Error message ovpnagent request error - Исправление ошибок и поиск оптимальных решений проблем

Hello,

The OpenVPN agent component that is reporting a problem is the component that makes it possible for OpenVPN Connect v3 to run unprivileged (not requiring admin rights). There are certain actions that require admin privileges like opening the TUN/TAP adapter and setting up routing. The agent service takes care of that. Apparently though that agent is unable to do its job.

Given your problem description, the most likely cause of the problem is a failure to install the TUN/TAP adapter, therefore when the agent is requested to open a TUN/TAP adapter, there isn’t one, and the request fails, and therefore everything simply does not work.

I believe the root cause of the problem is related to a problem installing the driver on Windows 7. First of all I should point out that Windows 7 is no longer supported by Microsoft. But we also know that OpenVPN Connect v3 will work fine on Windows 7. But one issue that we know about is that if you don’t have Windows 7 updated to the latest still available updates, then you will not have the required update that adds support for checking code signing done with SHA256 type certificates. And that is required if you want the driver installation to proceed correctly. This update could be obtained separately.

More information on this can be found here:
https://support.microsoft.com/en-us/top … a4cde8e64f

I believe that, just likes in our test setup with Windows 7, if you have the correct update installed that adds support for SHA256 code signing, then you should be able to install the driver correctly.

And finally, some antivirus software might hold back the driver installation. So it’s possible that the problem can be resolved by temporarily disabling antivirus for the installation process to succeed.

Kind regards,
Johan

OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Источник

Содержание

OpenVPN Support Forum
ovpnagent request error?!
ovpnagent request error?!
Re: ovpnagent request error?!
OpenVPN Support Forum
windows 7 installation error
windows 7 installation error
Re: windows 7 installation error
Re: windows 7 installation error
OpenVPN Support Forum
TAP Device with no gateway
TAP Device with no gateway
Re: TAP Device with no gateway
Ошибки VPN
Вы везунчик!
Ошибки OpenVPN
Как узнать какая OpenVPN ошибка возникла?
Не могу выбрать «Connect» при нажатии на иконку в системном трее
Connect to IP:Port failed, will try again in 5 seconds; No Route to Host
Cannot load certificate file client.crt
All TAP-Win32 adapters on this system are currently in use
ERROR: Windows route add command failed: returned error code 1
Initialization Sequence Completed With Errors
OpenVPN. Почему клиент выдают ошибку подключения?

OpenVPN Support Forum

Community Support Forum

ovpnagent request error?!

Post by nico_ar » Wed Mar 31, 2021 10:37 am

Re: ovpnagent request error?!

Post by openvpn_inc » Wed Apr 07, 2021 10:03 am

Источник

OpenVPN Support Forum

Community Support Forum

windows 7 installation error

Post by farhaadn » Mon Mar 01, 2021 9:20 am

Hi everyone, I have windows 7 ultimate 64bit
when I installing OpenVPN 3.2.3.1851 I got the below error:

Windows requires a digitally signed driver

A recently installed program tried to install an unsigned driver. This version of Windows requires all drivers to have a valid digital signature, The driver is unavailable and the program that uses this driver might not work correctly.
Uninstall the program or device that uses this driver and check the publisher’s support website to get a digitally signed driver.

driver: Wintun Driver
Service: Wintun
Publisher: WireGuard LLC
Location: C:\Windowssystem32. wintun.sys

Re: windows 7 installation error

Post by farhaadn » Mon Mar 01, 2021 9:37 am

I got this error in the client when I try to connect

POST np://[\.pipeagent_ovpnconnect]/tun-setup : 400 Bad Request
TAP ADAPTERS:
guid=’<7f6ec5c4-5ffa-44c9-8165-42aae1dfc2fe>‘ index=31 name=’Local Area Connection 3’
Open TAP device «» PATH=»» FAILED
Destroyed previous TAP instance due to exception
cannot acquire TAP handle
⏎3/1/2021, 11:15:54 AM TUN Error: ovpnagent: request error
⏎3/1/2021, 11:15:54 AM Client exception in transport_recv: tun_exception: not connected
⏎3/1/2021, 11:15:54 AM EVENT: TUN_SETUP_FAILED ovpnagent: request error⏎3/1/2021, 11:15:54 AM EVENT: DISCONNECTED ⏎

Re: windows 7 installation error

Post by farhaadn » Wed Mar 03, 2021 7:08 am

Источник

OpenVPN Support Forum

Community Support Forum

TAP Device with no gateway

Post by plumbersmate » Fri Jun 25, 2021 8:16 pm

I have OpenVPN server on a Raspberry Pi. It allows my mobile phone to connect without any problem.

