TAP-Windows 9.24.7-I601 not working on Windows Server 2012 R2

[cacamille3]

Hi, I have installed the TAP-Windows 9.24.7-I607-Win7 installer (SHA1: fca4d80346d4150763077932e5e3494e330a7a2d) The installation completed without any errors and I can see a TAP-Windows Adapter V9 without warning in the Device Manager. However, when opening the properties of the TAP-Adapter I get the following Device Status.

When I try to open an OpenVPN connection with that adapter I get an error.

open_tun
CreateFi1e failed on tap-windows6 device:
MANAGEMENT: Client disconnected
**All tap-windows6 adapters on this system are currently in use or disabled.**
Exiting due to fatal error

After the connection try the TAP-Adapter is now in warning...

When I try to create a new TAP-Windows Adapter with the "Add a new TAP-Windows6 virtual network adapter". This now also create a TAP-Adapter with a warning. Problem code: 34 Problem status: "Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source."

[cacamille3]

Here is the setupapi.dev.log

[cacamille3]

This seems to be an issue due to the drivers Digital signature.

9.24.6 were signed by

Microsoft Windows Hardware Compatibility Publisher (f044317a728a9e33a8f6c8ba203ea8e4b11723e5)

Microsoft Windows Third Party Component CA 2014 (1906dcf62629b563252c826fdd874efceb6856c6)

Microsoft Root Certificate Authority 2010 (3b1efd3a66ea28b16697394703a72ca340a05bd5)

-> Microsoft Root Certificate Authority 2010 is found in Store Trusted Root Certification Authorities

9.24.7 are signed by

OpenVPN Inc. (afdd2f4f9acee2aeb2e64b3f0439340436c556c9)

DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 (7b0f360b775f76c94a12ca48445aa2d2a875701c)

DigiCert Trusted Root G4 (a99d5b79e9f1cda59cdab6373169d5353f5874c6)

DigiCert Assured ID Root CA (0563b8630d62d75abbc8ab1e4bdfb5a899b24d43)

-> DigiCert Assured ID Root CA is found in Store Trusted Root Certification Authorities and Third-Party Root Certification Authorities

OpenVPN Inc. certificate is missing the following Enhanced Key Usage:

Windows Hardware Driver Verification (1.3.6.1.4.1.311.10.3.5) Windows Hardware Driver Attested Verification (1.3.6.1.4.1.311.10.3.5.1)

https://learn.microsoft.com/en-us/windows-hardware/drivers/dashboard/code-signing-validate

[lstipakov]

You are right. This should not affect the latest 2.5 release since it still uses the previous version of the driver. Also Windows 10 etc (which uses authenticode/whcp signing) should be okay. I’ll upload a properly signed version as soon as I get access to our signing station.

[cacamille3]

Great. Yes, true, OpenVPN 2.5.X/2.5.8 installers are not impacted. Thanks for the quick reply and confirmation.

[cacamille3]

Hey @lstipakov almost 3 weeks have passed now. Any news ?

[lstipakov]

Microsoft has deprecated cross signing, which means we're unable to update drivers for pre-Windows 10 systems. For the new driver releases we plan to bundle the old driver version for Windows 7/8/8.1 and new one for Windows 10. Unfortunately I didn't have time to do that yet, so if you need a TAP driver you probably want to stick to 9.24.7 for a moment.