OpenVPN error on network device Windows 10 22H2 x64 #38
Assignees
Labels
bug
Something isn't working
Comments
|
Hi @mdkberry, I checked the logs and so far I could not spot anything wrong. I need to get more data, could you please:
|
|
I am getting a similar error using 2.6.2. My scenario is possibly a little different though. I have a persistent vpn connection configured which works perfectly, but I sometime need to open a second vpn connection manually using the gui client. When I do this I get this log. The manual connection works if I stop the Is there a way to get this to work or is it a limitation of the ovpn-dco-win driver? |
|
Hi @Makin-Things ,
If you need to open a second VPN connection, you need to create an additional DCO adapter. You should have a shortcut in your Start menu Add a new dco-win virtual network adapter. |
|
And now I feel really stupid, but no amount of googling gave me that solution. tbh I didn't think to look for other stuff in the start menu, but just the gui menus. Possibly a doco/faq update to add that? |
|
You are right, this should be better communicated to users. As a minimum a better error message explaining what to do. The ultimate solution would be to create adapters on demand in this case. |
|
On demand would be awesome. |
I have the same issue but unfotunately one or multiple new dco-win adapters not help. 😖 |
|
What does the log looks like when you have multiple DCO adapters and try to connect?Lähetetty iPhonestaRobin Hermann ***@***.***> kirjoitti 1.5.2023 kello 16.41:
Hi @Makin-Things ,
I sometime need to open a second vpn connection
If you need to open a second VPN connection, you need to create an additional DCO adapter. You should have a shortcut in your Start menu Add a new dco-win virtual network adapter.
I have the same issue but unfotunately one or multiple new dco-win adapters not help. 😖
I have Windows 11 (22H2).
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>
|
|
@lstipakov not much: |
|
I cannot reproduce this - just tried two simultaneous DCO connection. Could you past log with After trying and failing device |
|
Any news? |
|
Please try the latest release (2.6.4) with |
Beware that some users maintain tunnels manually using the GUI only and with restricted permissions under Windows as non-admin. One can't easily add new interfaces in such cases unless it's done by the interactive service or stuff. Additionally, it seems that the OpenVPN MSI creates some usefully names How does OpenVPN decide which DCO to use at all? It seems to simply try the existing ones in order? I have multiple tunnels configured and all have their own individually named interface, but
|
Yeah, interactive service would be a one way to do it. A simpler solution would be to call
Right. Probably
Assuming profile options are compatible, OpenVPN uses DCO by default starting from 2.6. If no DCO adapters are available, connection will fail.
I have to admit I haven't tested
Right. Maybe we should indeed add |
Windows seems to generate some name as well already for each new device, which might be reused. 1:1 or without the
|
|
+1 on |
My understanding is that those are device descriptions, taken from |
Exactly, but one approach might be to simply use the device descriptions already generated by Windows itself. I'm simply following that naming scheme myself right now, because it's somewhat easy to understand and the MSI creates the same name for the first device.
|
|
I'm getting this same error as well. Is there any fix? Out of nowhere I'm unable to connect to my VPNs... |
|
Please provide the log file with |
|
I get the same error message and have no solution for it. So I am still using the TAP-Windows adapters. |
|
@R-Studio as I asked above, please paste the log with |
|
@lstipakov I have no option or I don't know how to change the verbosity: |
|
You need to add |
|
Here the log output with verbosity 6: |
|
Thanks for the log. Let's do some cleanup:
2.2 Remove devices:
3.2 Delete drivers: After that please reinstall the client and try again. |
|
@lstipakov I followed all of your steps and reinstalled the openvpn client. I can see now I have a newer DCO driver installed |
|
For anyone who finds this in the future... I ran into the same problem. No number of uninstalls, reinstalls or adding dco or tun/tap adapters was fixing it. The common theme seems to be an access denied error. I was able to successfully circumvent the error by running the gui as an admin. The connection would go through fine. If I re-ran the gui without specifying to run it as an admin the error came back. To FIX the problem: I ran a command window as an admin, changed to the directory where I downloaded openvpn and ran the install from the elevated command window (In my case OpenVPN-2.6.8-I001-amd64.msi). The gui now runs the connection successfully without needing admin access. Hope this helps someone! |
|
While it may work, running GUI as admin is not a recommended way to run OpenVPN. Regarding the proposed fix - it is interesting that running install from elevated command prompt makes the difference - MSI does elevation by itself when needed. Would it be possible for you or someone else to run the installer both in admin and non-admin prompt and collect the logs?