I created keys etc for my Windows 10 laptop with OpenVPN Connect. I am using the same ovpn file as used on the phone.

I find that when connects it reports:
ovpnagent: request error

The log shows that the auto-generated script that configures the tap net adapter shows this:
«gateway» : «UNSPEC»,

POST np://[\.pipeagent_ovpnconnect]/tun-setup : 400 Bad Request
ip_exception: error parsing tunnel_addresses[0].gateway IP address ‘UNSPEC’ : An invalid argument was supplied.
[Jun 25, 2021, 21:11:01] TUN Error: ovpnagent: request error

Is there something missing from my client or server config files?
Let me know if you need me to post any other info.

Thank you in advance.

Re: TAP Device with no gateway

Post by openvpn_inc » Mon Jun 28, 2021 12:21 pm

In order to investigate this further, please contact us at https://openvpn.net/support and send logs of your connection attempts that show this problem. Also please let us know the exact version of OpenVPN Connect being used.

However there is just one thing I want to point out and that is that with OpenVPN generally you do not specify a gateway for the TAP adapter. Instead you set up routes that redirect traffic to the IP address of the VPN server’s internal gateway address, reachable through the client’s TAP adapter.

However such an error message deserves investigation and as such we’d like to see more, but we’d rather do that over a secure channel.

Источник

Ошибки VPN

Иногда случаются проблемы с VPN подключением или VPN не работает. На данной странице вы можете найти описание возникающей ошибки впн и самостоятельно исправить ее.

Вы везунчик!

Поздравляем! Вы нашли скрытый промо-код со скидкой 75% на покупку анонимного VPN без логов.
Промо-код действует только 1 час.

Ошибки OpenVPN

Если вы не знаете как узнать ошибку, возникшую в ходе подключения, нажмите на следующую ссылку:

Ниже представлен список возможных ошибок и методы их устранения. Нажмите на ошибку, чтобы узнать как ее устранить. Названия ошибок соответствуют записям в окне лога.

Как узнать какая OpenVPN ошибка возникла?

Программа OpenVPN имеет лог подключения. При подключении к OpenVPN серверу программа записывает данные подключения. Эта информация никуда не передается и остается на вашем компьютере, чтобы вы могли понять из-за чего возникла ошибка впн. Чтобы вызвать окно лога, нажмите дважды левой кнопкой мыши на иконку OpenVPN в системном трее.

Когда соединение прошло успешно, и вы подключены к VPN серверу, то окно лога должно выглядеть так:

Не могу выбрать «Connect» при нажатии на иконку в системном трее

В списке есть только «Proxy Settings», «About» и «Exit», но нет пункта «Connect».

Это означает, что вы не скачали и/или не скопировали конфигурационный файл «client.ovpn» в «C:/Program Files/OpenVPN/config». Откройте еще раз Инструкцию по настройке OpenVPN соединения для вашей ОС и проверьте все шаги установки и настройки.

Connect to IP:Port failed, will try again in 5 seconds; No Route to Host

Данная ошибка означает, что у вас нет подключения к Интернету, либо его блокирует ваш Firewall или Антивирус.

Проверьте активно ли ваше Интернет подключение, отключите Firewall, Антивирус и подключитесь еще раз.

Cannot load certificate file client.crt

Данная ошибка связана с отсутствием сертификационных файлов в папке «C:Program FilesOpenVPNconfig».

В процессе установки было необходимо скачать архив с сертификатами и распаковать его в папку с программой. Откройте еще раз Инструкцию по настройке OpenVPN соединения для вашей ОС и проверьте все шаги установки и настройки.

All TAP-Win32 adapters on this system are currently in use

Эта впн ошибка связана с некорректной работой Windows и программы OpenVPN. Также эта OpenVPN ошибка может возникнуть вследствие отключения Интернета без отключения сначала OpenVPN соединения. Всегда отключайте сначала OpenVPN соединение и только затем Интернет.

Для устранения ошибки, зайдите в «Пуск -> Сетевые подключения». Найдите «Подключение по локальной сети. TAP-Win32 Adapter» и правой кнопкой мышки щелкните на ярлыке. Выберите «Отключить».

