windows10 20H2 connect openvpn, start vnc to remote access the server cause crash down

wangsinan1996 commented 1 year ago

windows version 20H2 windows kernel version 19045.2604 openvpn version OpenVPN-2.6.0-I005-amd64 vnc version VNC-Viewer-7.0.1-Windows-msi It happens twice when I user vnc to remote access the server. when I look at the system log,the feadback it gives me:

System
- Provider
[ Name] Microsoft-Windows-WER-SystemErrorReporting [ Guid] {ABCE23E7-DE45-4366-8631-84FA6C525952} [ EventSourceName] BugCheck
- EventID 1001
[ Qualifiers] 16384

Version 0

Level 2

Task 0

Opcode 0

Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2023-02-23T08:13:29.0953886Z

EventRecordID 5255

Correlation
- Execution
[ ProcessID] 0 [ ThreadID] 0

Channel System

Computer DESKTOP-R2SF77Q

Security
EventData

param1 0x000000d1 (0x000000000000000a, 0x0000000000000002, 0x0000000000000000, 0xfffff8000f10b1a4) param2 C:\Windows\MEMORY.DMP param3 6d92b1c1-cf5f-4eeb-9e52-9affdf9a05ba

and now I am afraid to start openvpn client, need help, thank so much. Also I can offer the MEMORY.DMP file to assist you~

lstipakov commented 1 year ago

Yes, please share MEMORY.DMP.

wangsinan1996 commented 1 year ago

Here is the baiducloud address

url:https://pan.baidu.com/s/16aUSnuKh7R_5L41RHaDh0Q

code:jlu2

发件人: @. @.> 代表 Lev Stipakov 发送时间: 2023年2月23日 17:59 收件人: OpenVPN/openvpn @.> 抄送: wangsinan1996 @.>; Author @.***> 主题: Re: [OpenVPN/openvpn] windows10 20H2 connect openvpn, start vnc to remote access the server cause crash down (Issue OpenVPN/ovpn-dco-win#40)

Yes, please share memory.dmp.

— Reply to this email directly, view it on GitHub https://github.com/OpenVPN/ovpn-dco-win/issues/40 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AFQFF4RLN7SXLNMJKE3PH2LWY4YHDANCNFSM6AAAAAAVFLDTIU . You are receiving this because you authored the thread.Message ID: @.***>

lstipakov commented 1 year ago

I did my best but I was unable to download a file from Baidu. Sieppaa

Does mega.nz work for you?

You should also have a small minidump file in C:\Windows\Minidump, you should be able to upload those directly to GitHub.

wangsinan1996 commented 1 year ago

minidump.zip here are the four minidump files related to the crash phenomenan, please check

lstipakov commented 1 year ago

Stack trace:

