#1430 closed Bug / Defect (fixed)
openvpn 2.5.4 under Windows "status"
Reported by: | joks | Owned by: | |
---|---|---|---|
Priority: | critical | Milestone: | release 2.5.5 |
Component: | Generic / unclassified | Version: | OpenVPN 2.5.4 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | status fails |
Cc: |
Description
Hello,
i have few OpenVPN Servers running under Windows x64.
After update from version 2.5.3 to new 2.5.4 on all machines when i restart Windows (after Windows Update) or after manual restart "OpenVPNService" in services.msc OpenVPN will fails to run. i change verbose from 4 to 9 but only one error appears in logs:
options error: --status fails with 'C:\Program Files\OpenVPN\log\status.log' Unknown error (errno=183)
I noticed that OpenVPNService will run when i manual delete file status.log but it works only to second machine restart so for now the only way under Windows is disable status in openvpn server config file. i use openvpn for about 2 years and in previous release like 2.5.0 or 2.5.2 even in 2.4 I did not have such problems so surely the change in version 2.5.4 introduced some error.
Change History (13)
comment:1 Changed 3 years ago by
comment:2 Changed 3 years ago by
the file is created with permissions read-only. when i remove these permissions OpenVPNService will run but after service restart or computer restart file is again read-only :/
comment:3 Changed 3 years ago by
Well, I just tested this and it is true.
The status file is created as readonly! (Win7 Server 32bit)
I also tested the same config file via the GUI and it also creates the file as readonly.
comment:4 Changed 3 years ago by
I think its caused by S_IRUSR and S_IWUSR hard coded to 0 in config-msvc.h. See patch sent to the list -- I haven't tested it though.
On Windows all files get read permission by default, but not sure why _wopen() doesn't return error (fd=-1) when an "illegal" mode is specified. May be it just always adds the default _S_IREAD converting 0 to 0400.
comment:5 Changed 3 years ago by
Fixed by: commit c699c0d85cf2028796cdb0592271f1167709e6ac
Date: Fri Oct 15 14:47:33 2021 -0400
Fix some more wrong defines in config-msvc.h
comment:6 Changed 3 years ago by
Milestone: | release 2.5.4 → release 2.5.5 |
---|---|
Version: | → OpenVPN 2.5.4 (Community Ed) |
comment:8 Changed 3 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
We are reasonably sure that this bug has been fixed in 2.5.4-I604 and also in 2.5.5-I602.
Thus, closing this ticket, even if we never got feedback.
comment:9 follow-up: 10 Changed 13 months ago by
Hello, after i update to latest OpenVPN 2.6.7 this bug which I reported 2 years ago it appears again (in previews version 2.6.6 and 2.6.5 it was fine).
Under my Windows 2019 64x bit server i have in server config file added:
status "C:\\Program Files\\OpenVPN\\log\\openvpn-status.log"
and openvpn-status.log then openvpn service start have read-only attribute :/ and openvpn doesn't work (service is running but network adapter is disconected).
when i unchecked read-only attribute on file openvpn-status.log then it works 1 day and the attributes are set again :/
comment:10 Changed 13 months ago by
Replying to joks:
Hello, after i update to latest OpenVPN 2.6.7 this bug which I reported 2 years ago it appears again (in previews version 2.6.6 and 2.6.5 it was fine).
Under my Windows 2019 64x bit server i have in server config file added:
status "C:\\Program Files\\OpenVPN\\log\\openvpn-status.log"and openvpn-status.log file then openvpn service start have read-only attribute and openvpn doesn't work (service run but network adapter is disconected).
when i unchecked read-only attribute on file openvpn-status.log then it works 1 day and the attributes are set again :/
This is not expected to work on any version if run using the GUI. OpenVPN executable in this case is started as user who generally has no write access to that location. Use OpenVPN\log\
in user profile as the location for status file.
I am not sure why file permissions are getting reset though.
comment:11 Changed 13 months ago by
with GUI when i change location to user profile it seems to work, but i dont use GUI only Windows OpenVPN service. with the service it doesn't matter that i use for status log user profile or Program Files network adapter is still disconected. For now i simply disable this option and its works ;) but i always update OpenVPN to new version so in previous versions everything worked
it stopped working suddenly in the latest version
Ps: i try also change permission to log folder i add user: Everyone with full control but it also dont work.
comment:12 Changed 13 months ago by
Right, the service runs as SYSTEM and should have write access to the location. Its odd that it doesn't work in 2.6.7. Could you please open an issue in the git repo --- bug reporting has now moved to git.
comment:13 Changed 13 months ago by
This is a regression from moving 2.6.7 to cmake build. Apologies. It was also reported on GitHub? as https://github.com/OpenVPN/openvpn/issues/454
Lev has posted a fix to https://gerrit.openvpn.net/c/openvpn/+/429 which looks reasonable.
We'll do 2.6.8 soonish, like "this week". And then we do not want to talk about 2.6.7 again.
The error seems to indicate access check on the status.log file failed during options parsing. This is strange if the file is created by the service account in a previous run. Can you check what are the permissions on the existing status.log file when OpenVPN fails to start with the above error?