openvpn icon indicating copy to clipboard operation
openvpn copied to clipboard

Published 20 hours ago verified publisher icon OpenVPN

OpenVPN Client (OpenVPN GUI) only works with administrator rights

Open roswitina opened this issue 1 year ago • 6 comments

I am currently using Windows 11 23H2 (Build 22631.4317) and have installed OpenVPN-2.6.12-I002-amd64. The OpenVPN GUI is loaded and the configurations are displayed. When I now start a configuration, I get the following error message in the log and the connection is cancelled.

2024-10-20 16:17:22 TCP/UDP: Preserving recently used remote address: [AF_INET]1.2.3.4:1194
2024-10-20 16:17:22 CreateFile failed on ovpn-dco device: \\?\ROOT#NET#0002#{cac88484-7515-4c03-82e6-71a87abac361}\ovpn-dco: access denied (errno=5)
2024-10-20 16:17:22 MANAGEMENT: Client disconnected
2024-10-20 16:17:22 All ovpn-dco adapters on this system are currently in use or disabled.
2024-10-20 16:17:22 Exiting due to fatal error

I remember that some time ago you had to start the OpenVPN client (GUI) with administrator rights for it to work, but I think that this was no longer necessary some time ago.

So I started the OpenVPN GUI with administrator rights and the connection setup worked again.

Am I wrong here and have I always had to start with administrator rights, or is there something wrong with my system? Where can I start?

roswitina avatar Oct 20 '24 14:10 roswitina

Am I wrong here and have I always had to start with administrator rights, or is there something wrong with my system? Where can I start?

No, its not advisable nor required to run OpenVPN-GUI as administrator. Could you check whether OpenVPNServiceInteractive is running? It should be running for the GUI to work correctly. This service is installed and started by default, unless you manually disabled it. Please check.

selvanair avatar Oct 20 '24 17:10 selvanair

We've have seen some similar reports. Unfortunately I don't have a clear steps to reproduce and a solution for this problem. Apparently there is something on machine which triggers this behavior. It has been reported that when running msiexec /i OpenVPN-2.6.12-I002-amd64.msi under elevated privileges, the issue doesn't reproduce. Also you might want to add disable-dco and see if it works while we're investigating it.

lstipakov avatar Oct 21 '24 06:10 lstipakov

Am I wrong here and have I always had to start with administrator rights, or is there something wrong with my system? Where can I start?

No, its not advisable nor required to run OpenVPN-GUI as administrator. Could you check whether OpenVPNServiceInteractive is running? It should be running for the GUI to work correctly. This service is installed and started by default, unless you manually disabled it. Please check.

both services are running (OpenVPNServiceInteractive, OpenVPNService)

roswitina avatar Oct 21 '24 14:10 roswitina

both services are running (OpenVPNServiceInteractive, OpenVPNService)

Thanks for checking. I was not aware of the issue @lstipakov mentioned above. Try reinstalling from an elevated command prompt.

selvanair avatar Oct 21 '24 14:10 selvanair

We've have seen some similar reports. Unfortunately I don't have a clear steps to reproduce and a solution for this problem. Apparently there is something on machine which triggers this behavior. It has been reported that when running msiexec /i OpenVPN-2.6.12-I002-amd64.msi under elevated privileges, the issue doesn't reproduce. Also you might want to add disable-dco and see if it works while we're investigating it.

I have run msiexec /i OpenVPN-2.6.12-I002-amd64.msi in a console with administrator rights. Everything worked immediately after the installation. However, after logging out and logging in again, it no longer worked. In addition, I was only able to install the OpenVPN-2.6.12-I001-amd64.msi version. I was unable to download the OpenVPN-2.6.12-I002-amd64.msi version.

I also use the entry windows-driver wintun in my conf file. The following settings worked

worked

#OpenVPN Client conf
disable-dco
#windows-driver wintun
tls-client
client
...

does not work

#OpenVPN Client conf
#disable-dco
#windows-driver wintun
tls-client
client
...

does not work

#OpenVPN Client conf
disable-dco
windows-driver wintun
tls-client
client
...

does not work

#OpenVPN Client conf
#disable-dco
windows-driver wintun
tls-client
client
...

When I start the OpenVPn GUI with admin rights, all configurations work.

roswitina avatar Oct 21 '24 15:10 roswitina

Obviously installing from elevated prompt cannot be considered as a fix and should not matter. Something is going on with access control which we do not fully understand.

lstipakov avatar Oct 21 '24 15:10 lstipakov

Mir geht es genauso. Habe OpenVPN deinstalliert und neu installiert. Trotzdem kann ich die Software nur mit Admi istratorrechten starten. Auf anderen Rechnern funktioniert es ohne Probleme. Wer kann hier helfen?

ghost avatar Dec 18 '24 19:12 ghost

Would it be possible for you to provide a remote access to that machine to further debug this issue?

lstipakov avatar Dec 19 '24 12:12 lstipakov

Installing alpha2 without GUI on the current Windows Canary in Virtualbox. Disabled everything except service and DCO. Interactive service had started while OpenVPNService failed.

Event Viewer shows in System time out events 7009 and 7000, and in Application :

Event 1026 Application: openvpnserv2.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Security.SecurityException at System.Diagnostics.EventLog.FindSourceRegistration(System.String, System.String, Boolean, Boolean) at System.Diagnostics.EventLog.SourceExists(System.String, System.String, Boolean) at System.Diagnostics.EventLog.SourceExists(System.String) at OpenVpn.OpenVpnService..ctor() at OpenVpn.Program.Main(System.String[])

Event 1000 Faulting application name: openvpnserv2.exe, version: 2.0.0.0, time stamp: 0x67d2d744 Faulting module name: KERNELBASE.dll, version: 10.0.27881.1000, time stamp: 0x392e7c44 Exception code: 0xe0434352 Fault offset: 0x00179554 Faulting process id: 0xD14 Faulting application start time: 0x1DBE4637FBEF3DF Faulting application path: C:\Program Files\OpenVPN\bin\openvpnserv2.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll

OpenVPNService would not start as neither Network nor Local service, only as System.

irwir avatar Jun 23 '25 18:06 irwir

@irwir I cannot reproduce this. out of the box, apparently this code causes the issue (the first line):

if (!EventLog.SourceExists(this.ServiceName))
{
    EventLog.CreateEventSource(this.ServiceName, "Application");
}

Also this seem to be the separate issue from the one originally reported. I created a new ticket under openvpnser2 project.

lstipakov avatar Jun 24 '25 09:06 lstipakov

@irwir Please check my comment under the new ticket.

lstipakov avatar Jun 24 '25 09:06 lstipakov

Since there is no response from the original poster, I'll close the ticket. openvpnserv2 crash is handled in different issue.

lstipakov avatar Jun 24 '25 16:06 lstipakov

I can reproduce what roswitina is describing here: https://github.com/OpenVPN/openvpn/issues/629#issuecomment-2426980872. Which basically is: dco and win-tun drivers only work if OpenVPN GUI is started with admin rights but TAP drivers work under normal user rights. The two helper services are running and I have tried several reinstall etc. The version is: OpenVPN-2.6.14-I004-amd64

I'm able and willing to test stuff if needed. I can't provide remote access though.

NIVA-IS-PSH avatar Sep 24 '25 12:09 NIVA-IS-PSH