TAP Device with no gateway
-
- OpenVpn Newbie
- Posts: 7
- Joined: Fri Jun 25, 2021 7:38 pm
TAP Device with no gateway
Hi there
I have OpenVPN server on a Raspberry Pi. It allows my mobile phone to connect without any problem.
I created keys etc for my Windows 10 laptop with OpenVPN Connect. I am using the same ovpn file as used on the phone.
I find that when connects it reports:
ovpnagent: request error
The log shows that the auto-generated script that configures the tap net adapter shows this:
"gateway" : "UNSPEC",
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 400 Bad Request
ip_exception: error parsing tunnel_addresses[0].gateway IP address 'UNSPEC' : An invalid argument was supplied.
[Jun 25, 2021, 21:11:01] TUN Error: ovpnagent: request error
Is there something missing from my client or server config files?
Let me know if you need me to post any other info.
Thank you in advance.
I have OpenVPN server on a Raspberry Pi. It allows my mobile phone to connect without any problem.
I created keys etc for my Windows 10 laptop with OpenVPN Connect. I am using the same ovpn file as used on the phone.
I find that when connects it reports:
ovpnagent: request error
The log shows that the auto-generated script that configures the tap net adapter shows this:
"gateway" : "UNSPEC",
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 400 Bad Request
ip_exception: error parsing tunnel_addresses[0].gateway IP address 'UNSPEC' : An invalid argument was supplied.
[Jun 25, 2021, 21:11:01] TUN Error: ovpnagent: request error
Is there something missing from my client or server config files?
Let me know if you need me to post any other info.
Thank you in advance.
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: TAP Device with no gateway
Hello plumbersmate,
In order to investigate this further, please contact us at https://openvpn.net/support and send logs of your connection attempts that show this problem. Also please let us know the exact version of OpenVPN Connect being used.
However there is just one thing I want to point out and that is that with OpenVPN generally you do not specify a gateway for the TAP adapter. Instead you set up routes that redirect traffic to the IP address of the VPN server's internal gateway address, reachable through the client's TAP adapter.
However such an error message deserves investigation and as such we'd like to see more, but we'd rather do that over a secure channel.
Kind regards,
Johan
In order to investigate this further, please contact us at https://openvpn.net/support and send logs of your connection attempts that show this problem. Also please let us know the exact version of OpenVPN Connect being used.
However there is just one thing I want to point out and that is that with OpenVPN generally you do not specify a gateway for the TAP adapter. Instead you set up routes that redirect traffic to the IP address of the VPN server's internal gateway address, reachable through the client's TAP adapter.
However such an error message deserves investigation and as such we'd like to see more, but we'd rather do that over a secure channel.
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 7
- Joined: Fri Jun 25, 2021 7:38 pm
Re: TAP Device with no gateway
Thank you for your offer of looking into this problem.
The version of OpenVPN I am using is:
Note this line in the log, which I think maybe significant:
My log is:
My client ovpn file:
The version of OpenVPN I am using is:
Code: Select all
openvpn-connect-3.3.1.2222_signed.msi
Code: Select all
"gateway" : "UNSPEC",
Code: Select all
[Aug 11, 2021, 23:19:57] OpenVPN core 3.git::98bf7f7f win x86_64 64-bit built on Jun 14 2021 09:02:16
[Aug 11, 2021, 23:19:57] Frame=512/2048/512 mssfix-ctrl=1250
[Aug 11, 2021, 23:19:57] UNUSED OPTIONS
10 [dev-node] [VPNTap]
[Aug 11, 2021, 23:19:57] EVENT: RESOLVE [Aug 11, 2021, 23:19:57] Contacting 2.90.34.179:61111 via UDP
[Aug 11, 2021, 23:19:57] EVENT: WAIT [Aug 11, 2021, 23:19:57] WinCommandAgent: transmitting bypass route to 2.90.34.179
{
"host" : "2.90.34.179",
"ipv6" : false
}
[Aug 11, 2021, 23:19:57] Connecting to [mydomain.com]:61111 (2.90.34.179) via UDPv4
[Aug 11, 2021, 23:19:57] EVENT: CONNECTING [Aug 11, 2021, 23:19:57] Tunnel Options:V4,dev-type tun,link-mtu 1521,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client
[Aug 11, 2021, 23:19:57] Creds: UsernameEmpty/PasswordEmpty
[Aug 11, 2021, 23:19:57] Peer Info:
IV_VER=3.git::98bf7f7f
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
IV_AUTO_SESS=1
IV_GUI_VER=OCWindows_3.3.1-2222
IV_SSO=openurl,crtext
[Aug 11, 2021, 23:19:57] SSL Handshake: peer certificate: CN=tweedyfarm, 2048 bit RSA, cipher: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
[Aug 11, 2021, 23:19:57] Session is ACTIVE
[Aug 11, 2021, 23:19:57] EVENT: GET_CONFIG [Aug 11, 2021, 23:19:57] Sending PUSH_REQUEST to server...
[Aug 11, 2021, 23:19:57] OPTIONS:
0 [topology] [subnet]
1 [route] [172.33.250.0] [255.255.255.0]
2 [ping] [10]
3 [ping-restart] [60]
4 [ifconfig] [173.67.230.2] [255.255.255.0]
5 [peer-id] [0]
6 [cipher] [AES-256-GCM]
[Aug 11, 2021, 23:19:57] PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: NONE
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 0
control channel: tls-crypt enabled
[Aug 11, 2021, 23:19:57] EVENT: ASSIGN_IP [Aug 11, 2021, 23:19:57] CAPTURED OPTIONS:
Session Name: mydomain.com
Layer: OSI_LAYER_3
Remote Address: 2.90.34.179
Tunnel Addresses:
173.67.230.2/24 -> UNSPEC
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: no
Add Routes:
172.33.250.0/24
Exclude Routes:
DNS Servers:
Search Domains:
[Aug 11, 2021, 23:19:57] SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
"confirm_event" : "b410000000000000",
"destroy_event" : "8410000000000000",
"tun" :
{
"adapter_domain_suffix" : "",
"add_routes" :
[
{
"address" : "172.33.250.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
],
"block_ipv6" : false,
"layer" : 3,
"mtu" : 0,
"remote_address" :
{
"address" : "2.90.34.179",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 256,
"ipv4" : false,
"ipv6" : false
},
"route_metric_default" : -1,
"session_name" : "mydomain.com",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "173.67.230.2",
"gateway" : "UNSPEC",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
]
},
"wintun" : false
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 400 Bad Request
ip_exception: error parsing tunnel_addresses[0].gateway IP address 'UNSPEC' : An invalid argument was supplied.
[Aug 11, 2021, 23:19:57] TUN Error: ovpnagent: request error
[Aug 11, 2021, 23:19:57] EVENT: TUN_SETUP_FAILED ovpnagent: request error[Aug 11, 2021, 23:19:57] EVENT: DISCONNECTED [Aug 11, 2021, 23:19:57] Client exception in transport_recv: tun_exception: not connected
Code: Select all
proto udp4
dev tun
remote-cert-eku "TLS Web Server Authentication"
remote amazed.myddns.me 61111
remote-cert-tls server
cipher AES-256-GCM
ca ca.crt
cert laptop.crt
key laptop.key
tls-crypt ta.key
-
- OpenVpn Newbie
- Posts: 7
- Joined: Fri Jun 25, 2021 7:38 pm
Re: TAP Device with no gateway
I got branched off to the commercial OpenVPN site. Then was told that's not for me as I am using the Community openvpn.
So, is there someone here who can help?
So, is there someone here who can help?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: TAP Device with no gateway
According to your post you are using the Corporate version of Openvpn-Connectplumbersmate wrote: ↑Thu Aug 19, 2021 5:00 pmI got branched off to the commercial OpenVPN site. Then was told that's not for me as I am using the Community openvpn.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Fri Jun 25, 2021 7:38 pm
Re: TAP Device with no gateway
I am still trying to resolve this problem.
Would really appreciate any help as I have spent hours trying to resolve this, I just cannot find out why it is not working.
I am now using Windows OpenVPN version 3.3.3
Would really appreciate any help as I have spent hours trying to resolve this, I just cannot find out why it is not working.
I am now using Windows OpenVPN version 3.3.3
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: TAP Device with no gateway
Hi Mate,
You are using the proprietary ("corporate") OpenVPN Connect client. It's fully compatible with any OpenVPN server including community openvpn.
