.255.0 10.0.2.15 p=0 i=12 t=3 pr=2 a=13924 h=0 m=266/0/0/0/0
10.0.2.15 255.255.255.255 10.0.2.15 p=0 i=12 t=3 pr=2 a=13924 h=0 m=266/0/0/0/0
10.0.2.255 255.255.255.255 10.0.2.15 p=0 i=12 t=3 pr=2 a=13924 h=0 m=266/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=13940 h=0 m=306/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=13940 h=0 m=306/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=13940 h=0 m=306/0/0/0/0
172.16.20.0 255.255.255.0 10.255.250.1 p=0 i=12 t=4 pr=3 a=0 h=0 m=11/0/0/0/0
192.168.200.0 255.255.255.0 10.255.250.1 p=0 i=12 t=4 pr=3 a=0 h=0 m=11/0/0/0/0
192.168.220.0 255.255.255.0 10.255.250.1 p=0 i=12 t=4 pr=3 a=0 h=0 m=11/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=13940 h=0 m=306/0/0/0/0
224.0.0.0 240.0.0.0 10.0.2.15 p=0 i=12 t=3 pr=2 a=13932 h=0 m=266/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=13940 h=0 m=306/0/0/0/0
255.255.255.255 255.255.255.255 10.0.2.15 p=0 i=12 t=3 pr=2 a=13932 h=0 m=266/0/0/0/0
SYSTEM ADAPTER LIST
TAP-Win32 Adapter V9
Index = 15
GUID = {96CA5E31-01B9-41F6-8078-2A760FDDFB09}
IP = 0.0.0.0/0.0.0.0
MAC = 00:ff:96:ca:5e:31
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Wed Mar 07 22:48:05 2012
DHCP LEASE EXPIRES = Wed Dec 31 16:00:00 1969
DNS SERV =
Intel(R) PRO/1000 MT Desktop Adapter
Index = 12
GUID = {55CAE6F0-EA1F-4629-8074-378F39C7A5FE}
IP = 10.0.2.15/255.255.255.0
MAC = 08:00:27:47:5e:2d
GATEWAY = 10.0.2.2/255.255.255.255
DHCP SERV = 10.0.2.2/255.255.255.255
DHCP LEASE OBTAINED = Wed Mar 07 08:31:15 2012
DHCP LEASE EXPIRES = Wed Dec 31 16:00:00 1969
DNS SERV = 192.168.1.29/255.255.255.255 192.168.1.38/255.255.255.255 172.17.4.212/255.255.255.255
Wed Mar 07 22:48:05 2012 us=109000 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )

Best regards
Elmar

Re: OpenVPN in Windows 8 consumer preview

Posted: Thu Mar 08, 2012 8:14 am
by janjust
hmmm the tcpdump does not tell me much; can you capture the packets to a dumpfile and either post it here or on pastebin?

Re: OpenVPN in Windows 8 consumer preview

Posted: Thu Mar 08, 2012 8:23 am
by elmux
Dumb question:
How can I attach the dumpfile here?

Re: OpenVPN in Windows 8 consumer preview

Posted: Thu Mar 08, 2012 9:02 am
by elmux
It seems that I am not allowed to attach a file.

Here you can download it:
http://www.file-upload.net/download-417 ... .pcap.html

Re: OpenVPN in Windows 8 consumer preview

Posted: Thu Mar 08, 2012 5:13 pm
by janjust
thanks for the capture file. it looks like Windows8 does things a bit different; normally you'd see

Code: Select all

src=0.0.0.0   DHCP Request
src=x.x.x.254 DHCP NAK
src=0.0.0.0   DHCP Discover
src=x.x.x.254 DHCP Offer
src=0.0.0.0   DHCP Request
src=x.x.x.254 DHCP ACK
so it seems the tap-win32 adapter is not doing DHCP discovery anymore. I'm afraid one of the developers will have to take a closer look at this, once they get their hands on a Win8 installation.

Re: OpenVPN in Windows 8 consumer preview

Posted: Fri Mar 09, 2012 7:37 am
by elmux
Thanks for you analysis.
I hope that the problem is solved when windows 8 will be finally released. Fortunately we still have some time.

