If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Permission problem with openvpn moving from WinXP to Win10 causing route changes to fail
Permission problem with openvpn moving from WinXP to Win10 causing route
changes to fail. On Windows XP, for years, I have been doubleclicking on any openvpn text file which is set to open in the "OpenVPN Daemon" and that, in and of itself, connects me to VPN every time. File association for WinXP: https://s29.postimg.org/estakppgn/openvpn.gif File association for Win10: https://s16.postimg.org/mcs4crgsl/Clipboardq02.jpg Using the same file and procedure on Windows 10, the routes all fail due to a Windows 10 permission problem. Here's a summary of the openvpn errors: |---- start ----- FlushIpNetTable failed on interface [17] {78A54AAA-5893-4E9A-9FAB-429FF3FB3C87} (status=5) : Access is denied. ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=8] Route addition via IPAPI failed [adaptive] Route addition fallback to route.exe env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem ERROR: Windows route add command failed [adaptive]: returned error code 1 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.211.1.46 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=17] Route addition via IPAPI failed [adaptive] Route addition fallback to route.exe env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem ERROR: Windows route add command failed [adaptive]: returned error code 1 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.211.1.46 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=17] Route addition via IPAPI failed [adaptive] Route addition fallback to route.exe env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem ERROR: Windows route add command failed [adaptive]: returned error code 1 Initialization Sequence Completed |---- end ----- I will send out a more detailed description of the error. I suspect Windows 10 has a special permission that is needed. But what? |
Ads |
#2
|
|||
|
|||
Permission problem with openvpn moving from WinXP to Win10 causing route changes to fail
On Sat, 27 May 2017 01:42:40 +0000 (UTC),
Roy Tremblay actually wrote: I will send out a more detailed description of the error. I suspect Windows 10 has a special permission that is needed. But what? Here is the complete log of the error. Do you know what permissions are needed on Windows 10 that weren't needed on Windows XP? ================================================== ========================== Fri May 26 04:44:37 2017 OpenVPN 2.4.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on May 11 2017 Fri May 26 04:44:37 2017 Windows version 6.2 (Windows 8 or greater) 64bit Fri May 26 04:44:37 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.10 Fri May 26 04:44:37 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Fri May 26 04:44:37 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]121.123.145.123:1812 Fri May 26 04:44:37 2017 Socket Buffers: R=[65536-65536] S=[65536-65536] Fri May 26 04:44:37 2017 UDP link local: (not bound) Fri May 26 04:44:37 2017 UDP link remote: [AF_INET]121.123.145.123:1812 Fri May 26 04:44:37 2017 TLS: Initial packet from [AF_INET]121.123.145.123:1812, sid=9cec2ed0 b4a71ddf Fri May 26 04:44:37 2017 VERIFY OK: depth=2, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority Fri May 26 04:44:37 2017 VERIFY OK: depth=1, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA Fri May 26 04:44:37 2017 VERIFY OK: depth=0, OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.opengw.net Fri May 26 04:44:38 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Fri May 26 04:44:38 2017 [*.opengw.net] Peer Connection Initiated with [AF_INET]121.123.145.123:1812 Fri May 26 04:44:39 2017 SENT CONTROL [*.opengw.net]: 'PUSH_REQUEST' (status=1) Fri May 26 04:44:39 2017 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.45 10.211.1.46,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.46,redirect-gateway def1' Fri May 26 04:44:39 2017 OPTIONS IMPORT: timers and/or timeouts modified Fri May 26 04:44:39 2017 OPTIONS IMPORT: --ifconfig/up options modified Fri May 26 04:44:39 2017 OPTIONS IMPORT: route options modified Fri May 26 04:44:39 2017 OPTIONS IMPORT: route-related options modified Fri May 26 04:44:39 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Fri May 26 04:44:39 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Fri May 26 04:44:39 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri May 26 04:44:39 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Fri May 26 04:44:39 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri May 26 04:44:39 2017 interactive service msg_channel=0 Fri May 26 04:44:39 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=8 HWADDR=01:3a:33:58:22:bd Fri May 26 04:44:39 2017 open_tun Fri May 26 04:44:39 2017 TAP-WIN32 device [Ethernet] opened: \\.