9: kd> kn
 # Child-SP          RetAddr               Call Site
00 ffffee83`73066768 fffff800`0f20e129     nt!KeBugCheckEx
01 ffffee83`73066770 fffff800`0f209ce3     nt!KiBugCheckDispatch+0x69
02 ffffee83`730668b0 fffff800`1170b1a4     nt!KiPageFault+0x463
03 ffffee83`73066a40 fffff800`1180fc66     NETIO!NetioPhChecksumIpDatagramWithInitialChecksum+0x34
04 ffffee83`73066a90 fffff800`1180efc8     tcpip!IppPreparePacketChecksum+0x326
05 ffffee83`73066b20 fffff800`1180dda8     tcpip!IppPacketizeDatagrams+0x158
06 ffffee83`73066c50 fffff800`1180d904     tcpip!IppSendDatagramsCommon+0x498
07 ffffee83`73066dd0 fffff800`117fb65e     tcpip!IpNlpSendDatagrams+0x44
08 ffffee83`73066e10 fffff800`117fa82c     tcpip!UdpSendMessagesOnPath+0x7ae
09 ffffee83`730672b0 fffff800`117fa575     tcpip!UdpSendMessages+0x29c
0a ffffee83`73067620 fffff800`0f0f9a48     tcpip!UdpTlProviderSendMessagesCalloutRoutine+0x15
0b ffffee83`73067650 fffff800`0f0f99bd     nt!KeExpandKernelStackAndCalloutInternal+0x78
0c ffffee83`730676c0 fffff800`1184795b     nt!KeExpandKernelStackAndCalloutEx+0x1d
0d ffffee83`73067700 fffff800`24d465bc     tcpip!UdpTlProviderSendMessages+0x7b
0e ffffee83`73067780 fffff800`24d44c1c     afd!WskProIRPSendMessages+0xdc
0f ffffee83`73067800 fffff800`0f0954d5     afd!AfdWskDispatchInternalDeviceControl+0x3c
10 ffffee83`73067830 fffff800`24d47147     nt!IofCallDriver+0x55
11 ffffee83`73067870 fffff800`67029a43     afd!WskProAPISendMessages+0x67
12 ffffee83`730678a0 fffff800`670277c3     ovpn_dco!OvpnSocketSend+0x20f [c:\Users\lev\Projects\ovpn-dco-win\socket.cpp @ 721] 
13 ffffee83`73067940 fffff800`670538c8     ovpn_dco!OvpnEvtTxQueueAdvance+0x153 [c:\Users\lev\Projects\ovpn-dco-win\txqueue.cpp @ 164] 
14 (Inline Function) --------`--------     NetAdapterCx!NxQueue::Advance+0x14 [minio\netcx\adapter\nxqueue.cpp @ 190] 
15 ffffee83`73067a00 fffff800`6705eca9     NetAdapterCx!NetClientQueueAdvance+0x18 [minio\netcx\adapter\nxqueue.cpp @ 37] 
16 (Inline Function) --------`--------     NetAdapterCx!NxTxXlat::YieldToNetAdapter+0x9b [minio\netcx\translator\nxtxxlat.cpp @ 505] 
17 ffffee83`73067a30 fffff800`6705ea09     NetAdapterCx!NxTxXlat::TransmitThread+0x291 [minio\netcx\translator\nxtxxlat.cpp @ 281] 
18 ffffee83`73067b20 fffff800`0f055485     NetAdapterCx!NetAdapterTransmitThread+0x9 [minio\netcx\translator\nxtxxlat.cpp @ 218] 
19 ffffee83`73067b50 fffff800`0f202cc8     nt!PspSystemThreadStartup+0x55
1a ffffee83`73067ba0 00000000`00000000     nt!KiStartSystemThread+0x28

cron2 commented 1 year ago

transferring to ovpn-dco-win, as it's a driver thing (as requested by @lstipakov)

lstipakov commented 1 year ago

@wangsinan1996 can you show the output of netsh interface ipv4 show subinterfaces ?

wangsinan1996 commented 1 year ago

lstipakov commented 1 year ago

Do you use ZeroTier at the same time with OpenVPN?

wangsinan1996 commented 1 year ago

Once I can use the company vpn, openvpn, zerotier at same time, but now on my new laptop, as soon as I run openvpn client , my laptop will crash in serveral seconds. Even though I run openvpn only , it will still crash. T_T. Any suggestions , please, thanks

lstipakov commented 1 year ago

Could you run

netsh interface ipv4 set subinterface "OpenVPN Data Channel Offload" mtu=1500

right after connect?

wangsinan1996 commented 1 year ago

holy shit! It works! For now it still not crash, I will observe it for a while, thanks thanks a lot. One more question: does this parameter valid forever?

lstipakov commented 1 year ago

No, but I am working on a fix right now. Will provide a new driver version soonish and later we’ll make a new client version. For now you may want to add ”disable-dco” to the config so that it won’t use the dco driver which causes that issue. Lähetetty iPhonestawangsinan1996 @.***> kirjoitti 2.3.2023 kello 10.05: holy shit! It works! For now it still not crash, I will observe it for a while, thanks thanks a lot. One more question: does this parameter valid forever?

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

wangsinan1996 commented 1 year ago

Are there any specific step on how to add ”disable-dco” to the config? And for now It still run normally. Thanks

lstipakov commented 1 year ago

@wangsinan1996 can you please post your openvpn log file?