Best regards
Elmar

Re: OpenVPN in Windows 8 consumer preview

Posted: Sat Mar 10, 2012 5:49 pm
by exDreamDuck
I had some initial problems with OpenVPN as well in Windows 8 and tried different OpenVPN versions with no solution (DHCP settings were just wrong and I either got the same "Route: Waiting for TUN/TAP interface to come up..." problem or just no correct gateway set, pinging the server was not possible).

Then I found this simple tip, just run OpenVPN as admin and it works fine, dunno why it won't run normally as admin like in Win7, but all the problems went away (using OpenVPN 2.3 alpha1 right now): http://www.jpuddy.net/2011/10/24/using- ... windows-8/

If you look into the OpenVPN\INSTALL-win32.txt file it also says you should "run as administrator" obviously, which works fine with elevated rights in windows 7 (no need to do anything, just start openvpn-gui and it works), but this does not seem to work the same way in windows 8.

Hope that helps others with similar problems, just use "Run as Administrator" (shift+rightclick on tray icons or right click in metro for options below) and hopefully it just works as before ;)

Re: OpenVPN in Windows 8 consumer preview

Posted: Mon Mar 12, 2012 11:52 am
by elmux
I don't think that's the same problem.

If I start the openvpn client gui as user I have messages like this:
NOTE: FlushIpNetTable failed on interface [15] {96CA5E31-01B9-41F6-8078-2A760FDDFB09} (status=5) : Access is denied.
...
Route addition fallback to route.exe
env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem The requested operation requires elevation.

The problems mentioned above appear when I run openvpn with administrator privileges.

Best regards
Elmar

Re: OpenVPN in Windows 8 consumer preview

Posted: Fri Mar 16, 2012 5:43 am
by Bad.hair.spray
I m having the same thing with OpenVpn with Win8. Just wondering if you folks have a solution?

Many thanks

Re: OpenVPN in Windows 8 consumer preview

Posted: Fri Mar 30, 2012 7:58 am
by constantingatu
Try to change this: OpenVPN GUI Properties-Compatibility-Run as Admin and Compatibilty mode for Windows 7.
For me it works just fine.

Best regards,
Constantin.

Re: OpenVPN in Windows 8 consumer preview

Posted: Wed May 02, 2012 1:43 pm
by tonitiger
Hi, I have the issue that openvpn under windows 8 is sometimes working and sometimes not.
When it's not working it shows me that I'm connected, but I can't access the Internet...

Here is the log when openvpn isn't working:

