Title: Windows 7 OpenVPN
Post by: razametal on Friday 16 April 2010, 01:46:57 am
Hi,
I'm using OpenVPN 2.0.9 with windows xp SP3 and windows7 clientes.
The connection from windows xp works fine, I can ping the hosts on the pushed networks through the vpn, but with windows7 I only ping the firewall green ip address.
There is any configuration issue with windows7 clientes ?
Regards,
Title: Re: Windows 7 OpenVPN
Post by: StephanSch on Friday 16 April 2010, 05:48:57 am
You have to use the latest release (2.1.1) on your client. I had to.
I think it worked with a 2.1 beta, not before.
Title: Re: Windows 7 OpenVPN
Post by: razametal on Friday 16 April 2010, 08:51:41 am
Thank you for the response, I'll be trying with the latest version.
Regards,
Title: Re: Windows 7 OpenVPN
Post by: raneesh on Saturday 17 April 2010, 08:16:12 pm
download the windows installer and try
go to openvpn.net/index.php/open-source/downloads.html
Title: Re: Windows 7 OpenVPN
Post by: Pluimers on Wednesday 11 August 2010, 03:12:02 am
bump: I'm having the same problem as the original poster. Anyone who can help, please? More specifics on the Endian configuration (tried both 2.2 and 2.4, both fail): red=192.168.100.25;192.168.71.25 green=176.16.41.1 orange=176.16.141.1 It basically runs as an OpenVPN server, serving at red, providing access to green. Using Windows XP and an OpenVPN 2.1.1 client runs fine. It can ping machines inside the green network. Using Windows 7 x64 and an OpenVPN 2.1.1 client running as Administrator (yes, with the UAC dialogs confirmed) does not run fine. It can only ping the green gateway, but no other machines. I have tried various Windows XP and Windows 7 machines, all XP machines succeed, all Widows 7 machines fail. But why? Windows 7 log:Tue Aug 10 18:50:15 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Tue Aug 10 18:50:23 2010 WARNING: No server certificate verification method has been enabled. See http ://openvpn.net/howto.html#mitm for more info.
Tue Aug 10 18:50:23 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Aug 10 18:50:24 2010 LZO compression initialized
Tue Aug 10 18:50:24 2010 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Aug 10 18:50:24 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Aug 10 18:50:24 2010 Local Options hash (VER=V4): '31fdf004'
Tue Aug 10 18:50:24 2010 Expected Remote Options hash (VER=V4): '3e6d1056'
Tue Aug 10 18:50:24 2010 Attempting to establish TCP connection with 192.168.71.25:1194
Tue Aug 10 18:50:24 2010 TCP connection established with 192.168.71.25:1194
Tue Aug 10 18:50:24 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Aug 10 18:50:24 2010 TCPv4_CLIENT link local: [undef]
Tue Aug 10 18:50:24 2010 TCPv4_CLIENT link remote: 192.168.71.25:1194
Tue Aug 10 18:50:24 2010 TLS: Initial packet from 192.168.71.25:1194, sid=165d50de 52c0ecba
Tue Aug 10 18:50:24 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Aug 10 18:50:24 2010 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
Tue Aug 10 18:50:24 2010 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1
Tue Aug 10 18:50:24 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug 10 18:50:24 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 10 18:50:24 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug 10 18:50:24 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 10 18:50:24 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Aug 10 18:50:24 2010 [127.0.0.1] Peer Connection Initiated with 192.168.71.25:1194
Tue Aug 10 18:50:26 2010 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1)
Tue Aug 10 18:50:27 2010 PUSH: Received control message: 'PUSH_REPLY,ifconfig 172.16.41.209 255.255.255.0,dhcp-option DOMAIN pluimers.com,ping-restart 30,ping 8,route-gateway 172.16.41.1,route-gateway 172.16.41.1'
Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: timers and/or timeouts modified
Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: --ifconfig/up options modified
Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: route-related options modified
Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Aug 10 18:50:27 2010 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{F3F5E8A1-1797-4FA8-902E-3895A2163148}.tap
Tue Aug 10 18:50:27 2010 TAP-Win32 Driver Version 9.6
Tue Aug 10 18:50:27 2010 TAP-Win32 MTU=1500
Tue Aug 10 18:50:27 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.41.209/255.255.255.0 on interface {F3F5E8A1-1797-4FA8-902E-3895A2163148} [DHCP-serv: 172.16.41.0, lease-time: 31536000]
Tue Aug 10 18:50:27 2010 Successful ARP Flush on interface [34] {F3F5E8A1-1797-4FA8-902E-3895A2163148}