Затем, таким же образом, «Включите» данное подключение. После выполнения данных действий проблемы с VPN подключением должны исчезнуть.

ERROR: Windows route add command failed: returned error code 1

Данная ошибка связана с ограничением прав в Windows Vista, Seven.

Для устранения ошибки, необходимо выйти из OpenVPN GUI. Правой кнопкой мышки нажать на иконку OpenVPN GUI на рабочем столе и выбрать пункт меню «Свойства»

На вкладке «Совместимость» поставьте галочку «Выполнять эту программу от имени администратора».

Теперь запустите OpenVPN GUI еще раз и подключитесь к VPN серверу.

Initialization Sequence Completed With Errors

Данная ошибка связана с неправильной работой службы DHCP из-за антивирусов или фаерволов.

Ошибка наблюдалась постоянно у фаервола Outpost Firewall версии 2009 и ранее, наблюдается также у антивируса Касперского. Ниже представлено решение для антивируса Касперского. Сам алгоритм ничем не отличается от решения проблемы для других антивирусов и фаерволов.

Для устранения ошибки, необходимо зайти в «Пуск -> Панель Управления -> Сетевые подключения» и зайти в «Свойства» виртуального адаптера «TAP-Win 32 Adapter». На вкладке «Общие» в списке отключить Kaspersky Anti-Virus NDIS Filter и затем нажать «ОК».

Теперь подключитесь к VPN и подключение должно пройти успешно.

Источник

OpenVPN. Почему клиент выдают ошибку подключения?

Как-то давно была похожая ошибка, помогло переустановить OpenVPN server и CA server, но сейчас я в непонятках, как и почему, прошу руку помощи.

Тестирую локально.
Жалуется на ключ ca ca.crt, но что его не устраивает я хз

Вопрос задан более трёх лет назад
3953 просмотра

Я так понял у вас клиент на андроиде?
Сертификаты нужно указывать так:

Аналогично и для других опций, содержащих ссылки на файлы ключей (ca, cert, key).
На сколько вижу у вас не хватает открывающего тега — . Это типичные xml теги — должен быть начальный тег и конечный.

ky0, res2001,
Для создания конфига клиента, я использовал статью. Может она сама по себе косячная?

Создание конфигурационных файлов для клиентов OpenVPN может быть трудозатратно, так как каждый клиент должен иметь собственный файл конфигурации, и каждая из конфигураций должна совпадать с настройками, указанными в файле конфигурации сервера. Вместо того, чтобы создавать для каждого клиента свой файл конфигурации, создадим «базовый» конфигурационный файл, а затем скрипт, который позволит нам генерировать уникальные конфигурационные файлы клиентов на основе «базового». Скрипт также поместит в один конфигурационный файл все необходимые сертификаты и ключи.

Начнем с создания нового каталога, в котором будем хранить файлы конфигурации клиентов в каталоге, который мы создали ранее:

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup

# SSL/TLS parms.
# See the server config file for more
# description. It’s best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
#ca ca.crt
#cert client.crt
#key client.key

# script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf

/ client-configs / files. Создадим новый файл с именем make_config.sh в каталоге

#!/bin/bash
# First argument: Client identifier
KEY_DIR=

Galdar Turin, По моему на винде, линуксе и прочих десктопных ОС проще работать с файлами ключей, а не внедрять их в конфиг.
Минус подобной конфигурации в том, что у ключей когда-нибудь закончится срок и их надо будет менять. В случае монолитного конфига это процедура будет более проблематичной.

По вашей ошибке ответ тут.

Кстати, вы опубликовали все ключи для доступа к вашему ВПН. Рекомендую этот набор клиентских ключей больше никогда нигде не использовать.

Кстати, вы опубликовали все ключи для доступа к вашему ВПН. Рекомендую этот набор клиентских ключей больше никогда нигде не использовать.