Wed May 02 15:23:06 2012 OpenVPN 2.3-alpha1 Win32-MSVC++ [SSL (OpenSSL)] [LZO2] [PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on Feb 21 2012
Wed May 02 15:23:19 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed May 02 15:23:20 2012 RESOLVE: NOTE: openvpn21.hs-esslingen.de resolves to 2 addresses
Wed May 02 15:23:20 2012 UDPv4 link local: [undef]
Wed May 02 15:23:20 2012 UDPv4 link remote: [AF_INET]193.197.62.101:1194
Wed May 02 15:23:20 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed May 02 15:23:23 2012 [rzlx1002] Peer Connection Initiated with [AF_INET]193.197.62.101:1194
Wed May 02 15:23:25 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed May 02 15:23:25 2012 open_tun, tt->ipv6=0
Wed May 02 15:23:25 2012 TAP-WIN32 device [LAN-Verbindung] opened: \\.\Global\{DF75D31D-44D1-43AD-8151-F5A87C91FE92}.tap
Wed May 02 15:23:25 2012 Set TAP-Win32 TUN subnet mode network/local/netmask = 134.108.58.0/134.108.59.52/255.255.254.0 [SUCCEEDED]
Wed May 02 15:23:25 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 134.108.59.52/255.255.254.0 on interface {DF75D31D-44D1-43AD-8151-F5A87C91FE92} [DHCP-serv: 134.108.59.254, lease-time: 31536000]
Wed May 02 15:23:25 2012 Sleeping for 5 seconds...
Wed May 02 15:23:30 2012 Successful ARP Flush on interface [21] {DF75D31D-44D1-43AD-8151-F5A87C91FE92}
Wed May 02 15:24:07 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
OK!
Wed May 02 15:24:07 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
OK!
Wed May 02 15:24:07 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
OK!
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 192.168.44.1 p=0 i=12 t=4 pr=3 a=248 h=0 m=281/0/0/0/0
0.0.0.0 128.0.0.0 134.108.58.1 p=0 i=12 t=4 pr=3 a=0 h=0 m=26/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=275 h=0 m=306/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=275 h=0 m=306/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=275 h=0 m=306/0/0/0/0
128.0.0.0 128.0.0.0 134.108.58.1 p=0 i=12 t=4 pr=3 a=0 h=0 m=26/0/0/0/0
192.168.44.0 255.255.252.0 192.168.45.4 p=0 i=12 t=3 pr=2 a=248 h=0 m=281/0/0/0/0
192.168.45.4 255.255.255.255 192.168.45.4 p=0 i=12 t=3 pr=2 a=248 h=0 m=281/0/0/0/0
192.168.47.255 255.255.255.255 192.168.45.4 p=0 i=12 t=3 pr=2 a=248 h=0 m=281/0/0/0/0
193.197.62.101 255.255.255.255 192.168.44.1 p=0 i=12 t=4 pr=3 a=0 h=0 m=26/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=275 h=0 m=306/0/0/0/0
224.0.0.0 240.0.0.0 192.168.45.4 p=0 i=12 t=3 pr=2 a=254 h=0 m=281/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=275 h=0 m=306/0/0/0/0
255.255.255.255 255.255.255.255 192.168.45.4 p=0 i=12 t=3 pr=2 a=254 h=0 m=281/0/0/0/0
SYSTEM ADAPTER LIST
TAP-Win32 Adapter V9
Index = 21
GUID = {DF75D31D-44D1-43AD-8151-F5A87C91FE92}
IP = 0.0.0.0/0.0.0.0
MAC = 00:ff:df:75:d3:1d
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Wed May 02 15:24:07 2012
DHCP LEASE EXPIRES = Tue Jun 08 23:17:48 1971
DNS SERV =
Microsoft-Adapter für Miniports virtueller WiFis
Index = 14
GUID = {6A87DED3-DF46-4FC1-AD1A-A25C8D7D5CD3}
IP = 0.0.0.0/0.0.0.0
MAC = 02:21:00:d0:b0:dc
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Wed May 02 15:24:07 2012
DHCP LEASE EXPIRES = Tue Jun 08 23:28:28 1971
DNS SERV =
Controller der Familie Realtek PCIe GBE
Index = 13
GUID = {F9C25CF1-280B-442C-AFFB-A23F47E89BC2}
IP = 0.0.0.0/0.0.0.0
MAC = 00:26:9e:05:8e:dd
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Wed May 02 15:24:07 2012
DHCP LEASE EXPIRES = Thu Jan 01 01:00:00 1970
DNS SERV =
Broadcom 802.11g-Netzwerkadapter
Index = 12
GUID = {9F8B9909-B910-4691-BBB7-438BEE7B947E}
IP = 192.168.45.4/255.255.252.0
MAC = 00:21:00:d0:b0:dc
GATEWAY = 192.168.44.1/255.255.255.255
DHCP SERV = 192.168.44.3/255.255.255.255
DHCP LEASE OBTAINED = Wed May 02 15:19:58 2012
DHCP LEASE EXPIRES = Thu Jan 01 01:00:00 1970
DNS SERV = 192.168.44.1/255.255.255.255
Wed May 02 15:24:07 2012 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )

Here is the log when openvpn is working properly:

Wed May 02 15:30:00 2012 OpenVPN 2.3-alpha1 Win32-MSVC++ [SSL (OpenSSL)] [LZO2] [PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on Feb 21 2012
Wed May 02 15:30:10 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed May 02 15:30:11 2012 RESOLVE: NOTE: openvpn21.hs-esslingen.de resolves to 2 addresses
Wed May 02 15:30:11 2012 UDPv4 link local: [undef]
Wed May 02 15:30:11 2012 UDPv4 link remote: [AF_INET]193.197.62.102:1194
Wed May 02 15:30:11 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed May 02 15:30:17 2012 [rzlx1003] Peer Connection Initiated with [AF_INET]193.197.62.102:1194
Wed May 02 15:30:19 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed May 02 15:30:19 2012 open_tun, tt->ipv6=0
Wed May 02 15:30:19 2012 TAP-WIN32 device [LAN-Verbindung] opened: \\.\Global\{DF75D31D-44D1-43AD-8151-F5A87C91FE92}.tap
Wed May 02 15:30:19 2012 Set TAP-Win32 TUN subnet mode network/local/netmask = 134.108.60.0/134.108.61.189/255.255.254.0 [SUCCEEDED]
Wed May 02 15:30:19 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 134.108.61.189/255.255.254.0 on interface {DF75D31D-44D1-43AD-8151-F5A87C91FE92} [DHCP-serv: 134.108.61.254, lease-time: 31536000]
Wed May 02 15:30:19 2012 Sleeping for 5 seconds...
Wed May 02 15:30:24 2012 Successful ARP Flush on interface [21] {DF75D31D-44D1-43AD-8151-F5A87C91FE92}
Wed May 02 15:30:29 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
OK!
Wed May 02 15:30:29 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
OK!
Wed May 02 15:30:29 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
OK!
Wed May 02 15:30:29 2012 Initialization Sequence Completed