Tue Aug 10 18:50:32 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Tue Aug 10 18:50:32 2010 Initialization Sequence Completed IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.71.1 192.168.71.160 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.100.145 276
169.254.100.145 255.255.255.255 On-link 169.254.100.145 276
169.254.255.255 255.255.255.255 On-link 169.254.100.145 276
172.16.41.0 255.255.255.0 On-link 172.16.41.209 286
172.16.41.209 255.255.255.255 On-link 172.16.41.209 286
172.16.41.255 255.255.255.255 On-link 172.16.41.209 286
192.168.71.0 255.255.255.0 On-link 192.168.71.160 276
192.168.71.160 255.255.255.255 On-link 192.168.71.160 276
192.168.71.255 255.255.255.255 On-link 192.168.71.160 276
192.168.237.0 255.255.255.0 On-link 192.168.237.1 276
192.168.237.1 255.255.255.255 On-link 192.168.237.1 276
192.168.237.255 255.255.255.255 On-link 192.168.237.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.71.160 276
224.0.0.0 240.0.0.0 On-link 169.254.100.145 276
224.0.0.0 240.0.0.0 On-link 192.168.237.1 276
224.0.0.0 240.0.0.0 On-link 172.16.41.209 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.71.160 276
255.255.255.255 255.255.255.255 On-link 169.254.100.145 276
255.255.255.255 255.255.255.255 On-link 192.168.237.1 276
255.255.255.255 255.255.255.255 On-link 172.16.41.209 286
=========================================================================== (you can ignore these routes, as the are from VMware workstation running on the same machine: - 192.168.237.0/24 - 169.254.0.0/16 ) Windows XP log:Tue Aug 10 19:01:04 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Tue Aug 10 19:01:06 2010 WARNING: No server certificate verification method has been enabled. See http ://openvpn.net/howto.html#mitm for more info.
Tue Aug 10 19:01:06 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Aug 10 19:01:07 2010 LZO compression initialized
Tue Aug 10 19:01:07 2010 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Aug 10 19:01:07 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Aug 10 19:01:07 2010 Local Options hash (VER=V4): '31fdf004'
Tue Aug 10 19:01:07 2010 Expected Remote Options hash (VER=V4): '3e6d1056'
Tue Aug 10 19:01:07 2010 Attempting to establish TCP connection with 192.168.71.25:1194
Tue Aug 10 19:01:07 2010 TCP connection established with 192.168.71.25:1194
Tue Aug 10 19:01:07 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Aug 10 19:01:07 2010 TCPv4_CLIENT link local: [undef]
Tue Aug 10 19:01:07 2010 TCPv4_CLIENT link remote: 192.168.71.25:1194
Tue Aug 10 19:01:07 2010 TLS: Initial packet from 192.168.71.25:1194, sid=983b94eb 87732d38
Tue Aug 10 19:01:07 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Aug 10 19:01:07 2010 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
Tue Aug 10 19:01:07 2010 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1
Tue Aug 10 19:01:07 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug 10 19:01:07 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 10 19:01:07 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug 10 19:01:07 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 10 19:01:07 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Aug 10 19:01:07 2010 [127.0.0.1] Peer Connection Initiated with 192.168.71.25:1194
Tue Aug 10 19:01:09 2010 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1)
Tue Aug 10 19:01:10 2010 PUSH: Received control message: 'PUSH_REPLY,ifconfig 172.16.41.201 255.255.255.0,dhcp-option DOMAIN pluimers.com,ping-restart 30,ping 8,route-gateway 172.16.41.1,route-gateway 172.16.41.1'
Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: timers and/or timeouts modified
Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: --ifconfig/up options modified
Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: route-related options modified
Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Aug 10 19:01:10 2010 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{C4752F65-93BA-4DED-A1FE-2633F1481ABF}.tap
Tue Aug 10 19:01:10 2010 TAP-Win32 Driver Version 9.6
Tue Aug 10 19:01:10 2010 TAP-Win32 MTU=1500
Tue Aug 10 19:01:10 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.41.201/255.255.255.0 on interface {C4752F65-93BA-4DED-A1FE-2633F1481ABF} [DHCP-serv: 172.16.41.0, lease-time: 31536000]
Tue Aug 10 19:01:10 2010 Successful ARP Flush on interface [2] {C4752F65-93BA-4DED-A1FE-2633F1481ABF}
Tue Aug 10 19:01:15 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Tue Aug 10 19:01:15 2010 Route: Waiting for TUN/TAP interface to come up...
