A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » General XP issues or comments
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Permission problem with openvpn moving from WinXP to Win10 causing route changes to fail



 
 
Thread Tools Display Modes
  #1  
Old May 27th 17, 02:42 AM posted to alt.comp.os.windows-10,microsoft.public.windowsxp.general,alt.windows7.general
Roy Tremblay
external usenet poster
 
Posts: 169
Default Permission problem with openvpn moving from WinXP to Win10 causing route changes to fail

Permission problem with openvpn moving from WinXP to Win10 causing route
changes to fail.

On Windows XP, for years, I have been doubleclicking on any openvpn text
file which is set to open in the "OpenVPN Daemon" and that, in and of
itself, connects me to VPN every time.

File association for WinXP:
https://s29.postimg.org/estakppgn/openvpn.gif

File association for Win10:
https://s16.postimg.org/mcs4crgsl/Clipboardq02.jpg

Using the same file and procedure on Windows 10, the routes all fail due to
a Windows 10 permission problem.

Here's a summary of the openvpn errors:
|---- start -----
FlushIpNetTable failed on interface [17]
{78A54AAA-5893-4E9A-9FAB-429FF3FB3C87} (status=5) : Access is denied.
ROUTE: route addition failed using CreateIpForwardEntry: Access is denied.
[status=5 if_index=8]
Route addition via IPAPI failed [adaptive]
Route addition fallback to route.exe
env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem
ERROR: Windows route add command failed [adaptive]: returned error code 1
C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.211.1.46
ROUTE: route addition failed using CreateIpForwardEntry: Access is denied.
[status=5 if_index=17]
Route addition via IPAPI failed [adaptive]
Route addition fallback to route.exe
env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem
ERROR: Windows route add command failed [adaptive]: returned error code 1
C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.211.1.46
ROUTE: route addition failed using CreateIpForwardEntry: Access is denied.
[status=5 if_index=17]
Route addition via IPAPI failed [adaptive]
Route addition fallback to route.exe
env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem
ERROR: Windows route add command failed [adaptive]: returned error code 1
Initialization Sequence Completed
|---- end -----

I will send out a more detailed description of the error.

I suspect Windows 10 has a special permission that is needed.
But what?
Ads
  #2  
Old May 27th 17, 02:47 AM posted to alt.comp.os.windows-10,microsoft.public.windowsxp.general,alt.windows7.general
Roy Tremblay
external usenet poster
 
Posts: 169
Default Permission problem with openvpn moving from WinXP to Win10 causing route changes to fail

On Sat, 27 May 2017 01:42:40 +0000 (UTC),
Roy Tremblay actually wrote:

I will send out a more detailed description of the error.

I suspect Windows 10 has a special permission that is needed.
But what?


Here is the complete log of the error.
Do you know what permissions are needed on Windows 10 that weren't needed on Windows XP?