Would be nice if somebody could help!!!

Re: OpenVPN in Windows 8 consumer preview

Posted: Tue May 08, 2012 11:33 pm
by mokk
It can be a Windows 8 problem with Internet Connection Sharing and OpenVPN is not the one to blame.
I can use OpenVPN on Windows 8 in both modes: in client mode and in server mode. But when it acts as a server client OpenVPNs can successfully connect to it but it can't share the Internet Connection - no traffic at all.

Re: OpenVPN in Windows 8 consumer preview

Posted: Thu May 10, 2012 3:04 am
by Bulvot
I had the exact same problem and found a solution that works for me. I discovered that the connection works perfectly if the Network Adapter applet has been opened first. Strange, but true. I believe it must be a result of Microsoft's attempts to make the OS boot faster and not loading things that aren't necessary to get the Metro interface up and running. Something about the TAP adapter must rely on something the network adapter applet does when it's loaded.

Anyway, my final solution was to create a batch file (let's call it test.cmd):


@echo off
start c:\windows\system32\control.exe ncpa.cpl


Then add the following lines to the client configuration file:


script-security 2
up c:\\some\\directory\\test.cmd


The down side, of course, is that pops up the applet on your desktop. The upside is that the connection now works.

If you are running it as a service, you need to give the service permission to interact with the desktop. Even then, the connection will fail until you logon and the desktop is available. So you may need to add the "up-restart" command to the config file to make it re-run that batch file on every reconnect. Windows will only let one instance of the applet run in a user's session, so it won't hurt for the service to try to start it multiple times.

Another solution (which I am using) is to schedule a task with the trigger of logging in to the desktop, at which time it starts the service instead of having the service autostart immediately at boot. If you need more information on this aspect, let me know, but it's standard Windows administration stuff.

Loading the network adapters applet may not be the solution for everyone, but it worked for me. I tested it with several different connections and with several different scenarios of lost and re-gained Internet access. Hopefully the OpenVPN developers will pick-up on this change in how MS is doing things and implement a cleaner fix than what I've done.

Hope this helps someone!

Re: OpenVPN in Windows 8 consumer preview

Posted: Thu May 10, 2012 6:37 pm
by mokk
Bulvot
Unfortunately it doesn't help :(

Re: OpenVPN in Windows 8 consumer preview

Posted: Thu May 10, 2012 6:57 pm
by Bulvot
Have you tried using powershell scripts to configure the TAP/TUN adapter manually? In my troubleshooting I found that this worked. You might find a combination of manual configuration activities that causes the adapter to fully "wake up" so that OpenVPN can use it. I tried all of that and more until I narrowed it down to the applet for my environment. I suspect that the root cause here is Windows 8's new boot-up method where it doesn't load everything on boot. Finding something that gets the component going that is needed is probably the current work around for the moment.

I'm assuming you're also leaving the firewall completely disabled while you troubleshoot this. I also configured an OpenVPN server on a local network on a server with a single interface while testing to eliminate any other variables. It helped confirm where the problem was and also allowed for much faster connects and disconnects.

Re: OpenVPN in Windows 8 consumer preview

Posted: Fri May 11, 2012 1:36 pm
by mokk
Well, I think I should describe my situation more precisely. Perhaps you or anyone else can find a solution. ;)
I use OpenVPN virtual network as a channel for my Internet traffic. Some dedicated computer acts as the OpenVPN server: its OpenVPN adapter is used as the target for Windows WAN Miniport Internet Connection Sharing. So "TAP-Win32 Adapter V9" is chosen as "home networking connection" at WAN Miniport's sharing tab. So if this server is Windows 7 everything works fine and every client can successfully use Internet network. Even Windows 8.
But when I try to use such server configuration with Windows 8, it doesn't work. Clients can successfully connect to OpenVPN server which operates on Windows 8 machine but they can't get the Internet traffic. It seems that ICS on Windows 8 works slightly different. So when OpenVPN server is setup on Windows 8 it acts as if it's not been connected to the ICS at all.