Tue Aug 10 19:01:18 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Tue Aug 10 19:01:18 2010 Initialization Sequence Completed
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.237.2 192.168.237.128 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.16.41.0 255.255.255.0 172.16.41.201 172.16.41.201 30
172.16.41.201 255.255.255.255 127.0.0.1 127.0.0.1 30
172.16.255.255 255.255.255.255 172.16.41.201 172.16.41.201 30
192.168.237.0 255.255.255.0 192.168.237.128 192.168.237.128 10
192.168.237.128 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.237.255 255.255.255.255 192.168.237.128 192.168.237.128 10
224.0.0.0 240.0.0.0 172.16.41.201 172.16.41.201 30
224.0.0.0 240.0.0.0 192.168.237.128 192.168.237.128 10
255.255.255.255 255.255.255.255 172.16.41.201 172.16.41.201 1
255.255.255.255 255.255.255.255 192.168.237.128 192.168.237.128 1
Default Gateway: 192.168.237.2
=========================================================================== Anyone having an idea why it goes wrong? --jeroen
Title: Re: Windows 7 OpenVPN
Post by: mrkroket on Thursday 12 August 2010, 01:33:39 am
Can you put the output of a traceroute. It's better than ping to track down network problems.
I have a Windows 7 machine, works great, as WinXP
Title: Re: Windows 7 OpenVPN
Post by: Pluimers on Thursday 12 August 2010, 07:02:08 am
Thx for wanting to look into this. I have the idea the Endian is not giving the Windows 7 machine enough routing information (and XP can do without the extra routing info). The traceroute:C:\Users\jeroenp>tracert 172.16.41.10
Tracing route to 172.16.41.10 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms SpeedTouch.pluimers.com [192.168.71.1]
2 15 ms 14 ms 14 ms 195.190.241.11
3 42.ge-2-1-0.xr4.1d12.xs4all.net [194.109.5.105] reports: Destination net unreachable. Wed Aug 11 22:54:37 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Wed Aug 11 22:54:43 2010 WARNING: No server certificate verification method has been enabled. See http ://openvpn.net/howto.html#mitm for more info.
Wed Aug 11 22:54:43 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Aug 11 22:54:43 2010 LZO compression initialized
Wed Aug 11 22:54:43 2010 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Aug 11 22:54:43 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Aug 11 22:54:43 2010 Local Options hash (VER=V4): '31fdf004'
Wed Aug 11 22:54:43 2010 Expected Remote Options hash (VER=V4): '3e6d1056'
Wed Aug 11 22:54:43 2010 Attempting to establish TCP connection with 192.168.71.25:1194
Wed Aug 11 22:54:43 2010 TCP connection established with 192.168.71.25:1194
Wed Aug 11 22:54:43 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Aug 11 22:54:43 2010 TCPv4_CLIENT link local: [undef]
Wed Aug 11 22:54:43 2010 TCPv4_CLIENT link remote: 192.168.71.25:1194
Wed Aug 11 22:54:43 2010 TLS: Initial packet from 192.168.71.25:1194, sid=a8e8e633 5af97fd5
Wed Aug 11 22:54:43 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Aug 11 22:54:43 2010 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
Wed Aug 11 22:54:43 2010 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1
Wed Aug 11 22:54:44 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Aug 11 22:54:44 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 11 22:54:44 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Aug 11 22:54:44 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 11 22:54:44 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Aug 11 22:54:44 2010 [127.0.0.1] Peer Connection Initiated with 192.168.71.25:1194
Wed Aug 11 22:54:46 2010 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1)
Wed Aug 11 22:54:46 2010 PUSH: Received control message: 'PUSH_REPLY,ifconfig 172.16.41.209 255.255.255.0,dhcp-option DOMAIN pluimers.com,ping-restart 30,ping 8,route-gateway 172.16.41.1,route-gateway 172.16.41.1'
Wed Aug 11 22:54:46 2010 OPTIONS IMPORT: timers and/or timeouts modified
Wed Aug 11 22:54:46 2010 OPTIONS IMPORT: --ifconfig/up options modified
Wed Aug 11 22:54:46 2010 OPTIONS IMPORT: route-related options modified
Wed Aug 11 22:54:46 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Aug 11 22:54:46 2010 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{F3F5E8A1-1797-4FA8-902E-3895A2163148}.tap
Wed Aug 11 22:54:46 2010 TAP-Win32 Driver Version 9.6
Wed Aug 11 22:54:46 2010 TAP-Win32 MTU=1500
Wed Aug 11 22:54:46 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.41.209/255.255.255.0 on interface {F3F5E8A1-1797-4FA8-902E-3895A2163148} [DHCP-serv: 172.16.41.0, lease-time: 31536000]
Wed Aug 11 22:54:46 2010 Successful ARP Flush on interface [25] {F3F5E8A1-1797-4FA8-902E-3895A2163148}
Wed Aug 11 22:54:51 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Wed Aug 11 22:54:51 2010 Initialization Sequence Completed
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.71.1 192.168.71.160 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.100.145 276
169.254.100.145 255.255.255.255 On-link 169.254.100.145 276
169.254.255.255 255.255.255.255 On-link 169.254.100.145 276
172.16.41.0 255.255.255.0 On-link 172.16.41.209 286
172.16.41.209 255.255.255.255 On-link 172.16.41.209 286
172.16.41.255 255.255.255.255 On-link 172.16.41.209 286
192.168.71.0 255.255.255.0 On-link 192.168.71.160 276
192.168.71.160 255.255.255.255 On-link 192.168.71.160 276
192.168.71.255 255.255.255.255 On-link 192.168.71.160 276
192.168.237.0 255.255.255.0 On-link 192.168.237.1 276
192.168.237.1 255.255.255.255 On-link 192.168.237.1 276
192.168.237.255 255.255.255.255 On-link 192.168.237.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.71.160 276
224.0.0.0 240.0.0.0 On-link 172.16.41.209 286
224.0.0.0 240.0.0.0 On-link 169.254.100.145 276
224.0.0.0 240.0.0.0 On-link 192.168.237.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.71.160 276
255.255.255.255 255.255.255.255 On-link 172.16.41.209 286
255.255.255.255 255.255.255.255 On-link 169.254.100.145 276
255.255.255.255 255.255.255.255 On-link 192.168.237.1 276
===========================================================================
Title: Re: Windows 7 OpenVPN
Post by: mrkroket on Friday 13 August 2010, 12:15:49 am
It seems a routing problem.
The tracert shouldn't go by outside the VPN tunnel. It should only have 1 hop, test it in WinXP and you'll see only 1 hop.