================================================== ==========================
Fri May 26 04:44:37 2017 OpenVPN 2.4.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on May 11 2017
Fri May 26 04:44:37 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Fri May 26 04:44:37 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.10
Fri May 26 04:44:37 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri May 26 04:44:37 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]121.123.145.123:1812
Fri May 26 04:44:37 2017 Socket Buffers: R=[65536-65536] S=[65536-65536]
Fri May 26 04:44:37 2017 UDP link local: (not bound)
Fri May 26 04:44:37 2017 UDP link remote: [AF_INET]121.123.145.123:1812
Fri May 26 04:44:37 2017 TLS: Initial packet from [AF_INET]121.123.145.123:1812, sid=9cec2ed0 b4a71ddf
Fri May 26 04:44:37 2017 VERIFY OK: depth=2, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Fri May 26 04:44:37 2017 VERIFY OK: depth=1, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
Fri May 26 04:44:37 2017 VERIFY OK: depth=0, OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.opengw.net
Fri May 26 04:44:38 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri May 26 04:44:38 2017 [*.opengw.net] Peer Connection Initiated with [AF_INET]121.123.145.123:1812
Fri May 26 04:44:39 2017 SENT CONTROL [*.opengw.net]: 'PUSH_REQUEST' (status=1)
Fri May 26 04:44:39 2017 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.45 10.211.1.46,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.46,redirect-gateway def1'
Fri May 26 04:44:39 2017 OPTIONS IMPORT: timers and/or timeouts modified
Fri May 26 04:44:39 2017 OPTIONS IMPORT: --ifconfig/up options modified
Fri May 26 04:44:39 2017 OPTIONS IMPORT: route options modified
Fri May 26 04:44:39 2017 OPTIONS IMPORT: route-related options modified
Fri May 26 04:44:39 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri May 26 04:44:39 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May 26 04:44:39 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 26 04:44:39 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May 26 04:44:39 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 26 04:44:39 2017 interactive service msg_channel=0
Fri May 26 04:44:39 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=8 HWADDR=01:3a:33:58:22:bd
Fri May 26 04:44:39 2017 open_tun
Fri May 26 04:44:39 2017 TAP-WIN32 device [Ethernet] opened: \\.\Global\{78A54AAA-5893-4E9A-9FAB-429FF3FB3C87}.tap
Fri May 26 04:44:39 2017 TAP-Windows Driver Version 9.21
Fri May 26 04:44:39 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.45/255.255.255.252 on interface {78A54AAA-5893-4E9A-9FAB-429FF3FB3C87} [DHCP-serv: 10.211.1.46, lease-time: 31536000]
Fri May 26 04:44:39 2017 NOTE: FlushIpNetTable failed on interface [17] {78A54AAA-5893-4E9A-9FAB-429FF3FB3C87} (status=5) : Access is denied.
Fri May 26 04:44:39 2017 do_ifconfig, tt-did_ifconfig_ipv6_setup=0
Fri May 26 04:44:44 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Fri May 26 04:44:44 2017 C:\WINDOWS\system32\route.exe ADD 121.123.145.123 MASK 255.255.255.255 192.168.1.1
Fri May 26 04:44:44 2017 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=8]
Fri May 26 04:44:44 2017 Route addition via IPAPI failed [adaptive]
Fri May 26 04:44:44 2017 Route addition fallback to route.exe
Fri May 26 04:44:44 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem
Fri May 26 04:44:44 2017 ERROR: Windows route add command failed [adaptive]: returned error code 1
Fri May 26 04:44:44 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.211.1.46
Fri May 26 04:44:44 2017 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=17]
Fri May 26 04:44:44 2017 Route addition via IPAPI failed [adaptive]
Fri May 26 04:44:44 2017 Route addition fallback to route.exe
Fri May 26 04:44:44 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem
Fri May 26 04:44:44 2017 ERROR: Windows route add command failed [adaptive]: returned error code 1
Fri May 26 04:44:44 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.211.1.46
Fri May 26 04:44:44 2017 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=17]
Fri May 26 04:44:44 2017 Route addition via IPAPI failed [adaptive]
Fri May 26 04:44:44 2017 Route addition fallback to route.exe
Fri May 26 04:44:44 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem
Fri May 26 04:44:44 2017 ERROR: Windows route add command failed [adaptive]: returned error code 1
Fri May 26 04:44:44 2017 Initialization Sequence Completed
  #3  
Old May 27th 17, 03:06 AM posted to alt.comp.os.windows-10,microsoft.public.windowsxp.general,alt.windows7.general
Roy Tremblay
external usenet poster
 
Posts: 169
Default Permission problem with openvpn moving from WinXP to Win10 causing route changes to fail

On Sat, 27 May 2017 01:47:00 +0000 (UTC),
Roy Tremblay actually wrote:

I suspect Windows 10 has a special permission that is needed.
But what?


Here is the complete log of the error.
Do you know what permissions are needed on Windows 10 that weren't needed on Windows XP?


By way of contrast, here's the log of the ovpn file working on WinXP.
Why does any ovpn file work on WinXP but fail due to permissions on Win10?