\Global\{78A54AAA-5893-4E9A-9FAB-429FF3FB3C87}.tap Fri May 26 04:44:39 2017 TAP-Windows Driver Version 9.21 Fri May 26 04:44:39 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.45/255.255.255.252 on interface {78A54AAA-5893-4E9A-9FAB-429FF3FB3C87} [DHCP-serv: 10.211.1.46, lease-time: 31536000] Fri May 26 04:44:39 2017 NOTE: FlushIpNetTable failed on interface [17] {78A54AAA-5893-4E9A-9FAB-429FF3FB3C87} (status=5) : Access is denied. Fri May 26 04:44:39 2017 do_ifconfig, tt-did_ifconfig_ipv6_setup=0 Fri May 26 04:44:44 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up Fri May 26 04:44:44 2017 C:\WINDOWS\system32\route.exe ADD 121.123.145.123 MASK 255.255.255.255 192.168.1.1 Fri May 26 04:44:44 2017 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=8] Fri May 26 04:44:44 2017 Route addition via IPAPI failed [adaptive] Fri May 26 04:44:44 2017 Route addition fallback to route.exe Fri May 26 04:44:44 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem Fri May 26 04:44:44 2017 ERROR: Windows route add command failed [adaptive]: returned error code 1 Fri May 26 04:44:44 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.211.1.46 Fri May 26 04:44:44 2017 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=17] Fri May 26 04:44:44 2017 Route addition via IPAPI failed [adaptive] Fri May 26 04:44:44 2017 Route addition fallback to route.exe Fri May 26 04:44:44 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem Fri May 26 04:44:44 2017 ERROR: Windows route add command failed [adaptive]: returned error code 1 Fri May 26 04:44:44 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.211.1.46 Fri May 26 04:44:44 2017 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=17] Fri May 26 04:44:44 2017 Route addition via IPAPI failed [adaptive] Fri May 26 04:44:44 2017 Route addition fallback to route.exe Fri May 26 04:44:44 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem Fri May 26 04:44:44 2017 ERROR: Windows route add command failed [adaptive]: returned error code 1 Fri May 26 04:44:44 2017 Initialization Sequence Completed |
#3
|
|||
|
|||
Permission problem with openvpn moving from WinXP to Win10 causing route changes to fail
On Sat, 27 May 2017 01:47:00 +0000 (UTC),
Roy Tremblay actually wrote: I suspect Windows 10 has a special permission that is needed. But what? Here is the complete log of the error. Do you know what permissions are needed on Windows 10 that weren't needed on Windows XP? By way of contrast, here's the log of the ovpn file working on WinXP. Why does any ovpn file work on WinXP but fail due to permissions on Win10? ================================================== ========================== Fri May 26 04:56:51 2017 OpenVPN 2.3.11 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016 Fri May 26 04:56:51 2017 Windows version 5.1 (Windows XP) 32bit Fri May 26 04:56:51 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09 Fri May 26 04:56:51 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Fri May 26 04:56:52 2017 Socket Buffers: R=[8192-8192] S=[8192-8192] Fri May 26 04:56:52 2017 UDPv4 link local: [undef] Fri May 26 04:56:52 2017 UDPv4 link remote: [AF_INET]121.123.145.123:1812 Fri May 26 04:56:52 2017 TLS: Initial packet from [AF_INET]121.123.145.123:1812, sid=90e42959 f981c201 Fri May 26 04:56:52 2017 VERIFY OK: depth=2, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority Fri May 26 04:56:52 2017 VERIFY OK: depth=1, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA Fri May 26 04:56:52 2017 VERIFY OK: depth=0, OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.opengw.net Fri May 26 04:56:53 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Fri May 26 04:56:53 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri May 26 04:56:53 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Fri May 26 04:56:53 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri May 26 04:56:53 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Fri May 26 04:56:53 2017 [*.opengw.net] Peer Connection Initiated with [AF_INET]121.123.145.123:1812 Fri May 26 04:56:55 2017 SENT CONTROL [*.opengw.net]: 'PUSH_REQUEST' (status=1) Fri May 26 04:56:55 2017 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.1 