I'm terribly sorry for my awful English.

Re: OpenVPN in Windows 8 consumer preview

Posted: Sun May 20, 2012 8:04 pm
by tonitiger
Bulvot wrote: Anyway, my final solution was to create a batch file (let's call it test.cmd):


@echo off
start c:\windows\system32\control.exe ncpa.cpl


Then add the following lines to the client configuration file:


script-security 2
up c:\\some\\directory\\test.cmd


The down side, of course, is that pops up the applet on your desktop. The upside is that the connection now works.
Thanks a lot...
Now it's working every time :o

Re: OpenVPN in Windows 8 consumer preview

Posted: Wed Aug 22, 2012 5:13 pm
by Bulvot
I'm using OpenVPN on a Tablet, so it's no uncommon for the tablet to enter and leave various states of connectivity. Local WiFi access, remote WiFi, GSM, etc.

To simplify the task of keeping the VPN tunnel up, I wrote a script. It monitors the VPN connection and performs the following as needed:

-Restarts the OpenVPN service (I have it installed as a service)
-Opens up the network control panel

It also displays various status items so you can quickly see how things look. I've been using it for a couple of months now, so I can vouch for it being rock solid and reliable. I've setup my Windows 8 to automatically start this script on boot, so it is always running. I've added comments (in the windows batch scripting world, that means the line is preceded by "rem"). These should fully describe the parameters at the beginning. I did not comment the entire file so if you're not familiar with the code and are curious what something does, use google or post on here and I'll explain it.

Hopefully this is useful to someone who would like an install and forget solution to keep the VPN connection up on Windows 8.

The code is as follows (just cut and paste into any "filename.cmd" and execute it). hopefully it cut and pastes ok. I didn't see any way to add it as an attachment to this post, but I am happy to email it to anyone who would like it:

Code: Select all

@echo off

mode con: cols=53 lines=11

set vpnfail=0
set vpnrestartcount=0
set sbadip=169.254




rem IMPORTANT!!!
rem You MUST set the below parameters correctly or this script will not function properly.


rem To determine the correct interface number, run "netsh interface ipv4 show interfaces" and use the number in the "idx" column
rem that correspondes to the vpn adapter.  It is usually labeled "Local Area Connection".  You can change the name by renaming
rem the adapter here: Control Panel\Network and Internet\Network Connections
set ifnum=24

rem Fill in any IP address, hostname, or FQDN that is accessible through the VPN connection.
rem This will be used to test the VPN connection to see if pings are working.  The host you specify
rem must respond to pings.
set paddress=ingo

rem This is the network address for the vpn-accessible network
set homegate=10.1.1.0

rem This is the subnet to look for to indicate which network is currently connected (should always be a class A, B or C address here)
set homenet=10.1.1

rem This is the VPN subnet to look for to indicate that the vpn routes are up
set vpnnet=10.1.2

rem This is the number of times you are willing to let the check fail before restarting the VPN service
rem Keep in mind that it sometimes takes several seconds for the vpn to come fully up even if it reports "connected".
rem Don't set this number too low.  4 is a reasonable number.
set vfailcnt=4

rem This is the number of seconds to wait between checks.
set vchckslp=3

rem This is the TCP port that your OpenVPN Service is listening on
rem This must be added to your openvpn opvn configuration file:
rem management 127.0.0.1 8645
set ovport=8645


rem Additionally, these settings on your opvn configuration file might be useful:
rem resolv-retry infinite
rem connect-retry 5
rem keepalive 10 60
rem tun-mtu 1500
rem tun-mtu-extra 32