Да, я понимаю)) Поэтому я и сделал тестовый клиент и сервер)

Источник

OPENVPN CLIENT SUDDENLY UNABLE TO CONNECT TO SERVER FOR …

Post. by mathewparet » Mon Oct 12, 2020 9:18 pm. We run in OpenVPN Community edition. For the past few days, 1 user (among 20) isn’t able to connect to OpenVPN Server. User is on Windows 10 (v10.0.18362) and tried with the latest OpenVPN client for windows available on OpenVPN website. This is how the server logs look:
From forums.openvpn.net

OVPNAGENT.EXE WINDOWS PROCESS — WHAT IS IT? — FILE

The process known as OpenVPN Agent belongs to software PrivateTunnel by OpenVPN Technologies. Description: Ovpnagent.exe is not essential for the Windows OS and causes relatively few problems. Ovpnagent.exe is located in a subfolder of «C:Program Files (x86)»—usually C:Program Files (x86)OpenVPN TechnologiesPrivateTunnel It is a service …
From file.net

CANNOT CONNECT TO VPN SERVER (OPENVPN) — HOME NETWORK …

Cannot connect to VPN server (openVPN) 2020-06-27 08:40:37. Model: Archer AX50. Hardware Version: V1. Firmware Version: 1.0.8 Build 20200426 rel.65338 (4555) I’ve setup OpenVPN as stated in the guide (first enabled dynamic DNS through TP link). Client access is internet + local. I’ve tried both UDP and TCP. I have generated a certificate.
From community.tp-link.com

[OPENVPN-USERS] WIN10, OPENVPN GUI LATEST, AND OPENVPN 2.4 …

Support Request; Help Create Join Login. Open Source Software. Business Software. Resources. Blog; Articles; Menu Help; Create; Join; Login; Home. Browse. OpenVPN. Mailing Lists [Openvpn-users] win10, openvpn gui latest, and openvpn 2.4 server tls negotiation configuration err Robust and flexible VPN network tunnelling Brought to you by: dazo, ericcrist, …
From sourceforge.net

CANNOT CONNECT WITH OPENVPN (GATEWAY & CERTIFICATE … — NETGEAR

OpenVPN ROUTE: OpenVPN needs a gateway parameter for a —route option and no default was specified by either —route-gateway or —ifconfig options. OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.1.0. ERROR: Cannot open TUN/TAP dev NETGEAR-VPN: No such file or directory (errno=2) Am I missing a step? At the moment of …
From community.netgear.com

OVPNAGENT REQUEST ERROR?! — OPENVPN SUPPORT FORUM

Re: ovpnagent request error?! The OpenVPN agent component that is reporting a problem is the component that makes it possible for OpenVPN Connect v3 to run unprivileged (not requiring admin rights). There are certain actions that require admin privileges like opening the TUN/TAP adapter and setting up routing.
From forums.openvpn.net

VPN ERROR TUN INTERFACE FAILED CANNOT ACCQUIRE TAP HANDLE

1.Activate the windows side panel charm by hovering the mouse at the top right of the screen. 2.Clicking the settings wheel. 3.Clicking the power option. 4.Select Restart as you hold down the shift key (This should take you to the troubleshooting option screen), and then select the reason for shutdown. 5.We can now click on the Troubleshoot option.
From kb.tdo4endo.com

OPENVPN PRIVATE TUNNEL 2.8.4 — ‘OVPNAGENT’ UNQUOTED SERVICE PATH

#PoC ===== C:>sc qc ovpnagent [SC] QueryServiceConfig SUCCESS SERVICE_NAME: ovpnagent TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:Program Files (x86)OpenVPN TechnologiesPrivateTunnelovpnagent.exe LOAD_ORDER_GROUP : TAG …
From exploit-db.com

TROUBLESHOOTING | OVPN.COM

Mac: IPv6 doesn’t work You can check if your IPv6 address works by going to this website. If the page loads and you see something like 2a02:1610:1002:1000::1005, IPv6 is working properly for you and you don’t need to do a…
From ovpn.com

HOW DO I RESOLVE THE OPENVPN ACCESS SERVER ERROR «UNKNOWN …

Resolution: Make sure you are using OpenVPN client version 2.2 or higher. Issue: Wrong entry for ikey, skey, or api host. Resolution: Verify values are correct and use ‘ instead of » (single quotation mark instead of double quotation mark) to prevent a mismatch.
From help.duo.com

ISSUE CONNECTING PFSENSE AS A CLIENT TO OPENVPN ACCESS SERVER

Click Click to connect to it. Post up your config from your server and your client so we can see what your doing wrong. here is the client configuration. dev ovpnc1 verb 1 dev-type tun dev-node /dev/tun1 writepid /var/run/openvpn_client1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist …
From forum.netgate.com

TAP DEVICE WITH NO GATEWAY — OPENVPN SUPPORT FORUM

«The issue you are describing appears to be related to the OpenVPN open source community version. I am sorry for the inconvenience, but unfortunately, I cannot help you here. This support ticket system is for customers of our OpenVPN Access Server and OpenVPN Cloud products only, the commercial solutions based on OpenVPN.»
From forums.openvpn.net

