Opened 4 years ago
Closed 4 years ago
#1321 closed Bug / Defect (fixed)
Windows 10: additional tap adapters mssing AllowNonAdmin configuration
Reported by: | TobiasT | Owned by: | jamesyonan |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | tap-windows6 | Version: | OpenVPN 2.5.0 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | tapctl |
Cc: | tct |
Description
Starting a second connection (no matter which order) results in an error message "Connecting to X has failed."
OpenVPN version: 2.5_beta1
OpenVPN GUI version: 11.16.00
Windows 10 v2004
To create the second TAP adapter, I used "tapctl create".
Log:
2020-09-01 15:51:23 us=310799 open_tun 2020-09-01 15:51:23 us=330749 CreateFile failed on tap-windows6 device: \\.\Global\{3987121B-4588-43F0-8050-A61D209DB483}.tap 2020-09-01 15:51:23 us=330749 CreateFile failed on tap-windows6 device: \\.\Global\{24B861B9-3EB4-4E0C-8C73-E1E8C36E8253}.tap 2020-09-01 15:51:23 us=331754 MANAGEMENT: Client disconnected 2020-09-01 15:51:23 us=331754 All tap-windows6 adapters on this system are currently in use. 2020-09-01 15:51:23 us=331754 Exiting due to fatal error
I have 2 TUN and 2 TAP devices:
PS C:\Program Files\OpenVPN\bin> .\tapctl.exe list {5D73BD9C-7565-4325-B876-CC33F4D32B55} OpenVPN Wintun 1 {3987121B-4588-43F0-8050-A61D209DB483} OpenVPN TAP-Windows 1 {24B861B9-3EB4-4E0C-8C73-E1E8C36E8253} OpenVPN TAP-Windows 2 {711704F7-EB84-4137-A95F-26FE093F5747} OpenVPN Wintun 2
Change History (5)
comment:1 Changed 4 years ago by
comment:2 Changed 4 years ago by
Quick fix from Selva Nair (from the GitHub? issue):
Here is a temporary quick fix:
Go to the list of network adapters in control panel, identify the TAP adapter that doesn't work, right click
Properties->configure->Advanced and select the Non-Admin Access property. Change it from Allowed to Not Allowed, click OK. Then repeat this and change it back to Allowed. This will generate the missing registry key and make the adapter accessible as limited user.
comment:3 Changed 4 years ago by
Cc: | tct added |
---|
comment:4 Changed 4 years ago by
Although tapctl.exe completes without error, setupapi.dev log shows this error
>>> [Configure Driver Package - c:\windows\system32\driverstore\filerepository\oemvista.inf_amd64_8a00bc07868b5df3\oemvista.inf] >>> Section start 2020/09/01 23:44:57.965 cmd: "c:\Program Files\OpenVPN\bin\tapctl.exe" create --name Tap4 --hwid root\tap0901 sto: Source Filter = tap0901.ndi sto: Target Filter = ROOT\NET\0005 inf: Class GUID = {4d36e972-e325-11ce-bfc1-08002be10318} inf: Class Options = Configurable !!! idb: Failed to open driver package object 'oemvista.inf_amd64_8a00bc07868b5df3'. Error = 0x00000005 <<< Section end 2020/09/01 23:44:57.980 <<< [Exit status: FAILURE(0x00000005)]
Error 5 is usually access denied. In spite of that the adpater is created and setup to a usable state except for the missing AllowNonAdmin? key. That's the only "vendor-specific" parameter in this driver.
The same error happens with wintun too, but it still works apparently because wintun sets no extra device parameters.
The log for a "successful" run (in this case generated by running tapctl.exe as SYSTEM) looks like
>>> [Configure Driver Package - c:\windows\system32\driverstore\filerepository\oemvista.inf_amd64_8a00bc07868b5df3\oemvista.inf] >>> Section start 2020/09/01 16:58:17.387 cmd: "C:\Program Files\OpenVPN\bin\tapctl.exe" create --name Tap3 sto: Source Filter = tap0901.ndi sto: Target Filter = ROOT\NET\0004 inf: Class GUID = {4d36e972-e325-11ce-bfc1-08002be10318} inf: Class Options = Configurable inf: {Configure Driver: TAP-Windows Adapter V9} inf: Section Name = tap0901.ndi inf: {Configure Device: ROOT\NET\0004} inf: {Configure Device: exit(0x00000000)} inf: {Configure Driver: exit(0x00000000)} inf: {Configure Driver: TAP-Windows Adapter V9} inf: Section Name = tap0901.ndi inf: {Configure Driver: exit(0x00000000)} <<< Section end 2020/09/01 16:58:17.441 <<< [Exit status: SUCCESS]
comment:5 Changed 4 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
Fixed by
commit f3f09541dcff3f0b307067bdf5dcaabc530db4c7
Author: Selva Nair <selva.nair@…>
Date: Thu Sep 3 19:56:44 2020 -0400
In tap.c use DiInstallDevice? to install the driver on a new adapter
Signed-off-by: Selva Nair <selva.nair@…>
Acked-by: Lev Stipakov <lstipakov@…>
Message-Id: <1599177404-29996-1-git-send-email-selva.nair@…>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20880.html
Signed-off-by: Gert Doering <gert@…>
This has an issue on GitHub?: https://github.com/OpenVPN/openvpn-gui/issues/359
Additional Information from Selva Nair (from that issue):
the second adapter created by tapctl.exe has no AllowNonAdmin? registry value. The device properties show AllowNonAdmin? as enabled but, iirc, tap-windows6 only cares about this registry entry[*]. On manually adding that entry and resetting the adapter makes it work as user. Can anyone reproduce this?
Some more follow up: running tapctl.exe as SYSTEM creates the adapter correctly, so this does point to error in accessing some files installed by the MSI leaving some steps incomplete when run as admin. But no errors on tapctl command line.
[*] The actual value of this registry variable doesn't matter -- somewhere along the way tap-windows6 has code regressed into just checking the presence of this registry key, but that's unrelated to the issue here.