Opened 2 years ago

Closed 2 years ago

Last modified 4 months ago

#1430 closed Bug / Defect (fixed)

openvpn 2.5.4 under Windows "status"

Reported by: joks Owned by:
Priority: critical Milestone: release 2.5.5
Component: Generic / unclassified Version: OpenVPN 2.5.4 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: status fails
Cc:

Description

Hello,
i have few OpenVPN Servers running under Windows x64.
After update from version 2.5.3 to new 2.5.4 on all machines when i restart Windows (after Windows Update) or after manual restart "OpenVPNService" in services.msc OpenVPN will fails to run. i change verbose from 4 to 9 but only one error appears in logs:

options error: --status fails with 'C:\Program Files\OpenVPN\log\status.log' Unknown error (errno=183)

I noticed that OpenVPNService will run when i manual delete file status.log but it works only to second machine restart so for now the only way under Windows is disable status in openvpn server config file. i use openvpn for about 2 years and in previous release like 2.5.0 or 2.5.2 even in 2.4 I did not have such problems so surely the change in version 2.5.4 introduced some error.

Change History (13)

comment:1 Changed 2 years ago by Selva Nair

The error seems to indicate access check on the status.log file failed during options parsing. This is strange if the file is created by the service account in a previous run. Can you check what are the permissions on the existing status.log file when OpenVPN fails to start with the above error?

comment:2 Changed 2 years ago by joks

the file is created with permissions read-only. when i remove these permissions OpenVPNService will run but after service restart or computer restart file is again read-only :/

comment:3 Changed 2 years ago by tct

Well, I just tested this and it is true.

The status file is created as readonly! (Win7 Server 32bit)

I also tested the same config file via the GUI and it also creates the file as readonly.

Last edited 2 years ago by tct (previous) (diff)

comment:4 Changed 2 years ago by Selva Nair

I think its caused by S_IRUSR and S_IWUSR hard coded to 0 in config-msvc.h. See patch sent to the list -- I haven't tested it though.

On Windows all files get read permission by default, but not sure why _wopen() doesn't return error (fd=-1) when an "illegal" mode is specified. May be it just always adds the default _S_IREAD converting 0 to 0400.

Last edited 2 years ago by Selva Nair (previous) (diff)

comment:5 Changed 2 years ago by Selva Nair

Fixed by: commit c699c0d85cf2028796cdb0592271f1167709e6ac
Date: Fri Oct 15 14:47:33 2021 -0400

Fix some more wrong defines in config-msvc.h

comment:6 Changed 2 years ago by Gert Döring

Milestone: release 2.5.4release 2.5.5
Version: OpenVPN 2.5.4 (Community Ed)

comment:7 Changed 2 years ago by Gert Döring

2.5.4-I604 has been released. Please test, and report.

comment:8 Changed 2 years ago by Gert Döring

Resolution: fixed
Status: newclosed

We are reasonably sure that this bug has been fixed in 2.5.4-I604 and also in 2.5.5-I602.

Thus, closing this ticket, even if we never got feedback.

comment:9 Changed 4 months ago by joks

Hello, after i update to latest OpenVPN 2.6.7 this bug which I reported 2 years ago it appears again (in previews version 2.6.6 and 2.6.5 it was fine).

Under my Windows 2019 64x bit server i have in server config file added:

status "C:\\Program Files\\OpenVPN\\log\\openvpn-status.log"

and openvpn-status.log then openvpn service start have read-only attribute :/ and openvpn doesn't work (service is running but network adapter is disconected).
when i unchecked read-only attribute on file openvpn-status.log then it works 1 day and the attributes are set again :/

Version 3, edited 4 months ago by joks (previous) (next) (diff)

comment:10 in reply to:  9 Changed 4 months ago by Selva Nair

Replying to joks:

Hello, after i update to latest OpenVPN 2.6.7 this bug which I reported 2 years ago it appears again (in previews version 2.6.6 and 2.6.5 it was fine).

Under my Windows 2019 64x bit server i have in server config file added:

status "C:\\Program Files\\OpenVPN\\log\\openvpn-status.log"

and openvpn-status.log file then openvpn service start have read-only attribute and openvpn doesn't work (service run but network adapter is disconected).
when i unchecked read-only attribute on file openvpn-status.log then it works 1 day and the attributes are set again :/

This is not expected to work on any version if run using the GUI. OpenVPN executable in this case is started as user who generally has no write access to that location. Use OpenVPN\log\ in user profile as the location for status file.

I am not sure why file permissions are getting reset though.

comment:11 Changed 4 months ago by joks

with GUI when i change location to user profile it seems to work, but i dont use GUI only Windows OpenVPN service. with the service it doesn't matter that i use for status log user profile or Program Files network adapter is still disconected. For now i simply disable this option and its works ;) but i always update OpenVPN to new version so in previous versions everything worked
it stopped working suddenly in the latest version

Ps: i try also change permission to log folder i add user: Everyone with full control but it also dont work.

comment:12 Changed 4 months ago by Selva Nair

Right, the service runs as SYSTEM and should have write access to the location. Its odd that it doesn't work in 2.6.7. Could you please open an issue in the git repo --- bug reporting has now moved to git.

comment:13 Changed 4 months ago by Gert Döring

This is a regression from moving 2.6.7 to cmake build. Apologies. It was also reported on GitHub? as https://github.com/OpenVPN/openvpn/issues/454

Lev has posted a fix to https://gerrit.openvpn.net/c/openvpn/+/429 which looks reasonable.

We'll do 2.6.8 soonish, like "this week". And then we do not want to talk about 2.6.7 again.

Note: See TracTickets for help on using tickets.