WINDOWS 7 INSTALLATION ERROR — OPENVPN SUPPORT FORUM

OpenVPN Inc. enterprise business solutions; ↳ The OpenVPN Access Server; ↳ The OpenVPN Cloud; ↳ OpenVPN Connect (Windows) ↳ OpenVPN Connect (macOS) ↳ OpenVPN Connect (Android) ↳ OpenVPN Connect (iOS) Off Topic, Related; Braggin’ Rights; ↳ My VPN; ↳ Doh! Pay OpenVPN Service Provider Reviews/Comments
From forums.openvpn.net

TROUBLESHOOTING CLIENT VPN TUNNEL CONNECTIVITY | OPENVPN

The solution is to set up a proper DNS name and configure that and save settings. Then uninstall, redownload, and reinstall the connection profile or OpenVPN Connect Client program and to try again. Another common mistake is to forget to open the 3 ports required for OpenVPN Access Server to be reachable properly.
From openvpn.net

ACCESS SERVER: ERROR «OVPNAGENT: COMMUNICATION ERROR» – …

2.) Reboot the machine. 3.) Install the latest OpenVPN Client which can be downloaded via your company URL/CWS or from this Site. 4.) Download connection profile and import it to the Client and then try to connect to VPN again and make sure to run it with elevated privileges. If the issue persists, please open a ticket and provide details of …
From support.openvpn.com

20.04 — IMPORTING CLIENT.OVPN ERROR MESSAGE — ASK UBUNTU

Stack Exchange Network. Stack Exchange network consists of 180 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.. Visit Stack Exchange
From askubuntu.com

OVPNAGENT REQUEST ERROR WINDOWS 11 — YMQMVR.POIK.PL

Repairing and resetting the Windows Security app did the trick for many users. Open Settings → Apps → Apps & Features. Locate “ Windows Security” app from the list. Click on the three-dot menu adjacent to “ Windows Security”, and click Advanced options. Once there, click “Repair” and then click “Reset”.
From ymqmvr.poik.pl

SOLUTIONS TO OPENVPN AUTHENTICATION FAILURE — PROTON VPN SUPPORT

To do this, log in to account.protonvpn.com using your Proton username and password ( details here) and go to Downloads → OpenVPN configuration files. 9. Check if you have paid for the services. When you register and pay for Proton VPN, you will be …
From protonvpn.com

HOW TO RESOLVE REQUESTS GET NOT WORKING OVER VPN? — STACK …

In my organization, I have to run my program under VPN for different geo locations. so we have multiple proxy configurations. I found it simpler to use a package called PyPAC to get my proxy details automatically. from pypac import PACSession from requests.auth import HTTPProxyAuth session = PACSession() # when the username and password is required # …
From stackoverflow.com

[OPENVPN-DEVEL,OPENVPN3,1/2] OVPNAGENT: FIX QUOTING OF …

Signed-off-by: Christopher Ng <[email protected]>— openvpn/ovpnagent/win/ovpnagent.cpp | 6 ++++— 1 file changed, 4 insertions(+), 2 deletions(-)
From patchwork.openvpn.net

WHY DO I RECEIVE THE ERROR «VPN CANNOT CONNECT TO SERVER»?

1. Try to select from the list of countries another server (change the country) it might be an issue on the server side. 2. As a last resort, you can try to reinstall the Avira Phantom VPN product.
From support.avira.com

SOME COMMON ERRORS AND SOLUTIONS | OPENVPN

Some users have solved this issue by updating their OpenVPN and/or OpenSSL software on the server side. BIO read tls_read_plaintext error: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher This is usually remedied by going to the OpenVPN Preferences menu and selecting «Force AES-CBC ciphersuites».
From openvpn.net

TROUBLESHOOTING – OPENVPN SUPPORT CENTER

Access Server: Troubleshooting guide for OpenVPN Subscription licensing; Access Server: AWS Tiered License Issue; Access Server: SESSION ERROR: Your session has expired, please authenticate (9007) Access Server: [WARNING] OpenVPN Access Server did not report in time — Email Alert; Access Server: Logging and debug flag options for Access Server
From support.openvpn.com

