Unable to open any settings files

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
simplye
OpenVpn Newbie
Posts: 2
Joined: Thu Nov 17, 2022 3:16 pm

Unable to open any settings files

Post by simplye » Thu Nov 17, 2022 3:31 pm

We are running OpenVPN on Windows Server 2012 R2. The configuration files are held in "C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\etc". I have tried to view any of the files and I am unable to do so - the message "Access is denied" is returned.

I have tried:
  • Launching explorer.exe as Administrator
  • Running an elevated command prompt and using Type or Notepad on any file
  • Searching these forums
Server Version
ver

C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\etc>ver

Microsoft Windows [Version 6.3.9600]


Server Network Configuration
ipconfig

C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\etc>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : [redacted]
Primary Dns Suffix . . . . . . . : [redacted]
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : [redacted]

Ethernet adapter Ethernet 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP Adapter OAS NDIS 6.0
Physical Address. . . . . . . . . : [redacted]
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : [redacted]
IPv4 Address. . . . . . . . . . . : [redacted]
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : [redacted]
DHCPv6 IAID . . . . . . . . . . . : [redacted]
DHCPv6 Client DUID. . . . . . . . : [redacted]

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{AF9F2A63-F942-4A95-A9EB-CF2FFF02F291}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{CC990005-BF65-4EE8-85DE-C8D5876E1B94}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Server Configuration File
Unable to post - access is denied

Server Log
capi.log

2022-11-17 00:09:50-0700 [-] Log opened.
2022-11-17 00:09:50-0700 [-] Network up
2022-11-17 00:09:51-0700 [-] del_win_nrpt_reg_key: [Error 2] The system cannot find the file specified: client/cliapi:413 (exceptions.WindowsError)
2022-11-17 00:09:51-0700 [-] ProfileManager: Error reading bundled profile: [Errno 2] No such file or directory: u'C:\\Program Files (x86)\\OpenVPN Technologies\\OpenVPN Client\\etc\\bundled.json': client/profman:732,util/simplefile:28,util/simplefile:20 (exceptions.IOError)
2022-11-17 00:09:51-0700 [-] OpenVPN exe path: C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\etc\..\core\openvpn64.exe
2022-11-17 00:09:51-0700 [-] Schedule swupdate monitor in 120 seconds, range=(120,None), error=False, initial=True
2022-11-17 00:09:52-0700 [-] Starting AS Client API 2.1.3.111/MSI
2022-11-17 00:09:52-0700 [-] OpenSSL web ciphersuites: DEFAULT:!EXP:!PSK:!SRP:!LOW:!RC4
2022-11-17 00:09:52-0700 [-] twisted.web.server.Site starting on 946
2022-11-17 00:09:52-0700 [-] OpenSSL web ciphersuites: DEFAULT:!EXP:!PSK:!SRP:!LOW:!RC4
2022-11-17 00:09:52-0700 [-] twisted.web.server.Site starting on 946
2022-11-17 00:09:52-0700 [-] twisted.web.server.Site starting on 944
2022-11-17 00:09:56-0700 [-] Checking for service profiles
2022-11-17 00:09:56-0700 [-] OpenVPNClientSet: starting profile ID u'[profile redacted]' as service
2022-11-17 00:09:56-0700 [-] vpn_start: JSONDialog: spawnProcess: error obtaining process token: client/cliset:552,internet/defer:746,client/jsondialog:47,client/jsondialog:37,svc/cmdpp:53,svc/twprocess:239,svc/twprocess:228,svc/twprocess:114 (pyovpn.svc.userctx.ErrorToken)


Program files reports OpenVPN Connect is version 2.1.3.111.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Unable to open any settings files

Post by openvpn_inc » Thu Nov 17, 2022 4:27 pm

Hello simplye,

OpenVPN Connect v2 is deprecated and you should look into moving to a more modern client like OpenVPN Connect v3. The version you quote also contains known security issues. I think that version is like 5 years old or something.

OpenVPN Connect by design takes profiles you import and protects the directory where it stores it so that it's not easy to grab them and copy private keys from them. Because the configuration profiles usually contain such sensitive data.

You can access it, but you'll have to quit OpenVPN Connect, stop its service daemon, and edit the permissions so that you take ownership of the etc directory and subdirectories, and then put in permissions to be able to read and open the files in that directory and subdirectories. I believe when OpenVPN Connect v2 restarts it will reset these permissions.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

simplye
OpenVpn Newbie
Posts: 2
Joined: Thu Nov 17, 2022 3:16 pm

Re: Unable to open any settings files

Post by simplye » Thu Nov 17, 2022 10:15 pm

Thank you for the detailed reply. I did not realise how behind the version in use is - it is part of an third party installation, and I will contact the supplier to ask if a higher level version of OpenVPN Connect can be used.

I am please to know access is possible if the service is stopped.

We only have one VPN connection in place, and I was looking to access the settings to enable automatic reconnect of this connection if the sever is rebooted or any other outages occur. In the short term, what settings should I add to the configuration file to enable this?

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Unable to open any settings files

Post by openvpn_inc » Fri Nov 18, 2022 9:26 am

Hello simplye,

If this is supposed to be an unattended OpenVPN connection that just reconnects by itself and has no user interaction, you could consider running OpenVPN Connect v3 in service daemon mode, or use OpenVPN2 Windows GUI program's service daemon. Those are designed to run unattended as a service daemon and start/stop automatically at system boot/shutdown. Also they can be controlled with the 'net stop' and 'net start' commands on the command line. So you could for example make a simple watchdog that monitors the connection and if there's a failure or a need to reconnect, you can trigger the service to do that.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply