Opened 10 years ago
Closed 10 years ago
#453 closed Bug / Defect (fixed)
TAP broken with 2.3.4-i003 Win7/Win8/Srv2008R2 client AND server
Reported by: | Joachim_Otahal | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | tap-windows | Version: | OpenVPN 2.3.4 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | Tap, server, client |
Cc: |
Description
Up to now ALL 2.3.x versions were not able to be run as TAP server with Server 2008 R2 or Windows 7.
I had to switch down ALL of them to OpenVPN 2.2.2, where each time they worked "right out of the box", i.e. same config files as for 2.3.4. The setup is as usual: network bridge, and each openvpn adapter named VPN01, VPN02 etc, and using dev-node.
The connection is done successfully, but apart from that no go.
But now it is getting worse:
openvpn-install-2.3.4-i003-x64_64.exe and openvpn-install-2.3.4-I603-x86_64.exe both cannot do any TAP even on the client side (Win 7 x64 and Win 8.1 x64). No ping, no arp, nothing.
I already had several installs and calls, and the solution for all was: Use openvpn-install-2.3.4-I002-x86_64.exe - and then it worked.
I could live a little longer with the Server-TAP not working and sticking to version 2.2.2, but on the client side is not so funny.
Attachments (2)
Change History (15)
comment:1 Changed 10 years ago by
Changed 10 years ago by
Attachment: | client-config.ovpn added |
---|
Client config working from 2.2.2 to 2.3.4-i002 x64, not working with 2.3.4-i003 x64
Changed 10 years ago by
Attachment: | server-21.ovpn added |
---|
Server config working with 2.2.2 on 2008 R2, not working with ANY 2.3.x
comment:2 Changed 10 years ago by
Be aware, I've tried a few of things on the server side before giving up and using 2.2.2 again, including:
local <lan IP address of VPN bridge>
dev VPN21
dev-mode tap
dev-node VPN21
dev tap
dev-node VPN21
comment:3 Changed 10 years ago by
Switched from working 2.3.4-i002 for testing purposes on Win 8.1 x64 to
openvpn-install-2.3.4-I603-x86_64.exe
Connects, but no ping.
clicking "disconnect" on OpenVPN does not exit openvpn.
Killing the task with the taskmanager does not exit the task too, even worse, when trying to kill it again it says "cannot kill, you are trying to access a process which is about to exit" (Translated from German...).
verb 5 log:
Wed Oct 01 12:45:48 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 7 2014 Wed Oct 01 12:45:48 2014 library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05 Wed Oct 01 12:45:48 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Wed Oct 01 12:45:48 2014 open_tun, tt->ipv6=0 Wed Oct 01 12:45:48 2014 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{798E4851-4EF5-4C25-861D-7056FB39F2A4}.tap Wed Oct 01 12:45:48 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.114.140/255.255.255.0 on interface {798E4851-4EF5-4C25-861D-7056FB39F2A4} [DHCP-serv: 192.168.114.0, lease-time: 31536000] Wed Oct 01 12:45:48 2014 Successful ARP Flush on interface [8] {798E4851-4EF5-4C25-861D-7056FB39F2A4} Wed Oct 01 12:45:48 2014 UDPv4 link local (bound): [undef] Wed Oct 01 12:45:48 2014 UDPv4 link remote: [AF_INET]XXX.XXX.XXX.XXX:20021 Wed Oct 01 12:45:49 2014 Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:20021 Wed Oct 01 12:45:54 2014 Initialization Sequence Completed
Rebooting the machine now to get rid of the openvpn.exe task.
comment:4 Changed 10 years ago by
Switched to openvpn-install-2.3.4-I003-x86_64.exe, and I have to correct myself at one point, TAP connection is working. And the openvpn tasks exits nicely and does not have to be killed via reboot.
However the SSL VPN Method is not working with any 2.3.4, 2.3.2 does it fine (though this has nothing to do with this bug, may be a completely different issue).
Config:
client dev tun proto tcp remote XXX.XXX.XXX.XXX tls-remote "/C=de/L=XXX/O=XXX/CN=XXX/emailAddress=XXX@XXX.de" route remote_host 255.255.255.255 net_gateway resolv-retry infinite nobind persist-key persist-tun ca XXX.ca.crt cert XXX.ca.crt key XXX.ca.crt auth-user-pass cipher AES-128-CBC auth MD5 comp-lzo route-delay 4 verb 3 reneg-sec 0 auth-user-pass C:\\XXX.txt
An log: Nothing, not even a log file created.
comment:5 Changed 10 years ago by
I have similar issue with openvpn-install-2.3.4-I605-x86_64.exe installed both on Windows 7 server and client hosts. The session can be established and can be dropped on the client side, but openvpn.exe process hangs on the server after connection is established. The following messages are present in the server log:
Thu Oct 30 08:34:21 2014 user/192.168.0.3:56790 MULTI: Outgoing TUN queue full, dropped packet len=54 Thu Oct 30 08:34:21 2014 user/192.168.0.3:56790 MULTI: Outgoing TUN queue full, dropped packet len=110 Thu Oct 30 08:34:21 2014 user/192.168.0.3:56790 MULTI: Outgoing TUN queue full, dropped packet len=110 Thu Oct 30 08:34:21 2014 user/192.168.0.3:56790 NOTE: --mute triggered...
The following config is used for server and client connections after (un)commenting appropriate sections and updating authorization options:
# Common options: port 1194 dev tap keepalive 10 120 persist-key persist-tun verb 4 mute 3 comp-lzo no # Server options: proto tcp-server local 192.168.0.2 server 172.27.10.0 255.255.255.0 float client-to-client duplicate-cn tcp-nodelay # Client options: #connect-retry-max 2 #client #proto tcp-client #remote 192.168.0.2 #nobind # Auth options ca "ca.crt" cert "server.crt" key "server.key" dh "dh1024.pem"
UPD: My issue is still reproducible with openvpn-install-2.3.5-I601-x86_64.exe
comment:6 Changed 10 years ago by
Some of these issues could be caused by bugs in the new tap-windows6 driver or OpenVPN 2.3's interaction with it. You should try the latest OpenVPN installers which have some tap-windows6-related fixes in them. I'll provide a new tap-windows6 installer separately which fixes one additional issue. Later I'll push out updated OpenVPN installers that have this new tap-windows6 driver in them.
comment:7 Changed 10 years ago by
openvpn-install-2.3.5-I601-x86_64.exe + tap-windows-9.9.2_3.exe
Works on client side!
I cannot tell when I'll be able to test the server side, but on client side it works with dev tap, in all cases I have here.
comment:8 Changed 10 years ago by
Joachim_Otahal: could you also try installing openvpn-install-2.3.5-I601-x86_64.exe and on top of that tap-windows-9.21.1.exe? Those two should fix all known issues in OpenVPN <-> tap-windows6 interaction (e.g. this one).
Some of the funkiness you've encountered could have been caused by multiple installations of OpenVPN, tap-windows and tap-windows6 on the same computer. In particular installing 32-bit and 64-bit versions side-by-side or in a row may cause issues. Uninstalling old versions before installing the new ones usually helps.
comment:9 Changed 10 years ago by
Openvpn: Tap uninstall, openvpn uninstall.
Install openvpn-install-2.3.5-I601-x86_64.exe + tap-windows-9.21.1.exe
Looks good on client side.
TAP vpn, TUN vpn and SSL-TUN/TAP working (Win 8.1 x64).
As for the funkiness: Always clean install, no mixed openvpn version. Would be a bad test style and difficult to reproduce to have multiple of them active at the same time.
comment:10 Changed 10 years ago by
Just a FYI: I released a new Windows installers (2.3.5-I602) with tap-windows-9.21.1 last Friday. No need to install tap-windows-9.21.1 separately anymore.
comment:11 Changed 10 years ago by
Does the latest OpenVPN release (2.3.5-I602 or above) fix the issue on server-side also?
comment:12 Changed 10 years ago by
I tested upgrading (uninstall, reboot, install, config) a Server 2008 R2 which was still running OpenVPN 2.2.2 due to that issue. Has 30 TAP VPN's (+ some TUN VPN's). I used openvpn-install-2.3.5-I602-x86_64.exe.
So far it looks good!
comment:13 Changed 10 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
Can you attach your client/server configuration? Maybe you are using usual options. And can you try out to find out /where/ the packets are lost? (-verb 5 or higher iirc)