OPENVPN CLIENT SUDDENLY REFUSES TO CONNECT TO MY SELF-HOSTED VPN

[REDACTED IPs] 5/16/2021, 2:54:17 AM OpenVPN core 3.git::d8d14e19 mac x86_64 64-bit PT_PROXY built on Apr 5 2019 07:54:59 5/16/2021, 2:54:17 AM Frame=512/2048/512 mssfix-ctrl=1250 5/16/2021, 2:54:17 AM EVENT: RESOLVE ⏎5/16/2021, 2:54:17 AM UNUSED OPTIONS 4 [nobind] 18 [sndbuf] [0] 19 [rcvbuf] [0] 22 [verb] [3] 31 …
From security.stackexchange.com

CLIENT.OVPN ISSUE · ISSUE #287 · ANGRISTAN/OPENVPN-INSTALL · GITHUB

edited. support on Sep 15, 2018. BelleNottelling completed on Sep 15, 2018. randomshell mentioned this issue on Jan 29, 2019. Options error: Unrecognized option or missing parameter (s) in config.ovpn:36: tls-version-min (2.3.2) #387. Closed. Sign up for free to join this conversation on GitHub .
From github.com

CONFIGURING CLIENT-SPECIFIC RULES AND ACCESS POLICIES — OPENVPN

Configuring client-specific rules and access policies. Suppose we are setting up a company VPN, and we would like to establish separate access policies for 3 different classes of users: System administrators — full access to all machines on the network. The basic approach we will take is (a) segregate each user class into its own virtual IP …
From openvpn.net

THERE WAS AN ERROR ATTEMPTING TO CONNECT TO THE SELECTED …

SUDDENLY GETTING ERROR MESSAGE : OPENVPN — REDDIT.COM

I am trying to create a client that only has access to one machine on the local network, similar to the example shown in the official OpenVPN guide.. port 56620 proto udp dev tun user nobody group nogroup persist-key persist-tun keepalive 10 120 server 10.8.0.0 255.255.255.0 route 10.8.1.0 255.255.255.0 route 10.8.2.0 255.255.255.0 ifconfig-pool-persist ipp.txt push «dhcp …
From reddit.com

ACCESS SERVER: ADDING USERS & USER GROUP PERMISSIONS FOR …

This guide provides an overview of setting up authentication, creating users, and downloading OpenVPN Connect, which are all essential parts of launching your VPN. Setting up authentication Add new users in Admin Web UI
From support.openvpn.com

OPENVPN CONNECT 3.0.0.272 — ‘AGENT_OVPNCONNECT’ UNQUOTED …

Training. — Penetration Testing with Kali Linux (PWK) (PEN-200) All new for 2020 Offensive Security Wireless Attacks (WiFu) (PEN-210) Evasion Techniques and Breaching Defences (PEN-300) All new for 2020 Advanced Web Attacks and Exploitation (AWAE) (WEB-300) Updated for 2020 Windows User Mode Exploit Development (EXP-301)
From exploit-db.com

Источник

Ошибки VPN

Вы везунчик!

Ошибки OpenVPN

Если вы не знаете как узнать ошибку, возникшую в ходе подключения, нажмите на следующую ссылку:

Как узнать какая OpenVPN ошибка возникла?

Когда соединение прошло успешно, и вы подключены к VPN серверу, то окно лога должно выглядеть так:

Не могу выбрать «Connect» при нажатии на иконку в системном трее

В списке есть только «Proxy Settings», «About» и «Exit», но нет пункта «Connect».

Connect to IP:Port failed, will try again in 5 seconds; No Route to Host

Данная ошибка означает, что у вас нет подключения к Интернету, либо его блокирует ваш Firewall или Антивирус.

Проверьте активно ли ваше Интернет подключение, отключите Firewall, Антивирус и подключитесь еще раз.

Cannot load certificate file client.crt

Данная ошибка связана с отсутствием сертификационных файлов в папке «C:Program FilesOpenVPNconfig».

All TAP-Win32 adapters on this system are currently in use

ERROR: Windows route add command failed: returned error code 1

Данная ошибка связана с ограничением прав в Windows Vista, Seven.

На вкладке «Совместимость» поставьте галочку «Выполнять эту программу от имени администратора».

Теперь запустите OpenVPN GUI еще раз и подключитесь к VPN серверу.

Initialization Sequence Completed With Errors

Данная ошибка связана с неправильной работой службы DHCP из-за антивирусов или фаерволов.

Теперь подключитесь к VPN и подключение должно пройти успешно.

