Opened 3 months ago

Last modified 7 weeks ago

#1339 assigned Bug / Defect

Windows 10 BitLocker Conflict with TAP Protocol

Reported by: digitizedme Owned by:
Priority: major Milestone:
Component: tap-windows6 Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc: Samuli Seppänen

Description

Host: ASUS RT-AX88U, Asuswrt-Merlin 384.19
Host OpenVPN Version: OpenVPN 2.4.9 arm-buildroot-linux-gnueabi

Client OS: Windows 10 Pro Version 2004
Client OpenVPN Versions: openvpn-install-2.4.4-I601, openvpn-install-2.4.9-I601-Win10, OpenVPN-2.5-rc2-I601-amd64

Problem: Connecting from Windows client with BitLocker? protection enabled, to host with TAP proto causes disconnect and host reboot.

Cause: BitLocker? protection enabled on client Windows OS drive.

Solution: Suspend BitLocker? protection and reconnect to host.

Cannot reproduce problem on any other client devices (Android, macOS) using same configuration and certificates.

Cannot reproduce problem on any other Windows client devices with BitLocker? disabled.


Change History (3)

comment:1 Changed 3 months ago by digitizedme

I have been testing this for a week and cannot find a consistent way to resolve the conflict with TAP config on the host and on the Windows 10 2004 client. Using TUN config on the host appears to be the only solution.

Although BitLocker? suspended/disabled does appear to have an affect on the reliability of the TAP connection, the host still does a force reboot over time.

I believe this to be a problem with only one client device, although resulting in a forced reboot might be a problem with the host device.

comment:2 Changed 7 weeks ago by Gert Döring

Cc: Samuli Seppänen added
Component: Generic / unclassifiedtap-windows6
Owner: set to jamesyonan

I have no idea how BitLocker? can interfere with network drivers, and why it would be an issue for --dev tap and not for --dev tun (from the windows side, it does not see the difference, it is handled by the tuntap driver internally).

The standard method for "any problems with tap driver" is "uninstall openvpn and the tap driver, remove all tap interfaces, reboot, then install 2.5.0" - if that doesn't help, something in this windows client is beyond our powers to repair.

comment:3 Changed 7 weeks ago by Gert Döring

Owner: jamesyonan deleted
Status: newassigned
Note: See TracTickets for help on using tickets.