There is obviously a bug in the driver, but normally it doesn't seem to occur because openvpn userspace process sets MTU to the correct value (1500). By some reasons it doesn't happen for you.

wangsinan1996 commented 1 year ago

2023-03-02 15:58:33 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Feb 15 2023 2023-03-02 15:58:33 Windows version 10.0 (Windows 10 or greater), amd64 executable 2023-03-02 15:58:33 library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10 2023-03-02 15:58:33 MANAGEMENT: TCP Socket listening on [AF_INET]X.X.X.X:XX 2023-03-02 15:58:33 Need hold release from management interface, waiting... 2023-03-02 15:58:33 MANAGEMENT: Client connected from [AF_INET]X.X.X.X:XX 2023-03-02 15:58:33 MANAGEMENT: CMD 'state on' 2023-03-02 15:58:33 MANAGEMENT: CMD 'log on all' 2023-03-02 15:58:33 MANAGEMENT: CMD 'echo on all' 2023-03-02 15:58:33 MANAGEMENT: CMD 'bytecount 5' 2023-03-02 15:58:33 MANAGEMENT: CMD 'state' 2023-03-02 15:58:33 MANAGEMENT: CMD 'hold off' 2023-03-02 15:58:33 MANAGEMENT: CMD 'hold release' 2023-03-02 15:58:33 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key 2023-03-02 15:58:33 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication 2023-03-02 15:58:33 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key 2023-03-02 15:58:33 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication 2023-03-02 15:58:33 MANAGEMENT: >STATE:1677743913,RESOLVE,,,,,, 2023-03-02 15:58:33 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:XX 2023-03-02 15:58:33 ovpn-dco device [OpenVPN Data Channel Offload] opened 2023-03-02 15:58:33 UDP link local: (not bound) 2023-03-02 15:58:33 UDP link remote: [AF_INET]X.X.X.X:XX 2023-03-02 15:58:33 MANAGEMENT: >STATE:1677743913,WAIT,,,,,, 2023-03-02 15:58:34 MANAGEMENT: >STATE:1677743914,AUTH,,,,,, 2023-03-02 15:58:34 TLS: Initial packet from [AF_INET]X.X.X.X:XX, sid=15fcbf97 a717dba1 2023-03-02 15:58:34 VERIFY OK: depth=1, CN=cn_mBVN94mBn6Y2DIdh 2023-03-02 15:58:34 VERIFY KU OK 2023-03-02 15:58:34 Validating certificate extended key usage 2023-03-02 15:58:34 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2023-03-02 15:58:34 VERIFY EKU OK 2023-03-02 15:58:34 VERIFY X509NAME OK: CN=server_kJgMUzgogcHOjKsp 2023-03-02 15:58:34 VERIFY OK: depth=0, CN=server_kJgMUzgogcHOjKsp 2023-03-02 15:58:34 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, peer certificate: 256 bit EC, curve prime256v1, signature: ecdsa-with-SHA256 2023-03-02 15:58:34 [server_kJgMUzgogcHOjKsp] Peer Connection Initiated with [AF_INET]X.X.X.X:XX 2023-03-02 15:58:34 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1 2023-03-02 15:58:34 TLS: tls_multi_process: initial untrusted session promoted to trusted 2023-03-02 15:58:35 MANAGEMENT: >STATE:1677743915,GET_CONFIG,,,,,, 2023-03-02 15:58:35 SENT CONTROL [server_kJgMUzgogcHOjKsp]: 'PUSH_REQUEST' (status=1) 2023-03-02 15:58:35 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS X.X.X.X,dhcp-option DNS X.X.X.X,redirect-gateway def1 bypass-dhcp,route X.X.X.X X.X.X.X vpn_gateway,route X.X.X.X X.X.X.X vpn_gateway,route-gateway X.X.X.X,topology subnet,ping 10,ping-restart 120,ifconfig X.X.X.X X.X.X.X,peer-id 45,cipher AES-128-GCM' 2023-03-02 15:58:35 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) 2023-03-02 15:58:35 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) 2023-03-02 15:58:35 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) 2023-03-02 15:58:35 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) 2023-03-02 15:58:35 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) 2023-03-02 15:58:35 OPTIONS IMPORT: timers and/or timeouts modified 2023-03-02 15:58:35 OPTIONS IMPORT: --ifconfig/up options modified 2023-03-02 15:58:35 OPTIONS IMPORT: route-related options modified 2023-03-02 15:58:35 OPTIONS IMPORT: peer-id set 2023-03-02 15:58:35 OPTIONS IMPORT: data channel crypto options modified 2023-03-02 15:58:35 interactive service msg_channel=696 2023-03-02 15:58:35 MANAGEMENT: >STATE:1677743915,ASSIGN_IP,,X.X.X.X,,,, 2023-03-02 15:58:35 INET address service: add X.X.X.X/XX 2023-03-02 15:58:35 IPv4 MTU set to 1500 on interface 14 using service 2023-03-02 15:58:35 MANAGEMENT: >STATE:1677743915,ADD_ROUTES,,,,,, 2023-03-02 15:58:35 C:\Windows\system32\route.exe ADD X.X.X.X MASK X.X.X.X X.X.X.X METRIC 200 2023-03-02 15:58:35 Route addition via service succeeded 2023-03-02 15:58:35 C:\Windows\system32\route.exe ADD X.X.X.X MASK X.X.X.X X.X.X.X METRIC 200 2023-03-02 15:58:35 Route addition via service succeeded 2023-03-02 15:58:35 Initialization Sequence Completed 2023-03-02 15:58:35 MANAGEMENT: >STATE:1677743915,CONNECTED,SUCCESS,X.X.X.X,X.X.X.X,XX,,

