search

OpenVPN / openvpn-gui

OpenVPN GUI is a graphical frontend for OpenVPN running on Windows 7 / 8 / 10. It creates an icon in the notification area from which you can control OpenVPN to start/stop your VPN tunnels, view the log and do other useful things.
Other
1.38k stars 397 forks source link

OpenVPN Pre-Logon Access Provider #662

Closed nickgrange closed 7 months ago

nickgrange commented 7 months ago

Hi All,

Strange issue with plap, running latest 6.8.1 and Windows 11 Pro 23H2 fully patched.

Connecting to the vpn server via plap works fine, then on login to windows the openvpn client doesn't believe its connect even though the vpn is up....

I've tried it on a couple of laptops and get the same results, it used to work great!

Am i going mad?

Thanks

selvanair commented 7 months ago

What state does the GUI show for this profile? Disconnected or something else?

Can you post the log file -- you will find it in Program Files\OpenVPN\log. If the log is long (due to log-append), post only the part showing the last connection.

One way to troubleshoot this is to stop the GUI and then connect to the management interface of the running connection from the command line using telnet 127.0.0.1 port -- you may have to install telnet feature. Here port is the port number specified in the config file. It will ask for the password set in the password file (if in use). Once connected to the management interface, issue the command state and see whether it reports CONNECTED or something else.

By any chance do you have multiple instances of openvpn.exe running using the same config file?

running latest 6.8.1 and Windows 11 Pro 23H2 fully patched

6.8.1 ? OpenVPN versions that support PLAP are 2.6.x

nickgrange commented 7 months ago

Thanks for the quick reply, firstly sorry, its the latest version 2.6.8

The state of the GUI shows 'Connect' when i log onto the pc.

2023-12-01 08:29:28 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure 2023-12-01 08:29:28 OpenVPN 2.6.8 [git:v2.6.8/3b0d9489cc423da3] Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Nov 17 2023 2023-12-01 08:29:28 Windows version 10.0 (Windows 10 or greater), amd64 executable 2023-12-01 08:29:28 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10 2023-12-01 08:29:28 DCO version: 1.0.0 2023-12-01 08:31:06 TCP/UDP: Preserving recently used remote address: [AF_INET]...:1194 2023-12-01 08:31:24 UDPv4 link local: (not bound) 2023-12-01 08:31:24 UDPv4 link remote: [AF_INET]...:1194 2023-12-01 08:31:24 [adminvpn.magd.cam.ac.uk] Peer Connection Initiated with [AF_INET]...:1194 2023-12-01 08:31:25 open_tun 2023-12-01 08:31:25 tap-windows6 device [OpenVPN TAP-Windows6] opened 2023-12-01 08:31:25 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.210.0/192.168.210.2/255.255.255.0 [SUCCEEDED] 2023-12-01 08:31:25 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.210.2/255.255.255.0 on interface {6F372AD2-CC71-476D-9DFB-EDFA295F069B} [DHCP-serv: 192.168.210.0, lease-time: 31536000] 2023-12-01 08:31:25 Successful ARP Flush on interface [9] {6F372AD2-CC71-476D-9DFB-EDFA295F069B} 2023-12-01 08:31:25 IPv4 MTU set to 1500 on interface 9 using SetIpInterfaceEntry() 2023-12-01 08:31:30 Initialization Sequence Completed

image

selvanair commented 7 months ago

This is odd. If you select to "Connect" from the GUI does it try to start a new instance or detect that its connected and behave after that? Otherwise, it seems the GUI does not recognize this as a pre-started config -- it does that by the location of the ovpn file (must be in the default config-auto directory). I can't think of a reason for this. Have you changed anything like the location of autostart_config_dir in the registry or any such?

nickgrange commented 7 months ago

If i select "Connect" it allows me to try and i get the message below

image

The log only say this

2023-12-01 15:07:58 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure 2023-12-01 15:07:58 OpenVPN 2.6.8 [git:v2.6.8/3b0d9489cc423da3] Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Nov 17 2023 2023-12-01 15:07:58 Windows version 10.0 (Windows 10 or greater), amd64 executable 2023-12-01 15:07:58 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10 2023-12-01 15:07:58 DCO version: 1.0.0 2023-12-01 15:10:55 TCP/UDP: Preserving recently used remote address: [AF_INET]:1194 2023-12-01 15:10:55 UDPv4 link local: (not bound) 2023-12-01 15:10:55 UDPv4 link remote: [AF_INET]:1194 2023-12-01 15:10:56 [adminvpn.magd.cam.ac.uk] Peer Connection Initiated with [AF_INET]:1194 2023-12-01 15:10:57 open_tun 2023-12-01 15:10:57 tap-windows6 device [OpenVPN TAP-Windows6] opened 2023-12-01 15:10:57 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.210.0/192.168.210.2/255.255.255.0 [SUCCEEDED] 2023-12-01 15:10:57 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.210.2/255.255.255.0 on interface {6F372AD2-CC71-476D-9DFB-EDFA295F069B} [DHCP-serv: 192.168.210.0, lease-time: 31536000] 2023-12-01 15:10:57 Successful ARP Flush on interface [9] {6F372AD2-CC71-476D-9DFB-EDFA295F069B} 2023-12-01 15:10:57 IPv4 MTU set to 1500 on interface 9 using SetIpInterfaceEntry() 2023-12-01 15:11:02 Initialization Sequence Completed 2023-12-01 15:14:55 [*.uk] Inactivity timeout (--ping-restart), restarting 2023-12-01 15:14:55 SIGUSR1[soft,ping-restart] received, process restarting

The tunnel then drops but the dhcp address is still assigned to the 'Unknown adapter OpenVPN TAP-Windows6' adapter

I then have to restart to connect again....

selvanair commented 7 months ago

Looks like the profile you are seeing in the GUI is a duplicate of your PLAP profile which it treats as normal one under its control. Do you have the same config file appearing in multiple places -- like Program Files\OpenVPN\config\.. or in %USERPROFILE%\OpenVPN\config\...

Does the GUI really show it under the sub-menu "Persistent Profiles" ?

nickgrange commented 7 months ago

Found the issue, but this had been set to this since the first time i tested plap before it was included in 2.6.* ..... so something must have changed?

I had set the config folder path to the below way back when

Screenshot 2023-12-01 194206

Changed it back to config and working again

selvanair commented 7 months ago

Yes, that is a wrong setting. The right value for it is the config folder in %USERPROFILE% and it exists for users who want to keep their personal profiles at a different location. For most people its best to leave it at its default: C:\Users\<username>\OpenVPN\config

No need to set to the config folder in Program Files either -- that folder is automatically scanned.

It couldn't have worked with the GUI in any version.

nickgrange commented 7 months ago

Ok, thanks for the help in resolving this, will close this now