================================================== ==========================
Fri May 26 04:56:51 2017 OpenVPN 2.3.11 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Fri May 26 04:56:51 2017 Windows version 5.1 (Windows XP) 32bit
Fri May 26 04:56:51 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Fri May 26 04:56:51 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri May 26 04:56:52 2017 Socket Buffers: R=[8192-8192] S=[8192-8192]
Fri May 26 04:56:52 2017 UDPv4 link local: [undef]
Fri May 26 04:56:52 2017 UDPv4 link remote: [AF_INET]121.123.145.123:1812
Fri May 26 04:56:52 2017 TLS: Initial packet from [AF_INET]121.123.145.123:1812, sid=90e42959 f981c201
Fri May 26 04:56:52 2017 VERIFY OK: depth=2, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Fri May 26 04:56:52 2017 VERIFY OK: depth=1, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
Fri May 26 04:56:52 2017 VERIFY OK: depth=0, OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.opengw.net
Fri May 26 04:56:53 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May 26 04:56:53 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 26 04:56:53 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May 26 04:56:53 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 26 04:56:53 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri May 26 04:56:53 2017 [*.opengw.net] Peer Connection Initiated with [AF_INET]121.123.145.123:1812
Fri May 26 04:56:55 2017 SENT CONTROL [*.opengw.net]: 'PUSH_REQUEST' (status=1)
Fri May 26 04:56:55 2017 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.1 10.211.1.2,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.2,redirect-gateway def1'
Fri May 26 04:56:55 2017 OPTIONS IMPORT: timers and/or timeouts modified
Fri May 26 04:56:55 2017 OPTIONS IMPORT: --ifconfig/up options modified
Fri May 26 04:56:55 2017 OPTIONS IMPORT: route options modified
Fri May 26 04:56:55 2017 OPTIONS IMPORT: route-related options modified
Fri May 26 04:56:55 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri May 26 04:56:55 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=2 HWADDR=01:3a:33:58:22:bd
Fri May 26 04:56:55 2017 do_ifconfig, tt-ipv6=0, tt-did_ifconfig_ipv6_setup=0
Fri May 26 04:56:55 2017 open_tun, tt-ipv6=0
Fri May 26 04:56:55 2017 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{F1AB3A59-4892-3D3D-3CD9-724A239BA879}.tap
Fri May 26 04:56:55 2017 TAP-Windows Driver Version 9.9
Fri May 26 04:56:55 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.1/255.255.255.252 on interface {F1AB3A59-4892-3D3D-3CD9-724A239BA879} [DHCP-serv: 10.211.1.2, lease-time: 31536000]
Fri May 26 04:56:55 2017 Successful ARP Flush on interface [3] {F1AB3A59-4892-3D3D-3CD9-724A239BA879}
Fri May 26 18:54:00 2017 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Fri May 26 18:54:00 2017 Route: Waiting for TUN/TAP interface to come up...
Fri May 26 18:54:01 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Fri May 26 18:54:01 2017 C:\WINDOWS\system32\route.exe ADD 121.123.145.123 MASK 255.255.255.255 192.168.1.1
Fri May 26 18:54:01 2017 Route addition via IPAPI succeeded [adaptive]
Fri May 26 18:54:01 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.211.1.2
Fri May 26 18:54:01 2017 Route addition via IPAPI succeeded [adaptive]
Fri May 26 18:54:01 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.211.1.2
Fri May 26 18:54:01 2017 Route addition via IPAPI succeeded [adaptive]
Fri May 26 18:54:01 2017 Initialization Sequence Completed
  #4  
Old May 27th 17, 04:07 AM posted to alt.comp.os.windows-10,microsoft.public.windowsxp.general,alt.windows7.general
Roy Tremblay
external usenet poster
 
Posts: 169
Default Permission problem with openvpn moving from WinXP to Win10 causing route changes to fail

On Sat, 27 May 2017 01:42:40 +0000 (UTC),
Roy Tremblay actually wrote:

Permission problem with openvpn moving from WinXP to Win10 causing route
changes to fail.


Thanks to the suggestion from Good Guy, I solved the problem of *.ovpn
OpenVPN text files not having the permissions to run the necessary route
commands to get onto VPN.

After I installed the Win7/8/Vista/10 64-bit OpenVPN package on Windows 10,
I changed the file associations for doubleclicking on *.ovpn text files to
open up in the "OpenVPN Daemon" instead of the "OpenVPN GUI".
https://s14.postimg.org/y3vs59vnl/Clipboard03.gif

I did that same file association change many years ago, on Windows XP:
https://s29.postimg.org/estakppgn/openvpn.gif

This allows me to just doubleclick on any of hundreds of *.ovpn openvpn text
files, and they open up in the OpenVPN Daemon, which just looks like a
command windows with a text running log file (which is what I pasted
separately).

When I close the command window with the running log file, that knocks me
off of VPN. So, there is no OpenVPN GUI involved. And there is no link
involved.

I doubleclick on an *.ovpn text file to get on VPN.
I close that running log file to get off of VPN.

On Windows 10, I made the same file association change:
https://s14.postimg.org/y3vs59vnl/Clipboard03.gif

But after clicking on an *.ovpn OpenVPN text file, the running log showed
that it needed more permissions for some very strange reason (unknown to me
at this point).

Predictably, setting the "OpenVPN GUI" link to run as administrator did
nothing:
https://s1.postimg.org/oppwqvrzz/Clipboard01.gif

But that's probably because I am not using the OpenVPN GUI (and even more to
the point, I'm not using any links to start the program). I'm using file
associations to start the OpenVPN Daemon instead of using the OpenVPN GUI.

So, based on Good Guy's suggestion, I went to the OpenVPN bin directory and
arbitrarily set *all* the exe files to run as administrator:
https://s9.postimg.org/w1wwgzlrj/Clipboard02.gif

That solved the problem of permissions!

Now when I doubleclick in Windows 10 on any *.ovpn OpenVPN text file, the
OpenVPN Daemon pops up the running log file, which shows that there are no
longer permission errors when the route commands are run.

I have no idea why this extra step is required, nor why it's not documented
in any of the OpenVPN setup tutorials for Windows 10.

All I know is that setting all the executables to run as administrator
solved whatever problem Windows 10 has introduced that Windows XP didn't
have.
  #5  
Old May 27th 17, 04:31 AM posted to alt.comp.os.windows-10,microsoft.public.windowsxp.general,alt.windows7.general
Roy Tremblay
external usenet poster
 
Posts: 169
Default Permission problem with openvpn moving from WinXP to Win10 causing route changes to fail

On Sat, 27 May 2017 03:07:35 +0000 (UTC),
Roy Tremblay actually wrote:

So, based on Good Guy's suggestion, I went to the OpenVPN bin directory and
arbitrarily set *all* the exe files to run as administrator:
https://s9.postimg.org/w1wwgzlrj/Clipboard02.gif

That solved the problem of permissions!

Now when I doubleclick in Windows 10 on any *.ovpn OpenVPN text file, the
OpenVPN Daemon pops up the running log file, which shows that there are no
longer permission errors when the route commands are run.

I have no idea why this extra step is required, nor why it's not documented
in any of the OpenVPN setup tutorials for Windows 10.

All I know is that setting all the executables to run as administrator
solved whatever problem Windows 10 has introduced that Windows XP didn't
have.


To give you an idea of what the documentation says, here are the tutorials I
looked at, none of which explained this mysterious process for the OpenVPN
Daemon (but they did it for the OpenVPN GUI).

How to set up OpenVPN on Windows 10
https://www.hideipvpn.com/setup/how-...on-windows-10/

Windows 10 OpenVPN setup tutorial
https://strongvpn.com/setup-windows-10-openvpn.html

How to set up OpenVPN on Windows 10
https://www.cactusvpn.com/tutorials/...on-windows-10/

How to install OpenVPN on Windows 10
https://www.vpncompare.co.uk/how-to-...on-windows-10/

How to set up a manual OpenVPN connection on Windows 10
https://nordvpn.com/tutorials/windows-10/openvpn/

How to set up OpenVPN on Windows 10
https://www.smartydns.com/support/ho...on-windows-10/

And this one used a completely different method!

How to Set up a VPN Connection in Windows 10
http://www.tomshardware.com/faq/id-2...n-windows.html

I guess I'm the only one who simply doubleclicks on the *.ovpn OpenVPN text
files to connect to VPN (closing the running log to disconnect from VPN).

Everyone else must be using the OpenVPN GUI, but I find it's a *lot* more
steps to use the GUI than to just doubleclick on the *.ovpn file itself,
especially since I have hundreds of *.ovpn file laying around.

Since I set the windows to all open in the same spot, I can open up a
hundred *.ovpn files in one doubleclick action, and then close the ones that
don't work and keep the one that works (only one will work at a time so
there's no danger if more than one *.ovpn file is good).

I guess I'm the only one using this efficient use model.

Everyone else must be clicking like crazy in the GUI which itself is limited
to a puny 50 files each of which seems to need to be selected manually
anyway (as far as I can tell anyway) so the GUI is a lousy use model if you
ask me.
  #6  
Old May 28th 17, 03:01 PM posted to alt.comp.os.windows-10,microsoft.public.windowsxp.general
Roy Tremblay
external usenet poster
 
Posts: 169
Default Permission problem with openvpn moving from WinXP to Win10 causing route changes to fail

On Sat, 27 May 2017 08:13:02 +0200,
J.O. Aho actually wrote:

I just doubleclick on any desired *.ovpn openvpn text file and that's all I
ever do. That puts me on VPN. There is no GUI involved.


Use "killall -9 openvpnd" and it would take care of the daemon. Sure you
can use a desktop icon for doing that.


I had to enable Telnet on Windows so is "killall" the same kind of problem
on Windows as Telnet was?

cmd\ killall
No such file or directory on Windows XP or on Windows 10

It's interesting that you recommended "killall" for Windows because there is
only one minor problem in WindowsXP and two minor problems with Windows 10
with my use model, one of each is related to killing the process.

The minor problem in both is that out of any given dozen freely available
openvpn *.ovpn configuration files to free public VPN servers, not all work.

So what happens is:
1. I group select and group "open" 10 *.ovpn files in the OpenVPN Daemon.
1. If 0 work I end up having 10 OpenVPN daemon runninglog files to close.
2. If 4 work I end up having to close 6 OpenVPN daemon runninglog files.

What happens is that the first successful connection wins, and any
subsequent successful connects automatically close (which is perfect!).

So I'm only left with the 1 (first) successful connection, with the rest
being connections which never stood a chance of being successful.

To make it easier to close the 6 remaining unsuccessful OpenVPN Daemon
runninglog files, I have them set to open in the same location so that the
[X] corner is easier to (1)click, (2)click, (3)click, (4)click, (5)click, &
(6)click.

If there was a way to close all the open unsuccessful windows, that would
make the use model even more efficient than it is now.
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 01:35 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.