|
lstipakov
added a commit
to lstipakov/ovpn-dco-win
that referenced
this issue
Jan 22, 2024
Some users are getting Access Denied error when device is accessed by the app running as unprivileged process. The problem can be workarounded by running openvpn process as privileged. While I cannot reproduce it, this change should likely solve it by explicitly enable read and write access to the device by everyone. To set SDDL, we need to assign unique device name. Using WdfDeviceInitSetCharacteristics() with FILE_AUTOGENERATED_DEVICE_NAME didn't work for me. Fixes OpenVPN#38 Signed-off-by: Lev Stipakov <lev@openvpn.net>
|
@jb217 @R-Studio |
|
Sorry, no. Same result. |
|
Could you post the output of |
|
No, I'm not from that part of the world... |
|
I am unfortunately facing the same issue (Windows 10 Version 10.0.19045.3930): |
|
@lstipakov unfortunately, that didn't help: PS C:\Users\aleks> pnputil /enum-devices | Select-String "Data Channel Offload" -Context 2,5
Instance ID: ROOT\NET\0003
> Device Description: OpenVPN Data Channel Offload
Class Name: Net
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer Name: OpenVPN, Inc
Status: Started
Driver Name: oem151.inf
Instance ID: ROOT\NET\0004
> Device Description: OpenVPN Data Channel Offload #2
Class Name: Net
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer Name: OpenVPN, Inc
Status: Started
Driver Name: oem151.infI have also noticed that the issue only appears when I am trying to connect to the server using TCP. I can successfully connect to the same server using UDP with virtually same client config (except |
|
@alexalok are you sure your UDP config uses DCO? Could you paste the log? |
|
@lstipakov I tested the driver too and I have the same issue again. |
|
Those who experience this problem - is there any way I could get an access to the machine? If there any legal obstacles I am sure this could be sorted out with the company I am working for (OpenVPN, Inc). |
|
Somehow I managed to reproduce it on my VM. @alexalok @R-Studio @jb217 After installing 1.0.3 can you run |
|
@lstipakov I cannot install the drivers "1.0.3-Win11": But this is my output before installing 1.0.3-Win11: |
|
Stupid question, but are you using Windows 11? For Windows 10 you might want to use 1.0.3-Win10.zip. (just retested on my machine, works as expected) Please provide the relevant part of |
|
Yes I am using Windows 11 and I also started the terminal as Administrator 😉 |
|
dco connect error the semaphore timeout period has expired. (errno=121). can anyone help im using windows 10 |
|
I'm in the settings in the proxy section only |
|
Also used Portmaster (briefly, @jb217 ), and also got this error with latest msi (2.6.12), after install/reinstall/remove drivers not working, running the msi from an elevated command prompt fixed the issue. Windows 11 home 23H2. |
|
@lstipakov Adding myself to the mix of users that have the problem. I'm working with customers of ours setting up their firewalls with OpenVPN RAS server etc. so was looking for solutions here and stumbling over this as I could reproduce this on my own homeoffice machine with our work-VPN. Thought it was an update problem first (coming from 2.4, 2.5 etc. to 2.6) as the "run GUI as admin" I could remember from the past in the first versions of the GUI. So if you need someone to test further build, @-me. The HO machine where I see the same problem is a Win11Pro build, OVPN 2.6.12 (latest) installed, same problem. The remote site running on OpenVPN 2.6.x with DCO enabled and I'm always having multiple configs around testing setups and sites from customers. Will add this issue to my tracker. |
|
@lstipakov |
|
Yes, please remove all traces of the old drivers first. |
|
So was going through the steps:
Output from commands:
To document: I still have not reinstalled OVPN any further. Just the drivers and the drivertest.exe are there. |
|
@JeGr Thanks for your testing. Sadly I don't have any further suggestions. Something happens with access control which I do not quite understand. The fact that this is rare doesn't really help you and others who are affected. I am in the middle of something else right now, but I hope we will be able to fix it before 2.7. |
|
@lstipakov Totally understand. As it is also popping up infrequently in customer setups, the only mitigation right now was for the Clients to run their GUI as admin. Not that nice but as it's done manually, it's doable and at least otherwise works fine. But if I can assist in narrowing it down, just ping me! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
(This was initially posted on the forum and a request was made to log it as a ticket here)
I am trying to use OpenVPN to access the ProtonVPN servers and following their instructions to set it up.
Protonvpn works on my machine by itself fine, but OpenVPN is giving me network error in the logs when trying to connect:
I followed your instructions on the forum as per below, but it hasnt resolved the issue yet. Though I had found a workaround which I am applying and then it works fine (disable the network adaptor with the issue)
Here is what I did as per request...
Re-enabled the currently disabled network adaptor that was causing the issue (OpenVPN Data Channel Offload)
Installed version OpenVPN-2.6.0-I004-amd64.msi to Windows 10 x64
But then I realised hadnt run it using the logging method requested, so removed it and then ran it again using
"msiexec /i OpenVPN-2.6.0-I004-amd64.msi /L*V log.txt"
sourced C:\Windows\INF\setupapi.dev.log
tested OpenVPN and same problem if OpenVPN Data Channel Offload (ROOT#NET#0004#) network adaptor is left enabled, copy of connection log for the attempt that failed is here:
"
OpenVPN install log.txt
setupapi.dev.log
The text was updated successfully, but these errors were encountered: