openvpn icon indicating copy to clipboard operation
openvpn copied to clipboard
verified publisher icon OpenVPN

CreateFile failed on wintun device: \\?\ROOT#NET#0000#{cac88484-7515-4c03-82e6-71a87abac361}: Access is denied. (errno=5)

Open privacyguy123 opened this issue 2 years ago • 9 comments

IMPORTANT NOTE CreateFile failed on wintun device: \\?\ROOT#NET#0000#{cac88484-7515-4c03-82e6-71a87abac361}: Access is denied. (errno=5)

Nothing but computer issues this weather, don't understand the problem.

Describe the bug Trying to connect using Tun explicitly, TAP is not installed. Tun is set in .conf fiile.

To Reproduce Steps to reproduce the behavior. Please make sure to not post any secrets like keys and passwords.

Expected behavior It should work.

Version information (please complete the following information):

  • OS: Windows 10
  • OpenVPN version: 2.6.6

privacyguy123 avatar Sep 04 '23 17:09 privacyguy123

Solved by opening OpenVPN-GUI as Administrator (forced) ... I don't get why it wouldn't be doing this by default. 😕

privacyguy123 avatar Sep 04 '23 17:09 privacyguy123

You should not run OpenVPN-GUI as administrator. This is not required, nor recommended. Instead find out why the GUI is not using the interactive service for tasks requiring elevation. Probably the service is manually disabled or stopped (do not do that). You can check using sc query OpenVPNServiceInteractive

If that is not the case, please post logs with verb 4 while running the GUI as regular user (not run-as admin).

selvanair avatar Sep 04 '23 17:09 selvanair

Not the case

sc query OpenVPNServiceInteractive

SERVICE_NAME: OpenVPNServiceInteractive
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

Verb 4 gives less info

2023-09-04 19:33:27 open_tun
2023-09-04 19:33:27 All tap-windows6 adapters on this system are currently in use or disabled.
2023-09-04 19:33:27 Exiting due to fatal error

The exact error is

2023-09-04 19:16:19 open_tun
2023-09-04 19:16:19 CreateFile failed on wintun device: \\?\ROOT#NET#0000#{cac88484-7515-4c03-82e6-71a87abac361}: Access is denied.   (errno=5)
2023-09-04 19:16:19 MANAGEMENT: Client disconnected
2023-09-04 19:16:19 All wintun adapters on this system are currently in use or disabled.

Why would access be denied to an adapter it made for itself?

privacyguy123 avatar Sep 04 '23 18:09 privacyguy123

Can we have a bit more of that log? The bit about being able to talk to the iservice (or not) is what Selva is after :-) - ideally, everything from startup to the wintun error.

cron2 avatar Sep 08 '23 20:09 cron2

I have the same problem:

2025-09-17 10:38:56 OpenVPN 2.6.14 [git:v2.6.14/f588592ee6c6323b] Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Aug  6 2025
2025-09-17 10:38:56 Windows version 10.0 (Windows 10 or greater), amd64 executable
2025-09-17 10:38:56 library versions: OpenSSL 3.5.1 1 Jul 2025, LZO 2.10
2025-09-17 10:38:56 DCO version: 1.3.3
2025-09-17 10:38:56 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25348
2025-09-17 10:38:56 Need hold release from management interface, waiting...
2025-09-17 10:38:57 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:59352
2025-09-17 10:38:57 MANAGEMENT: CMD 'state on'
2025-09-17 10:38:57 MANAGEMENT: CMD 'log on all'
2025-09-17 10:38:57 MANAGEMENT: CMD 'echo on all'
2025-09-17 10:38:57 MANAGEMENT: CMD 'bytecount 5'
2025-09-17 10:38:57 MANAGEMENT: CMD 'state'
2025-09-17 10:38:57 MANAGEMENT: CMD 'hold off'
2025-09-17 10:38:57 MANAGEMENT: CMD 'hold release'
2025-09-17 10:38:57 MANAGEMENT: >STATE:1758098337,RESOLVE,,,,,,
2025-09-17 10:38:57 TCP/UDP: Preserving recently used remote address: [AF_INET][redacted-IP]
2025-09-17 10:38:57 CreateFile failed on ovpn-dco device: \\?\ROOT#NET#0003#{cac88484-7515-4c03-82e6-71a87abac361}\ovpn-dco: Access is denied.   (errno=5)
2025-09-17 10:38:57 MANAGEMENT: Client disconnected
2025-09-17 10:38:57 All ovpn-dco adapters on this system are currently in use or disabled.
2025-09-17 10:38:57 Exiting due to fatal error


sc query OpenVPNServiceInteractive

SERVICE_NAME: OpenVPNServiceInteractive
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

My OpenVPN client is installed via Chocolatey.

Sieboldianus avatar Sep 17 '25 08:09 Sieboldianus

@Sieboldianus how are you running OpenVPN? From openvpn-gui, or from the command line?

cron2 avatar Sep 17 '25 08:09 cron2

I use it from the GUI, which is started automatically via Windows. I also tried to start openVPN GUI with Administrator privileges. But I get the same error upon connecting with a second connection.

Sieboldianus avatar Sep 17 '25 08:09 Sieboldianus

I could solve the issue, just had to follow https://github.com/OpenVPN/ovpn-dco-win/issues/38#issuecomment-1495427845

If you need to open a second VPN connection, you need to create an additional DCO adapter. You should have a shortcut in your Start menu Add a new dco-win virtual network adapter.

Perhaps this was also the cause of the OP's issue and this can be closed now.

Sieboldianus avatar Sep 17 '25 09:09 Sieboldianus

OpenVPN 2.7 will auto-create DCO interfaces if everything is busy... so this part has been fixed for good. If you feel like it, there's a 2.7_beta1 to test on https://community.openvpn.net/Downloads (including windows installers)

cron2 avatar Sep 17 '25 10:09 cron2