Источник

OpenVPN Support Forum

Community Support Forum

ovpnagent request error?!

Post by nico_ar » Wed Mar 31, 2021 10:37 am

Re: ovpnagent request error?!

Post by openvpn_inc » Wed Apr 07, 2021 10:03 am

Источник

OpenVPN Support Forum

Community Support Forum

TAP Device with no gateway

Post by plumbersmate » Fri Jun 25, 2021 8:16 pm

I have OpenVPN server on a Raspberry Pi. It allows my mobile phone to connect without any problem.

I created keys etc for my Windows 10 laptop with OpenVPN Connect. I am using the same ovpn file as used on the phone.

I find that when connects it reports:
ovpnagent: request error

The log shows that the auto-generated script that configures the tap net adapter shows this:
«gateway» : «UNSPEC»,

Is there something missing from my client or server config files?
Let me know if you need me to post any other info.

Thank you in advance.

Re: TAP Device with no gateway

Post by openvpn_inc » Mon Jun 28, 2021 12:21 pm

However such an error message deserves investigation and as such we’d like to see more, but we’d rather do that over a secure channel.

Источник

OpenVPN. Почему клиент выдают ошибку подключения?

Тестирую локально.
Жалуется на ключ ca ca.crt, но что его не устраивает я хз

Вопрос задан более трёх лет назад
3951 просмотр

Я так понял у вас клиент на андроиде?
Сертификаты нужно указывать так:

ky0, res2001,
Для создания конфига клиента, я использовал статью. Может она сама по себе косячная?

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup

# SSL/TLS parms.
# See the server config file for more
# description. It’s best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
#ca ca.crt
#cert client.crt
#key client.key

# script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf

/ client-configs / files. Создадим новый файл с именем make_config.sh в каталоге

#!/bin/bash
# First argument: Client identifier
KEY_DIR=

По вашей ошибке ответ тут.

Кстати, вы опубликовали все ключи для доступа к вашему ВПН. Рекомендую этот набор клиентских ключей больше никогда нигде не использовать.

Да, я понимаю)) Поэтому я и сделал тестовый клиент и сервер)

Источник

Troubleshooting client VPN tunnel connectivity

Purpose of this troubleshooting page

This page is specifically about attempting to find and resolve problems with an OpenVPN client program failing to connect to an OpenVPN Access Server. It does not deal with problems in reaching a target system over the established VPN tunnel once the VPN tunnel is already working. That is handled in a separate page: troubleshooting reaching systems over the VPN tunnel.

So if for example you start the OpenVPN client connection and it issues an error and disconnects you, then the information here should help you in determining a possible cause and solution. If not, reach out to us on the support ticket system and provide as much detail as you can.

Locating the server log files

To diagnose problems with an OpenVPN server or client, it is helpful to look at the log files. The log files are located in specific areas on your computer systems, and the following is a general guide on how to find them and how to get the best information out of them. Log files are the place to check whenever you’re having any problems making a connection with an OpenVPN client program to the OpenVPN Access Server, they the information needed to ascertain what’s going wrong.

On the OpenVPN Access Server there is the server side log:
/var/log/openvpnas.log /var/log/openvpnas.node.log (in case of a failover setup)

In the event that you are having problems with starting the Access Server or certain portions of it, for example the web services, then it may be useful to stop the Access Server service, move the log file aside, then start the Access Server service, and stop it again immediately. This creates a new clean log file that contains the startup and shutdown sequence of the Access Server and no other extraneous information. This makes analysis of the log file much easier. To do so use these commands in order:

You can then grab the /var/log/openvpnas.log file for analysis and start the Access Server again:

Locating the client log files

Log file location for the OpenVPN Connect Client for Windows:
C:Program Files (x86)OpenVPN TechnologiesOpenVPN Clientetclogopenvpn_(unique_name).log

The OpenVPN Connect Client for Mac:
/Library/Application Support/OpenVPN/log/openvpn_(unique_name).log

Macintosh may not show you this folder in finder as it only shows you certain things and hides others. So to get to the /Library folder, open Finder and in the menu at the top choose Go followed by Go to folder and then enter the path /Library to get into that directory. You can then go to the correct folder and look up the log file. Please also note that the OpenVPN Connect Client for Macintosh will have permissions set on the log file so that you cannot normally open it. To bypass this, right click the log file and choose the Get info option in the menu. Then at the bottom, under Sharing & Permissions, you will be able to use the yellow padlock icon to unlock the settings and to give everyone read access. Then you will be able to open the log file with a right click and selecting Open with and then choosing something like Text editor to view the contents of the log file.