10.211.1.2,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.2,redirect-gateway def1' Fri May 26 04:56:55 2017 OPTIONS IMPORT: timers and/or timeouts modified Fri May 26 04:56:55 2017 OPTIONS IMPORT: --ifconfig/up options modified Fri May 26 04:56:55 2017 OPTIONS IMPORT: route options modified Fri May 26 04:56:55 2017 OPTIONS IMPORT: route-related options modified Fri May 26 04:56:55 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Fri May 26 04:56:55 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=2 HWADDR=01:3a:33:58:22:bd Fri May 26 04:56:55 2017 do_ifconfig, tt-ipv6=0, tt-did_ifconfig_ipv6_setup=0 Fri May 26 04:56:55 2017 open_tun, tt-ipv6=0 Fri May 26 04:56:55 2017 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{F1AB3A59-4892-3D3D-3CD9-724A239BA879}.tap Fri May 26 04:56:55 2017 TAP-Windows Driver Version 9.9 Fri May 26 04:56:55 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.1/255.255.255.252 on interface {F1AB3A59-4892-3D3D-3CD9-724A239BA879} [DHCP-serv: 10.211.1.2, lease-time: 31536000] Fri May 26 04:56:55 2017 Successful ARP Flush on interface [3] {F1AB3A59-4892-3D3D-3CD9-724A239BA879} Fri May 26 18:54:00 2017 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Fri May 26 18:54:00 2017 Route: Waiting for TUN/TAP interface to come up... Fri May 26 18:54:01 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up Fri May 26 18:54:01 2017 C:\WINDOWS\system32\route.exe ADD 121.123.145.123 MASK 255.255.255.255 192.168.1.1 Fri May 26 18:54:01 2017 Route addition via IPAPI succeeded [adaptive] Fri May 26 18:54:01 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.211.1.2 Fri May 26 18:54:01 2017 Route addition via IPAPI succeeded [adaptive] Fri May 26 18:54:01 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.211.1.2 Fri May 26 18:54:01 2017 Route addition via IPAPI succeeded [adaptive] Fri May 26 18:54:01 2017 Initialization Sequence Completed |
#4
|
|||
|
|||
Permission problem with openvpn moving from WinXP to Win10 causing route changes to fail
On Sat, 27 May 2017 01:42:40 +0000 (UTC),
Roy Tremblay actually wrote: Permission problem with openvpn moving from WinXP to Win10 causing route changes to fail. Thanks to the suggestion from Good Guy, I solved the problem of *.ovpn OpenVPN text files not having the permissions to run the necessary route commands to get onto VPN. After I installed the Win7/8/Vista/10 64-bit OpenVPN package on Windows 10, I changed the file associations for doubleclicking on *.ovpn text files to open up in the "OpenVPN Daemon" instead of the "OpenVPN GUI". https://s14.postimg.org/y3vs59vnl/Clipboard03.gif I did that same file association change many years ago, on Windows XP: https://s29.postimg.org/estakppgn/openvpn.gif This allows me to just doubleclick on any of hundreds of *.ovpn openvpn text files, and they open up in the OpenVPN Daemon, which just looks like a command windows with a text running log file (which is what I pasted separately). When I close the command window with the running log file, that knocks me off of VPN. So, there is no OpenVPN GUI involved. And there is no link involved. I doubleclick on an *.ovpn text file to get on VPN. I close that running log file to get off of VPN. On Windows 10, I made the same file association change: https://s14.postimg.org/y3vs59vnl/Clipboard03.gif But after clicking on an *.ovpn OpenVPN text file, the running log showed that it needed more permissions for some very strange reason (unknown to me at this point). Predictably, setting the "OpenVPN GUI" link to run as administrator did nothing: https://s1.postimg.org/oppwqvrzz/Clipboard01.gif But that's probably because I am not using the OpenVPN GUI (and even more to the point, I'm not using any links to start the program). I'm using file associations to start the OpenVPN Daemon instead of using the OpenVPN GUI. So, based on Good Guy's suggestion, I went to the OpenVPN bin directory and arbitrarily set *all* the exe files to run as administrator: https://s9.postimg.org/w1wwgzlrj/Clipboard02.gif That solved the problem of permissions! Now when I doubleclick in Windows 10 on any *.ovpn OpenVPN text file, the OpenVPN Daemon pops up the running log file, which shows that there are no longer permission errors when the route commands are run. I have no idea why this extra step is required, nor why it's not documented in any of the OpenVPN setup tutorials for Windows 10. All I know is that setting all the executables to run as administrator solved whatever problem Windows 10 has introduced that Windows XP didn't have. |
#5
|
|||
|
|||