From OpenVPN readme:
IMPORTANT NOTE FOR VISTA USERS
Note that on Windows Vista, you will need to run the OpenVPN
GUI with administrator privileges, so that it can add routes
to the routing table that are pulled from the OpenVPN server.
You can do this by right-clicking on the OpenVPN GUI
desktop icon, and selecting "Run as administrator".
Did you do that way? UAC maybe is blocking the routing command.
Title: Re: Windows 7 OpenVPN
Post by: Pluimers on Friday 13 August 2010, 01:01:25 am
The tracert in my XP is indeed 1 hop, that's why I already suspected a routing problem. From my original message: Using Windows 7 x64 and an OpenVPN 2.1.1 client running as Administrator (yes, with the UAC dialogs confirmed) does not run fine.
It can only ping the green gateway, but no other machines. So: yes I did go through UAC, so I think the route went all right. Below are two logs from Windows 7: with UAC and without UAC. How can I found which routing statement should be executed? Difference in the logs:With UAC:...
Thu Aug 12 16:49:35 2010 TLS: Initial packet from 192.168.71.25:1194, sid=ded44876 ba8dd229
...
Thu Aug 12 16:49:38 2010 Successful ARP Flush on interface [25] {F3F5E8A1-1797-4FA8-902E-3895A2163148}
...
...
Thu Aug 12 16:51:13 2010 TLS: Initial packet from 192.168.71.25:1194, sid=e3aed1ba cd50b65c
...
Thu Aug 12 16:51:16 2010 NOTE: FlushIpNetTable failed on interface [25] {F3F5E8A1-1797-4FA8-902E-3895A2163148} (status=5) : Access is denied.
...
Thu Aug 12 16:49:28 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Thu Aug 12 16:49:34 2010 WARNING: No server certificate verification method has been enabled. See http ://openvpn.net/howto.html#mitm for more info.
Thu Aug 12 16:49:34 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Aug 12 16:49:35 2010 LZO compression initialized
Thu Aug 12 16:49:35 2010 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Aug 12 16:49:35 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Aug 12 16:49:35 2010 Local Options hash (VER=V4): '31fdf004'
Thu Aug 12 16:49:35 2010 Expected Remote Options hash (VER=V4): '3e6d1056'
Thu Aug 12 16:49:35 2010 Attempting to establish TCP connection with 192.168.71.25:1194
Thu Aug 12 16:49:35 2010 TCP connection established with 192.168.71.25:1194
Thu Aug 12 16:49:35 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Aug 12 16:49:35 2010 TCPv4_CLIENT link local: [undef]
Thu Aug 12 16:49:35 2010 TCPv4_CLIENT link remote: 192.168.71.25:1194
Thu Aug 12 16:49:35 2010 TLS: Initial packet from 192.168.71.25:1194, sid=ded44876 ba8dd229
Thu Aug 12 16:49:35 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Aug 12 16:49:35 2010 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
Thu Aug 12 16:49:35 2010 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1
Thu Aug 12 16:49:35 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Aug 12 16:49:35 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 16:49:35 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Aug 12 16:49:35 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 16:49:35 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Aug 12 16:49:35 2010 [127.0.0.1] Peer Connection Initiated with 192.168.71.25:1194
Thu Aug 12 16:49:38 2010 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1)
Thu Aug 12 16:49:38 2010 PUSH: Received control message: 'PUSH_REPLY,ifconfig 172.16.41.209 255.255.255.0,dhcp-option DOMAIN pluimers.com,ping-restart 30,ping 8,route-gateway 172.16.41.1,route-gateway 172.16.41.1'
Thu Aug 12 16:49:38 2010 OPTIONS IMPORT: timers and/or timeouts modified
Thu Aug 12 16:49:38 2010 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 12 16:49:38 2010 OPTIONS IMPORT: route-related options modified
Thu Aug 12 16:49:38 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 12 16:49:38 2010 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{F3F5E8A1-1797-4FA8-902E-3895A2163148}.tap
Thu Aug 12 16:49:38 2010 TAP-Win32 Driver Version 9.6
Thu Aug 12 16:49:38 2010 TAP-Win32 MTU=1500
Thu Aug 12 16:49:38 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.41.209/255.255.255.0 on interface {F3F5E8A1-1797-4FA8-902E-3895A2163148} [DHCP-serv: 172.16.41.0, lease-time: 31536000]
Thu Aug 12 16:49:38 2010 Successful ARP Flush on interface [25] {F3F5E8A1-1797-4FA8-902E-3895A2163148}
Thu Aug 12 16:49:43 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Thu Aug 12 16:49:43 2010 Initialization Sequence Completed
Thu Aug 12 16:51:04 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Thu Aug 12 16:51:13 2010 WARNING: No server certificate verification method has been enabled. See http ://openvpn.net/howto.html#mitm for more info.
