OpenVPN configuration works through command line with administrative access, but not through GUI

[dendob]

Hey All,

I have read several topics with the same issue that I have at this time:

I can run my openvpn through command line, but using the gui in Windows 10 it loops.

Installed version of OpenVpn 2.6.6-I001 amd64

openvpn config file:

Code: Select all

client
proto tcp-client
remote XXX.XXX.XXX.XXX 443
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
#remote-cert-eks server
verify-x509-name Server name
#auth SHA256
auth-nocache
cipher AES-128-CBC
data-ciphers AES-128-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
ca "C:\\Users\\Wannes\\OpenVPN\\config\\Argos2024\\cert_export_CA.crt"
cert "C:\\Users\\Wannes\\OpenVPN\\config\\Argos2024\\cert_export_Client.crt"
key "C:\\Users\\Wannes\\OpenVPN\\config\\Argos2024\\cert_export_Client.key"
# auth sha1
# auth-user-pass secret.cfg
auth-user-pass
route 192.168.16.0 255.255.255.0 192.168.15.1
route 10.0.0.0 255.255.255.0 192.168.15.1

the required files are located in the specific location, which has the openvpn config file as well (so they are in physically the same directory)

log file on OpenVPNGui just shows a restarting:

Code: Select all

2024-01-03 16:16:27 Note: cipher 'AES-128-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
2024-01-03 16:16:27 OpenVPN 2.6.6 [git:v2.6.6/c9540130121bfc21] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Aug 15 2023
2024-01-03 16:16:27 Windows version 10.0 (Windows 10 or greater), amd64 executable
2024-01-03 16:16:27 library versions: OpenSSL 3.1.2 1 Aug 2023, LZO 2.10
2024-01-03 16:16:27 DCO version: v0
2024-01-03 16:16:27 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2024-01-03 16:16:27 Need hold release from management interface, waiting...
2024-01-03 16:16:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:57665
2024-01-03 16:16:27 MANAGEMENT: CMD 'state on'
2024-01-03 16:16:27 MANAGEMENT: CMD 'log on all'
2024-01-03 16:16:27 MANAGEMENT: CMD 'echo on all'
2024-01-03 16:16:27 MANAGEMENT: CMD 'bytecount 5'
2024-01-03 16:16:27 MANAGEMENT: CMD 'state'
2024-01-03 16:16:27 MANAGEMENT: CMD 'hold off'
2024-01-03 16:16:27 MANAGEMENT: CMD 'hold release'
2024-01-03 16:16:29 MANAGEMENT: CMD 'username "Auth" "wannesICT"'
2024-01-03 16:16:29 MANAGEMENT: CMD 'password [...]'
2024-01-03 16:16:29 MANAGEMENT: CMD 'password [...]'
2024-01-03 16:16:29 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:443
2024-01-03 16:16:29 Socket Buffers: R=[65536->65536] S=[65536->65536]
2024-01-03 16:16:29 Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:443
2024-01-03 16:16:29 MANAGEMENT: >STATE:1704294989,TCP_CONNECT,,,,,,
2024-01-03 16:16:29 TCP connection established with [AF_INET]XXX.XXX.XXX.XXX:443
2024-01-03 16:16:29 TCPv4_CLIENT link local: (not bound)
2024-01-03 16:16:29 TCPv4_CLIENT link remote: [AF_INET]XXX.XXX.XXX.XXX:443
2024-01-03 16:16:29 MANAGEMENT: >STATE:1704294989,WAIT,,,,,,
2024-01-03 16:16:29 MANAGEMENT: >STATE:1704294989,AUTH,,,,,,
2024-01-03 16:16:29 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX, sid=4c5c0f37 531c0500
2024-01-03 16:16:29 VERIFY OK: depth=1, C=be, O=Argos, CN=CA
2024-01-03 16:16:29 VERIFY KU OK
2024-01-03 16:16:29 Validating certificate extended key usage
2024-01-03 16:16:29 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-01-03 16:16:29 VERIFY EKU OK
2024-01-03 16:16:29 VERIFY X509NAME OK: CN=Server
2024-01-03 16:16:29 VERIFY OK: depth=0, CN=Server
2024-01-03 16:16:29 Connection reset, restarting [0]
2024-01-03 16:16:29 SIGUSR1[soft,connection-reset] received, process restarting
2024-01-03 16:16:29 MANAGEMENT: >STATE:1704294989,RECONNECTING,connection-reset,,,,,
2024-01-03 16:16:29 Restart pause, 1 second(s)
2024-01-03 16:16:32 MANAGEMENT: Client disconnected
2024-01-03 16:16:32 ERROR: could not read Auth username/password/ok/string from management interface
2024-01-03 16:16:32 Exiting due to fatal error