For security, I have replaced IP address and port with X.X.X.X and XX

wangsinan1996 commented 1 year ago

2023-03-02 15:58:33 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Feb 15 2023

2023-03-02 15:58:33 Windows version 10.0 (Windows 10 or greater), amd64 executable

2023-03-02 15:58:33 library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10

2023-03-02 15:58:33 MANAGEMENT: TCP Socket listening on [AF_INET]X.X.X.X:XX

2023-03-02 15:58:33 Need hold release from management interface, waiting...

2023-03-02 15:58:33 MANAGEMENT: Client connected from [AF_INET]X.X.X.X:XX

2023-03-02 15:58:33 MANAGEMENT: CMD 'state on'

2023-03-02 15:58:33 MANAGEMENT: CMD 'log on all'

2023-03-02 15:58:33 MANAGEMENT: CMD 'echo on all'

2023-03-02 15:58:33 MANAGEMENT: CMD 'bytecount 5'

2023-03-02 15:58:33 MANAGEMENT: CMD 'state'

2023-03-02 15:58:33 MANAGEMENT: CMD 'hold off'

2023-03-02 15:58:33 MANAGEMENT: CMD 'hold release'

2023-03-02 15:58:33 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

2023-03-02 15:58:33 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication

2023-03-02 15:58:33 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

2023-03-02 15:58:33 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication

2023-03-02 15:58:33 MANAGEMENT: >STATE:1677743913,RESOLVE,,,,,,

2023-03-02 15:58:33 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:XX

2023-03-02 15:58:33 ovpn-dco device [OpenVPN Data Channel Offload] opened

2023-03-02 15:58:33 UDP link local: (not bound)

2023-03-02 15:58:33 UDP link remote: [AF_INET]X.X.X.X:XX

2023-03-02 15:58:33 MANAGEMENT: >STATE:1677743913,WAIT,,,,,,

2023-03-02 15:58:34 MANAGEMENT: >STATE:1677743914,AUTH,,,,,,

2023-03-02 15:58:34 TLS: Initial packet from [AF_INET]X.X.X.X:XX, sid=15fcbf97 a717dba1

2023-03-02 15:58:34 VERIFY OK: depth=1, CN=cn_mBVN94mBn6Y2DIdh

2023-03-02 15:58:34 VERIFY KU OK

2023-03-02 15:58:34 Validating certificate extended key usage

2023-03-02 15:58:34 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2023-03-02 15:58:34 VERIFY EKU OK

2023-03-02 15:58:34 VERIFY X509NAME OK: CN=server_kJgMUzgogcHOjKsp

2023-03-02 15:58:34 VERIFY OK: depth=0, CN=server_kJgMUzgogcHOjKsp

2023-03-02 15:58:34 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, peer certificate: 256 bit EC, curve prime256v1, signature: ecdsa-with-SHA256

2023-03-02 15:58:34 [server_kJgMUzgogcHOjKsp] Peer Connection Initiated with [AF_INET]X.X.X.X:XX

2023-03-02 15:58:34 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1

2023-03-02 15:58:34 TLS: tls_multi_process: initial untrusted session promoted to trusted