Thu Aug 12 16:51:13 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Aug 12 16:51:13 2010 LZO compression initialized
Thu Aug 12 16:51:13 2010 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Aug 12 16:51:13 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Aug 12 16:51:13 2010 Local Options hash (VER=V4): '31fdf004'
Thu Aug 12 16:51:13 2010 Expected Remote Options hash (VER=V4): '3e6d1056'
Thu Aug 12 16:51:13 2010 Attempting to establish TCP connection with 192.168.71.25:1194
Thu Aug 12 16:51:13 2010 TCP connection established with 192.168.71.25:1194
Thu Aug 12 16:51:13 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Aug 12 16:51:13 2010 TCPv4_CLIENT link local: [undef]
Thu Aug 12 16:51:13 2010 TCPv4_CLIENT link remote: 192.168.71.25:1194
Thu Aug 12 16:51:13 2010 TLS: Initial packet from 192.168.71.25:1194, sid=e3aed1ba cd50b65c
Thu Aug 12 16:51:13 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Aug 12 16:51:13 2010 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
Thu Aug 12 16:51:13 2010 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1
Thu Aug 12 16:51:13 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Aug 12 16:51:13 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 16:51:13 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Aug 12 16:51:13 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 16:51:13 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Aug 12 16:51:13 2010 [127.0.0.1] Peer Connection Initiated with 192.168.71.25:1194
Thu Aug 12 16:51:16 2010 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1)
Thu Aug 12 16:51:16 2010 PUSH: Received control message: 'PUSH_REPLY,ifconfig 172.16.41.209 255.255.255.0,dhcp-option DOMAIN pluimers.com,ping-restart 30,ping 8,route-gateway 172.16.41.1,route-gateway 172.16.41.1'
Thu Aug 12 16:51:16 2010 OPTIONS IMPORT: timers and/or timeouts modified
Thu Aug 12 16:51:16 2010 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 12 16:51:16 2010 OPTIONS IMPORT: route-related options modified
Thu Aug 12 16:51:16 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 12 16:51:16 2010 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{F3F5E8A1-1797-4FA8-902E-3895A2163148}.tap
Thu Aug 12 16:51:16 2010 TAP-Win32 Driver Version 9.6
Thu Aug 12 16:51:16 2010 TAP-Win32 MTU=1500
Thu Aug 12 16:51:16 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.41.209/255.255.255.0 on interface {F3F5E8A1-1797-4FA8-902E-3895A2163148} [DHCP-serv: 172.16.41.0, lease-time: 31536000]
Thu Aug 12 16:51:16 2010 NOTE: FlushIpNetTable failed on interface [25] {F3F5E8A1-1797-4FA8-902E-3895A2163148} (status=5) : Access is denied.
Thu Aug 12 16:51:21 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Thu Aug 12 16:51:21 2010 Initialization Sequence Completed
--jeroen
Title: Re: Windows 7 OpenVPN
Post by: mrkroket on Friday 13 August 2010, 03:45:16 am
I know that you run with UAC dialogs, but there is a way to check an application to run as Administrator. This way might be different rather than with UAC dialogs.
http://www.sevenforums.com/tutorials/11841-run-administrator.html (http://www.sevenforums.com/tutorials/11841-run-administrator.html)
Try Option 3 or 4
Title: Re: Windows 7 OpenVPN
Post by: danielcsgomes on Friday 13 August 2010, 03:54:38 am
I know that you run with UAC dialogs, but there is a way to check an application to run as Administrator. This way might be different rather than with UAC dialogs.