Did you open a ticket as Johan asked? Please share the last 3 digits of the ticket number here so we can be sure to see it.
Thanks and regards, rob0
You are using the proprietary ("corporate") OpenVPN Connect client. It's fully compatible with any OpenVPN server including community openvpn.
Did you open a ticket as Johan asked? Please share the last 3 digits of the ticket number here so we can be sure to see it.
Thanks and regards, rob0
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 7
- Joined: Fri Jun 25, 2021 7:38 pm
Re: TAP Device with no gateway
Dear Rob
I did open a ticket as requested, the ticket ending is 151
I was told:
"The issue you are describing appears to be related to the OpenVPN open source community version. I am sorry for the inconvenience, but unfortunately, I cannot help you here.
This support ticket system is for customers of our OpenVPN Access Server and OpenVPN Cloud products only, the commercial solutions based on OpenVPN."
I seem to be going around in circles.
I did open a ticket as requested, the ticket ending is 151
I was told:
"The issue you are describing appears to be related to the OpenVPN open source community version. I am sorry for the inconvenience, but unfortunately, I cannot help you here.
This support ticket system is for customers of our OpenVPN Access Server and OpenVPN Cloud products only, the commercial solutions based on OpenVPN."
I seem to be going around in circles.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: TAP Device with no gateway
If that is the best they can do then ...plumbersmate wrote: ↑Sun Dec 19, 2021 8:35 pmI was told:
"The issue you are describing appears to be related to the OpenVPN open source community version. I am sorry for the inconvenience, but unfortunately, I cannot help you here.
This support ticket system is for customers of our OpenVPN Access Server and OpenVPN Cloud products only, the commercial solutions based on OpenVPN."
How is this Community Related ?
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sun May 14, 2023 3:13 am
Re: TAP Device with no gateway
Signed up to leave a comment which will save others from troubleshooting this problem in future. Please see my solution for this issue in the last paragraph.
In general, the OpenVPN community forum troubleshooting experience is immensely frustrating with the sheer amount of times you search an issue online and the first result is a thread from this forum where either there's no answer in X years, or more frequently, TinCanTech shutting down a question for any number of reasons - often citing relevance.
You moderators know you can move threads in phpBB right? Instead, this thread is the first search engine result for anyone experiencing gateway=UNSPEC problems on the OpenVPN Connect Windows client. Alike MANY other top-result troubleshooting threads on this cursed forum the last reply is **frequently** a "get lost" remark due to somebody posting a thread in the wrong section (or whichever excuse we would like to pick to avoid acknowledging the problem). Don't bother moving the thread to a more relevant section, just let it become the FIRST RESULT INDEXED for when people search for this problem so they can hit a dead end immediately. Even the creator of this thread was asking for help multiple times as there's no decent documentation for this kind of hiccup unless you are already an expert in this field. The number of threads on the OpenVPN forum here that end up unanswered, dismissed and *the first search engine result for any specific problem* is way too damn high. Frankly it's an embarrassing and unacceptable state to have the forum in so frequently
-------------
@plumbersmate I'm sorry this comment is likely too late to help you now but I'm leaving my experience with this error and the solution I came up with because this is way better than this dead unanswered thread being the top result when people go looking for help. This should be a permitted bump because it makes this first google result potentially useful to somebody now.
Onto discussing the actual problem - Identically as @plumbersmate, all our OpenVPN clients both mobile and PC have zero issues, but the OpenVPN Connect client for Windows throws the exact same error you experienced.
I am configuring OpenVPN Connect 3.7.7.2979 with an existing OpenVPN 2.6.3 Community server for one of our business clients. In our case, our OpenVPN server (community) is pushing `redirect-gateway def1` to all clients - Despite OpenVPN Connect being the superior and pretty client with a nice UI for users **This is not enough** - In fact you could even label this as an OpenVPN Connect bug as it should be seeing `def1` and filling the gateway JSON field itself based on that push. Alas, it does not.
What is happening here is that OpenVPN Connect is building a JSON array of server information for it to pipe into the OpenVPN process it runs for tunnel configuration to occur post-connection. Even with your OpenVPN 2.6.3 server pushing `redirect-gateway def1` this is **not enough** for OpenVPN Connect to take the hint and it fills in the "gateway" json field with the string "UNSPEC". As a result, and per your logs you can see the pipe failing as it gets upset trying to interpret "gateway": "UNSPEC" which obviously doesn't fly with a "400 Bad Request" error thrown locally.
