Opened 9 years ago
Closed 9 years ago
#475 closed Bug / Defect (fixed)
OpenVPN 2.3.5 - few issues. Serious TAP adapter problems mostly.
Reported by: | michal.sokolowski | Owned by: | Samuli Seppänen |
---|---|---|---|
Priority: | critical | Milestone: | |
Component: | Generic / unclassified | Version: | OpenVPN 2.3.5 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | TAP, problem, windows 7, windows 8, 64 bit |
Cc: |
Description
I've got felling that if TAP adapter's version is higher then I experience more violence from OpenVPN. :-)
Issues:
- reinstall issues from version openvpn-install-2.3.4-I003 to openvpn-install-2.3.5-I001, TAP adapter does not install at all in reinstallation mode. (new)
- TAP adapter hangs and doesn't want to reconnect. (new)
- when tap adapter hangs I can't kill openvpn.exe process any more, only system reboot seems to help. I see this issue since 2.3.4-I002. (old)
OSes affected: Windows 7 x64, Windows 8 x64 (clean installs in VMware) and probably others too.
openvpn-install-2.3.4-I003 and I002 work fine.
Client config:
remote server.foobar.com 1194 dev tap client auth-user-pass ca ca.crt comp-lzo nobind keepalive 10 30 resolv-retry 120 # This sets the time for which openvpn will try to resolve a hostname before giving up mute 5 verb 1 ping-timer-rem persist-key
Server config:
dev tap0 mode server port 1195 multihome same IP address client-to-client # allow client to client connections tls-server dh /etc/openvpn/ekoinwest/certs/dh2048.pem ca /etc/openvpn/ekoinwest/certs/ca.crt cert /etc/openvpn/ekoinwest/certs/centurion.ekoinwest.local.crt key /etc/openvpn/ekoinwest/certs/centurion.ekoinwest.local.key crl-verify /etc/openvpn/ekoinwest/certs/crl.pem comp-lzo user nobody group nogroup keepalive 5 15 persist-tun persist-key verb 1 mute 1 log-append /var/log/openvpn_ekoinwest.log
Client log:
Thu Nov 06 11:41:17 2014 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\client_ekoinwest.log: Odmowa dostêpu. (errno=5) Thu Nov 06 11:41:17 2014 OpenVPN 2.3.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Oct 28 2014 Thu Nov 06 11:41:17 2014 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.05 Thu Nov 06 11:41:23 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 06 11:41:23 2014 UDPv4 link local: [undef] Thu Nov 06 11:41:23 2014 UDPv4 link remote: [AF_INET]217.153.158.230:1194 Thu Nov 06 11:41:23 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Thu Nov 06 11:41:23 2014 [centurion.ekoinwest.local] Peer Connection Initiated with [AF_INET]217.153.158.230:1194 Thu Nov 06 11:41:25 2014 open_tun, tt->ipv6=0 Thu Nov 06 11:41:25 2014 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{17553B12-AEB3-4BDF-AC95-E4927AAB7965}.tap Thu Nov 06 11:41:30 2014 Initialization Sequence Completed Thu Nov 06 11:41:40 2014 [centurion.ekoinwest.local] Inactivity timeout (--ping-restart), restarting
Gui status: still connected. Nothing else happens. Cert auth is affected either. Please do not blame LDAP plugin.
In log file I have only:
Thu Nov 06 11:40:20 2014 OpenVPN 2.3.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Oct 28 2014 Thu Nov 06 11:40:20 2014 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.05 Enter Management Password: Thu Nov 06 11:40:31 2014 ERROR: could not read Auth username/password/ok/string from management interface Thu Nov 06 11:40:31 2014 Exiting due to fatal error
Server log:
Does not log anything. :( I'll restart openvpn service later, because my users are working now. I'll paste it here.
Despription:
Server:
root@centurion:~# openvpn --version OpenVPN 2.3.4 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 14 2014 library versions: OpenSSL 0.9.8zb 6 Aug 2014, LZO 2.03 Originally developed by James Yonan Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> Compile time defines: enable_crypto=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=no enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no
Please let me know if I can add any other info.
Attachments (3)
Change History (9)
Changed 9 years ago by
Attachment: | openvpn-bugs.png added |
---|
comment:1 follow-up: 3 Changed 9 years ago by
Owner: | set to Samuli Seppänen |
---|---|
Status: | new → assigned |
You're sure you installed I001? This behaviour has been observed with the new tap driver (I601) - for which a new version will show up next week.
Samuli, did you roll I001 installers with the tap6 driver?
comment:2 Changed 9 years ago by
For context on the I601 issues, check ticket #432. There's a link to a new (test) version of the tap driver there too.
comment:3 Changed 9 years ago by
Replying to cron2:
You're sure you installed I001? This behaviour has been observed with the new tap driver (I601) - for which a new version will show up next week.
Yes, sir.
Changed 9 years ago by
Attachment: | openvpn-reinstall-bug.png added |
---|
comment:4 Changed 9 years ago by
More info about reinstallation problem. I've attached screenshot.
Let me know if u need translation.
Usługa zarządzania sterownikami zakończyła proces instalacji sterownika NULL Driver dla wystąpienia urządzenia o identyfikatorze ROOT\NET\0000 z następującym stanem: 0xE0000203.
Usługa zarządzania sterownikami zakończyła proces instalacji sterownika oemvista.inf_amd64_60e27a40aa3a5bf6\oemvista.inf dla wystąpienia urządzenia o identyfikatorze ROOT\NET\0000 z następującym stanem: 0x0.
Changed 9 years ago by
Attachment: | openvpn-tap-reinstallation.png added |
---|
Full uninstall is required.
comment:5 Changed 9 years ago by
Okay, tap-windows-9.21.1 fixes at least:
TAP adapter hangs and doesn't want to reconnect. (new)#316
Thank you!
comment:6 Changed 9 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
screenshot, połączony means - connected, oczekiwanie na zakończenie means waiting for exit of ovpn process