Yesterday i was looking for a way to elevate progams to Run As Administrator, and i make the option 3 and it's ok. But there is my problem: All users have standard accounts so when it elevates prompt for Admin password, so it's a big problem to me because i want that application to run as administrator but i would like enter and save the Administrador credentials to the user enter the program without calling me to put the administrator password. There is any solution to that?
Title: Re: Windows 7 OpenVPN
Post by: Pluimers on Friday 13 August 2010, 08:17:00 am
(I had to remove the URL from the quote, somehow I'm not allowed to include those in my posts) I know that you run with UAC dialogs, but there is a way to check an application to run as Administrator. This way might be different rather than with UAC dialogs.
www .sevenforums.com/tutorials/11841-run-administrator.html
Try Option 3 or 4
I always do such things doing option 4 (shortcut, advanced options, run as administrator). So that part is correct. Now the routing part: how can I see what routing statement should have been sent from Endian to the OpenVPN client? Is there someone willing to help me trace this through (for instance by using TeamViewer)? Many thanks! --jeroen
Title: Re: Windows 7 OpenVPN
Post by: Pluimers on Friday 13 August 2010, 08:18:45 am
I know that you run with UAC dialogs, but there is a way to check an application to run as Administrator. This way might be different rather than with UAC dialogs.
Yesterday i was looking for a way to elevate progams to Run As Administrator, and i make the option 3 and it's ok. But there is my problem: All users have standard accounts so when it elevates prompt for Admin password, so it's a big problem to me because i want that application to run as administrator but i would like enter and save the Administrador credentials to the user enter the program without calling me to put the administrator password. There is any solution to that? I don't think there is a solution to this: UAC is specifically meant to verify that the user can in fact use his/her administrative token. So the user need either be an admistrator, or have an administrator user/password combination to elevate to. --jeroen
Title: Re: Windows 7 OpenVPN
Post by: danielcsgomes on Friday 13 August 2010, 08:30:09 am
I know that you run with UAC dialogs, but there is a way to check an application to run as Administrator. This way might be different rather than with UAC dialogs.
Yesterday i was looking for a way to elevate progams to Run As Administrator, and i make the option 3 and it's ok. But there is my problem: All users have standard accounts so when it elevates prompt for Admin password, so it's a big problem to me because i want that application to run as administrator but i would like enter and save the Administrador credentials to the user enter the program without calling me to put the administrator password. There is any solution to that? I don't think there is a solution to this: UAC is specifically meant to verify that the user can in fact use his/her administrative token. So the user need either be an admistrator, or have an administrator user/password combination to elevate to. --jeroen This is something i'm stucked for a long time. The point is, the users with standard level can work without problems but if there is an update to the application or need remote assistance the program will prompt for admin user/password. My office is small (12 machines) and i can go to the machines and take care of the problem, but when you have 1000 machines there was to be a way to do that, or you give to your users admin level on machines to them install everything they want?
Title: Re: Windows 7 OpenVPN
Post by: Pluimers on Friday 13 August 2010, 08:35:02 am
This is something i'm stucked for a long time. The point is, the users with standard level can work without problems but if there is an update to the application or need remote assistance the program will prompt for admin user/password.
My office is small (12 machines) and i can go to the machines and take care of the problem, but when you have 1000 machines there was to be a way to do that, or you give to your users admin level on machines to them install everything they want?
I think this is something you should as at either SuperUser.com or ServerFault.com --jeroen
Title: Re: Windows 7 OpenVPN
Post by: jeliasson on Tuesday 10 May 2011, 06:03:05 am
Regarding the UAC and route in Windows Vista and Windows 7:
Add 'route-method exe' to your config.
|