2023-03-02 15:58:35 MANAGEMENT: >STATE:1677743915,GET_CONFIG,,,,,,

2023-03-02 15:58:35 SENT CONTROL [server_kJgMUzgogcHOjKsp]: 'PUSH_REQUEST' (status=1)

2023-03-02 15:58:35 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS X.X.X.X,dhcp-option DNS X.X.X.X,redirect-gateway def1 bypass-dhcp,route X.X.X.X X.X.X.X vpn_gateway,route X.X.X.X X.X.X.X vpn_gateway,route-gateway X.X.X.X,topology subnet,ping 10,ping-restart 120,ifconfig X.X.X.X X.X.X.X,peer-id 45,cipher AES-128-GCM'

2023-03-02 15:58:35 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])

2023-03-02 15:58:35 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])

2023-03-02 15:58:35 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])

2023-03-02 15:58:35 OPTIONS IMPORT: timers and/or timeouts modified

2023-03-02 15:58:35 OPTIONS IMPORT: --ifconfig/up options modified

2023-03-02 15:58:35 OPTIONS IMPORT: route-related options modified

2023-03-02 15:58:35 OPTIONS IMPORT: peer-id set

2023-03-02 15:58:35 OPTIONS IMPORT: data channel crypto options modified

2023-03-02 15:58:35 interactive service msg_channel=696

2023-03-02 15:58:35 MANAGEMENT: >STATE:1677743915,ASSIGN_IP,,X.X.X.X,,,,

2023-03-02 15:58:35 INET address service: add X.X.X.X/16

2023-03-02 15:58:35 IPv4 MTU set to 1500 on interface 14 using service

2023-03-02 15:58:35 MANAGEMENT: >STATE:1677743915,ADD_ROUTES,,,,,,

2023-03-02 15:58:35 C:\Windows\system32\route.exe ADD X.X.X.X MASK X.X.X.X X.X.X.X METRIC 200

2023-03-02 15:58:35 Route addition via service succeeded

2023-03-02 15:58:35 C:\Windows\system32\route.exe ADD X.X.X.X MASK X.X.X.X X.X.X.X METRIC 200

2023-03-02 15:58:35 Route addition via service succeeded

2023-03-02 15:58:35 Initialization Sequence Completed

2023-03-02 15:58:35 MANAGEMENT: >STATE:1677743915,CONNECTED,SUCCESS,X.X.X.X,X.X.X.X,XX,,

For security I have replaced the ip and port with X.X.X.X and XX

发件人: @. @.> 代表 Lev Stipakov 发送时间: 2023年3月2日 16:44 收件人: OpenVPN/ovpn-dco-win @.> 抄送: wangsinan1996 @.>; Mention @.***> 主题: Re: [OpenVPN/ovpn-dco-win] windows10 20H2 connect openvpn, start vnc to remote access the server cause crash down (Issue #40)

@wangsinan1996 https://github.com/wangsinan1996 can you please post your openvpn log file?

There is obviously a bug in the driver, but normally it doesn't seem to occur because openvpn userspace process sets MTU to the correct value (1500). By some reasons it doesn't happen for you.

— Reply to this email directly, view it on GitHub https://github.com/OpenVPN/ovpn-dco-win/issues/40#issuecomment-1451498960 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AFQFF4WFJFZSZMDOFR57YKTW2BMVRANCNFSM6AAAAAAVLWNNBI . You are receiving this because you were mentioned.Message ID: @.***>

lstipakov commented 1 year ago

@wangsinan1996 Could you please try out this build? I believe that the problem should be fixed there.

lstipakov commented 1 year ago

Let’s leave it open until we’ll release a new version.

wangsinan1996 commented 1 year ago

All right, it is up to you~

lstipakov commented 1 year ago

@wangsinan1996 so does this new version work for you?

wangsinan1996 commented 1 year ago

It works properly, and the MTU checks correct! Thank for your help, it helps me a lot~ wish you have a great day! :)

flichtenheld commented 1 year ago

2.6.1-I001 has been released with ovpn-dco-win 0.9.2

OpenVPN / ovpn-dco-win

windows10 20H2 connect openvpn, start vnc to remote access the server cause crash down #40