:start

set vpnip=
set vpnstatus=
set vpnroutes=
set openstate=
set vpnping=
set vpnservice=

call :getip
call :getroutes
call :getping
call :openstatus
call :getstatus

cls
echo VPN Status: %vpnstatus%
echo OpenVPN State: %openstate%
echo Current VPN Adapter IP: %vpnip%
echo VPN Routes: %vpnroutes%
echo Last Ping Response Time: %vpnping%
echo Failure Count: %vpnfail%
echo Restart Count: %vpnrestartcount%
if "%vpnfail%" geq "%vfailcnt%" call :vpnrestart

timeout /t %vchckslp% /nobreak >nul
goto start



:getip
for /f "tokens=2" %%i in ('netsh interface ipv4 show ipaddresses 24 ^| find ^"Parameters^" ') do @set vpnip=%%i
for /f "tokens=4" %%i in ('netsh interface ipv4 show ipaddresses 24 ^| find ^"DAD State^" ') do @set vpnipstate=%%i
if "%vpnipstate%" == "Deprecated" set vpnip=Unassigned
set vpnipstate=
goto :EOF




:getroutes
if "%vpnip%" == "Unassigned" set vpnroutes=No VPN Connection& goto :EOF
for /f "tokens=4" %%i in ('route print ^| find ^"%homegate%^"') do @set vpngate=%%i
for /f %%i in ('echo %vpngate% ^| find ^"%homenet%^"') do @set vpnroutes=Connected to Home Network
for /f %%i in ('echo %vpngate% ^| find ^"%vpnnet%^"') do @set vpnroutes=Good VPN Routes
if defined vpnroutes goto :EOF
set vpnroutes=Bad VPN Routes
set vpngate=
goto :EOF



:getping
if "%vpnroutes%" == "Bad VPN Routes" set vpnping=No Valid Route Available& goto :EOF
if "%vpnroutes%" == "No VPN Connection" set vpnping=No Valid Route Available& goto :EOF
for /f "tokens=3 delims==" %%i in ('ping -w 3000 -n 1 %paddress% ^| find ^"Reply^"') do @set vpnping=%%i
if defined vpnping set vpnping=%vpnping: TTL=%& goto :EOF
set vpnping=No Response
goto :EOF



:openstatus
echo state>%0\..\openvpnstate.scr
echo exit>>%0\..\openvpnstate.scr
for /f "tokens=2 delims=," %%i in ('type %0\..\openvpnstate.scr ^|nc 127.0.0.1 %ovport%') do set openstate=%%i& goto :EOF
for /f "tokens=2 delims=," %%i in ('type %0\..\openvpnstate.scr ^|nc -i 1 127.0.0.1 %ovport%') do set openstate=%%i
del /q %0\..\openstate.scr >nul 2>nul
goto :EOF




:getstatus
for /f %%i in ('net start ^| find ^"OpenVPN^"') do @set vpnservice=%%i
if not defined vpnservice set vpnstatus=Service Stopped&set vpnfail=999& goto :EOF
if "%openstate%" neq "CONNECTED" set vpnstatus=Disconnected& set vpnfail=0& goto :EOF
for /f %%i in ('echo %vpnip% ^| find ^"%sbadip%^"') do @set vpnstatus=Bad IP& set /a vpnfail=%vpnfail% + 1& goto :EOF
for /f "tokens=3" %%i in ('netsh interface ipv4 show interfaces %ifnum% ^| find ^"State^"') do @if "%%i" == "disconnected" set vpnstatus=Disconnected& set vpnfail=0& goto nextstat
if "%vpnroutes%" == "Bad VPN Routes" set vpnstatus=Good IP but Bad Routes& set /a vpnfail=%vpnfail% +1& goto :EOF
if "%vpnping%" == "No Response" set vpnstatus=Bad or Slow Connection& set /a vpnfail=%vpnfail% + 1& goto :EOF
set vpnstatus=Good Connection
set vpnfail=0
goto :EOF

:nextstat
if "%openstate%" neq "CONNECTED" goto :EOF
set vpnstatus=Connected with Bad Network Configuration
set /a vpnfail=4
start %windir%\system32\control.exe %windir%\ncpa.cpl
goto :EOF


:vpnrestart
if "%vpnstatus%" == "Service Stopped" goto restart
if "%openstate%" neq "CONNECTED" goto :EOF
:restart
echo.
echo.
echo Restarting VPN Service...
set vpnfail=0
ipconfig /flushdns>nul 2>nul
set /a vpnrestartcount=%vpnrestartcount% + 1
net stop "openvpn service" >nul 2>nul
timeout /t 2 /nobreak >nul
net start "openvpn service" >nul 2>nul
goto :EOF
All times are UTC
Page 1 of 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/