It gets worse - If one reads the man page for OpenVPN you'll see that you can push `route-gateway dhcp` or `route-gateway gateway` as well (Even just as a contingency) but OpenVPN Connect errors when you use `dhcp` too taking the string literally which is a bit of a facepalm. Yet another incompatibility / misnomer in its behaviour.
Finally, I found that setting `push route-gateway 10.55.0.1` (Use your own OpenVPN server's gateway IP, not this example IP) is enough to rectify this problem for OpenVPN Connect clients, this sets the "gateway" JSON to that IP, and it parses correctly internally for further configuration. I hope somebody finds this information helpful if they run into this problem in future, OpenVPN Connect explicitly expects a gateway IP to be set or it will fill it in with "UNSPEC" then promptly get upset when it tries to use that.
Best of luck!
In general, the OpenVPN community forum troubleshooting experience is immensely frustrating with the sheer amount of times you search an issue online and the first result is a thread from this forum where either there's no answer in X years, or more frequently, TinCanTech shutting down a question for any number of reasons - often citing relevance.
You moderators know you can move threads in phpBB right? Instead, this thread is the first search engine result for anyone experiencing gateway=UNSPEC problems on the OpenVPN Connect Windows client. Alike MANY other top-result troubleshooting threads on this cursed forum the last reply is **frequently** a "get lost" remark due to somebody posting a thread in the wrong section (or whichever excuse we would like to pick to avoid acknowledging the problem). Don't bother moving the thread to a more relevant section, just let it become the FIRST RESULT INDEXED for when people search for this problem so they can hit a dead end immediately. Even the creator of this thread was asking for help multiple times as there's no decent documentation for this kind of hiccup unless you are already an expert in this field. The number of threads on the OpenVPN forum here that end up unanswered, dismissed and *the first search engine result for any specific problem* is way too damn high. Frankly it's an embarrassing and unacceptable state to have the forum in so frequently
-------------
@plumbersmate I'm sorry this comment is likely too late to help you now but I'm leaving my experience with this error and the solution I came up with because this is way better than this dead unanswered thread being the top result when people go looking for help. This should be a permitted bump because it makes this first google result potentially useful to somebody now.
Onto discussing the actual problem - Identically as @plumbersmate, all our OpenVPN clients both mobile and PC have zero issues, but the OpenVPN Connect client for Windows throws the exact same error you experienced.
I am configuring OpenVPN Connect 3.7.7.2979 with an existing OpenVPN 2.6.3 Community server for one of our business clients. In our case, our OpenVPN server (community) is pushing `redirect-gateway def1` to all clients - Despite OpenVPN Connect being the superior and pretty client with a nice UI for users **This is not enough** - In fact you could even label this as an OpenVPN Connect bug as it should be seeing `def1` and filling the gateway JSON field itself based on that push. Alas, it does not.
What is happening here is that OpenVPN Connect is building a JSON array of server information for it to pipe into the OpenVPN process it runs for tunnel configuration to occur post-connection. Even with your OpenVPN 2.6.3 server pushing `redirect-gateway def1` this is **not enough** for OpenVPN Connect to take the hint and it fills in the "gateway" json field with the string "UNSPEC". As a result, and per your logs you can see the pipe failing as it gets upset trying to interpret "gateway": "UNSPEC" which obviously doesn't fly with a "400 Bad Request" error thrown locally.
It gets worse - If one reads the man page for OpenVPN you'll see that you can push `route-gateway dhcp` or `route-gateway gateway` as well (Even just as a contingency) but OpenVPN Connect errors when you use `dhcp` too taking the string literally which is a bit of a facepalm. Yet another incompatibility / misnomer in its behaviour.
Finally, I found that setting `push route-gateway 10.55.0.1` (Use your own OpenVPN server's gateway IP, not this example IP) is enough to rectify this problem for OpenVPN Connect clients, this sets the "gateway" JSON to that IP, and it parses correctly internally for further configuration. I hope somebody finds this information helpful if they run into this problem in future, OpenVPN Connect explicitly expects a gateway IP to be set or it will fill it in with "UNSPEC" then promptly get upset when it tries to use that.
Best of luck!