Using an administrative command line it does work, and you see that the next line would be (the rest of the log is the same as above before the connetion reset)
The process continues past:
2024-01-03 16:16:29 Connection reset, restarting [0]

Code: Select all

2024-01-03 16:19:51 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2024-01-03 16:19:51 [Server] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX
2024-01-03 16:19:51 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-01-03 16:19:51 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-01-03 16:19:52 SENT CONTROL [Server]: 'PUSH_REQUEST' (status=1)
2024-01-03 16:19:57 SENT CONTROL [Server]: 'PUSH_REQUEST' (status=1)
2024-01-03 16:20:02 SENT CONTROL [Server]: 'PUSH_REQUEST' (status=1)
2024-01-03 16:20:02 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 192.168.16.8,ping 20,ping-restart 60,topology subnet,route-gateway 192.168.15.1,ifconfig 192.168.15.28 255.255.255.0'
2024-01-03 16:20:02 OPTIONS IMPORT: --ifconfig/up options modified
2024-01-03 16:20:02 OPTIONS IMPORT: route-related options modified
2024-01-03 16:20:02 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-01-03 16:20:02 Using peer cipher 'AES-128-CBC'
2024-01-03 16:20:02 interactive service msg_channel=0
2024-01-03 16:20:02 open_tun
2024-01-03 16:20:02 tap-windows6 device [Local Area Connection] opened
2024-01-03 16:20:02 TAP-Windows Driver Version 9.26
2024-01-03 16:20:02 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.15.0/192.168.15.28/255.255.255.0 [SUCCEEDED]
2024-01-03 16:20:02 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.15.28/255.255.255.0 on interface {1B8CEB76-EAA6-4134-AF4C-75FDDF46FDE8} [DHCP-serv: 192.168.15.0, lease-time: 31536000]
2024-01-03 16:20:02 Successful ARP Flush on interface [5] {1B8CEB76-EAA6-4134-AF4C-75FDDF46FDE8}
2024-01-03 16:20:03 IPv4 MTU set to 1500 on interface 5 using SetIpInterfaceEntry()
2024-01-03 16:20:03 Block_DNS: WFP engine opened
2024-01-03 16:20:03 Block_DNS: Using existing sublayer
2024-01-03 16:20:03 Block_DNS: Added permit filters for exe_path
2024-01-03 16:20:03 Block_DNS: Added block filters for all interfaces
2024-01-03 16:20:03 Block_DNS: Added permit filters for TAP interface
2024-01-03 16:20:03 Data Channel: cipher 'AES-128-CBC', auth 'SHA1'
2024-01-03 16:20:03 Timers: ping 20, ping-restart 60
2024-01-03 16:20:08 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
2024-01-03 16:20:08 C:\WINDOWS\system32\route.exe ADD 192.168.16.0 MASK 255.255.255.0 192.168.15.1
2024-01-03 16:20:08 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=3 and dwForwardType=4
2024-01-03 16:20:08 Route addition via ipapi [adaptive] succeeded
2024-01-03 16:20:08 C:\WINDOWS\system32\route.exe ADD 10.0.0.0 MASK 255.255.255.0 192.168.15.1
2024-01-03 16:20:08 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=3 and dwForwardType=4
2024-01-03 16:20:08 Route addition via ipapi [adaptive] succeeded
2024-01-03 16:20:08 Initialization Sequence Completed
2024-01-03 16:27:34 C:\WINDOWS\system32\route.exe DELETE 192.168.16.0 MASK 255.255.255.0 192.168.15.1
2024-01-03 16:27:34 Route deletion via IPAPI succeeded [adaptive]
2024-01-03 16:27:34 C:\WINDOWS\system32\route.exe DELETE 10.0.0.0 MASK 255.255.255.0 192.168.15.1
2024-01-03 16:27:34 Route deletion via IPAPI succeeded [adaptive]
2024-01-03 16:27:34 Closing TUN/TAP interface
2024-01-03 16:27:34 TAP: DHCP address released
2024-01-03 16:27:34 SIGTERM[hard,] received, process exiting

Could it be the location of my config file in the user directory?
Somehow the GUI not having administrative priviliges? (even though the link, when used does request admin priviliges and it has administrative priviliges enabled on that file as well)

Looking to help me find a way on getting this to work with the GUI please