Permission problem with openvpn moving from WinXP to Win10 causing route changes to fail
On Sat, 27 May 2017 03:07:35 +0000 (UTC),
Roy Tremblay actually wrote: So, based on Good Guy's suggestion, I went to the OpenVPN bin directory and arbitrarily set *all* the exe files to run as administrator: https://s9.postimg.org/w1wwgzlrj/Clipboard02.gif That solved the problem of permissions! Now when I doubleclick in Windows 10 on any *.ovpn OpenVPN text file, the OpenVPN Daemon pops up the running log file, which shows that there are no longer permission errors when the route commands are run. I have no idea why this extra step is required, nor why it's not documented in any of the OpenVPN setup tutorials for Windows 10. All I know is that setting all the executables to run as administrator solved whatever problem Windows 10 has introduced that Windows XP didn't have. To give you an idea of what the documentation says, here are the tutorials I looked at, none of which explained this mysterious process for the OpenVPN Daemon (but they did it for the OpenVPN GUI). How to set up OpenVPN on Windows 10 https://www.hideipvpn.com/setup/how-...on-windows-10/ Windows 10 OpenVPN setup tutorial https://strongvpn.com/setup-windows-10-openvpn.html How to set up OpenVPN on Windows 10 https://www.cactusvpn.com/tutorials/...on-windows-10/ How to install OpenVPN on Windows 10 https://www.vpncompare.co.uk/how-to-...on-windows-10/ How to set up a manual OpenVPN connection on Windows 10 https://nordvpn.com/tutorials/windows-10/openvpn/ How to set up OpenVPN on Windows 10 https://www.smartydns.com/support/ho...on-windows-10/ And this one used a completely different method! How to Set up a VPN Connection in Windows 10 http://www.tomshardware.com/faq/id-2...n-windows.html I guess I'm the only one who simply doubleclicks on the *.ovpn OpenVPN text files to connect to VPN (closing the running log to disconnect from VPN). Everyone else must be using the OpenVPN GUI, but I find it's a *lot* more steps to use the GUI than to just doubleclick on the *.ovpn file itself, especially since I have hundreds of *.ovpn file laying around. Since I set the windows to all open in the same spot, I can open up a hundred *.ovpn files in one doubleclick action, and then close the ones that don't work and keep the one that works (only one will work at a time so there's no danger if more than one *.ovpn file is good). I guess I'm the only one using this efficient use model. Everyone else must be clicking like crazy in the GUI which itself is limited to a puny 50 files each of which seems to need to be selected manually anyway (as far as I can tell anyway) so the GUI is a lousy use model if you ask me. |
#6
|
|||
|
|||
Permission problem with openvpn moving from WinXP to Win10 causing route changes to fail
On Sat, 27 May 2017 08:13:02 +0200,
J.O. Aho actually wrote: I just doubleclick on any desired *.ovpn openvpn text file and that's all I ever do. That puts me on VPN. There is no GUI involved. Use "killall -9 openvpnd" and it would take care of the daemon. Sure you can use a desktop icon for doing that. I had to enable Telnet on Windows so is "killall" the same kind of problem on Windows as Telnet was? cmd\ killall No such file or directory on Windows XP or on Windows 10 It's interesting that you recommended "killall" for Windows because there is only one minor problem in WindowsXP and two minor problems with Windows 10 with my use model, one of each is related to killing the process. The minor problem in both is that out of any given dozen freely available openvpn *.ovpn configuration files to free public VPN servers, not all work. So what happens is: 1. I group select and group "open" 10 *.ovpn files in the OpenVPN Daemon. 1. If 0 work I end up having 10 OpenVPN daemon runninglog files to close. 2. If 4 work I end up having to close 6 OpenVPN daemon runninglog files. What happens is that the first successful connection wins, and any subsequent successful connects automatically close (which is perfect!). So I'm only left with the 1 (first) successful connection, with the rest being connections which never stood a chance of being successful. To make it easier to close the 6 remaining unsuccessful OpenVPN Daemon runninglog files, I have them set to open in the same location so that the [X] corner is easier to (1)click, (2)click, (3)click, (4)click, (5)click, & (6)click. If there was a way to close all the open unsuccessful windows, that would make the use model even more efficient than it is now. |
Thread Tools | |
Display Modes | |
|
|