Known error messages and possible solutions

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

This particular error can have multiple different causes as it is a fairly generic error message.
A possible explanation is that the client program is old and supports only TLS 1.0, but the server is expecting TLS level 1.1 or higher. To see if this is the case log on to the server and check the server side log file. The chances are high that your client program is an older version, like version 2.2 or older, and that it doesn’t know how to handle a modern TLS minimum level requirement, when you see messages that look like this on the server side:

The solution to this particular problem is to upgrade the client software to the latest version.
Another possible explanation is that the settings regarding TLS minimum requirement level have been altered but the OpenVPN client is using an older copy of the connection profile which has incorrect instructions. The settings on the client and the server must match for the connection to be successful. In this situation installing a new copy of the configuration profile will solve the issue. A complete uninstall, redownload, and reinstall of the OpenVPN Connect Client should take care of that for you.

And yet another possible explanation is that there is a blockade in place in a firewall or at the Internet service provider that is blocking or interfering with the TLS handshake in some way.

TLS Error: local/remote TLS keys are out of sync

For some reason the negotiated TLS key to be used on the client side for TLS encryption/decryption is different from the one used on the server side. That should never happen. When the client and server are talking to one another they agree upon a TLS key to be used for encrypting and decrypting traffic. By default in Access Server such a key is valid for 6 hours, and after those 6 hours, automatically the TLS refresh kicks in and they will agree upon a new key. There is a short overlap where both the old and new key are accepted, until the old key is expired and the new key must be used. If for some reason one side doesn’t do this, you see this error message.

A possible cause is a bug in the OpenVPN protocol with the version used in OpenVPN Connect Client which was resolved, where the automatic TLS key refresh would fail because the client and server couldn’t agree properly on the encryption cipher to use. So if you encounter this particular problem and you are using an OpenVPN3 based client like OpenVPN Connect Client 2.*, then consider updating to the latest version. You can do so for example per computer by downloading OpenVPN Connect Client for Windows or OpenVPN Connect Client for macOS from our website, and installing it. However a better solution would be to update your Access Server to the latest version so that you get the updated Connect Client embedded in there, and then downloading and installing the latest version of OpenVPN Connect Client from your Access Server. If you use other client software and it shows problems, try finding a newer version for it. Worst case scenario, you could also consider changing the TLS key refresh to something larger in the Advanced VPN page of the Admin UI, to avoid triggering the issue. This does of course lower security somewhat.

Server poll timeout

One of the very first steps that an OpenVPN client program will do when trying to connect to an OpenVPN Access Server is to simply send out a message requesting for a reply. So basically a «hello are you there?» message. The server is then supposed to respond and then a connection is started. However if you see a server poll timeout error message then the server could not be reached at the specified port. Why this is not possible is another question entirely, but the error message is very clear: there is simply no response at all on that address and port. So when you see this message it would be good to check if the port is actually open, if the port is correct, if the address you’re trying to reach can actually be reached from the Internet, and isn’t a private IP address only, and other such checks to confirm basic connectivity to the server. At this point you’re not even looking at a problem that has anything to do with the OpenVPN protocol itself. This is a most basic «this server cannot be reached» message.

A common mistake that is made is that people set up the Access Server on a private IP address but neglect to set up a proper FQDN DNS name for it, and configure that FQDN DNS name in the Admin UI under Server Network Settings in the Host name or IP address field. It is that field value that connection profiles generated and provisioned to the OpenVPN clients will be using to start a connection to. So if this is set to an internal private IP address that the Access Server was installed on, then the connection profiles will try to connect to that private IP address, which is unlikely to be reachable from anywhere else but the internal network that the Access Server itself is on. The solution is to set up a proper DNS name and configure that and save settings. Then uninstall, redownload, and reinstall the connection profile or OpenVPN Connect Client program and to try again.

Another common mistake is to forget to open the 3 ports required for OpenVPN Access Server to be reachable properly. By default these are TCP 443, TCP 943, and UDP 1194.

SESSION_ID only allowed to be used by client IP address that created it

OpenVPN Access Server uses a session-based-token system for server-locked and user-locked profiles. Auto-login type profiles don’t. What this means is that after a user authenticates successfully, they are given a session token to identify themselves with. Compare it to going to a party and you show up and pay your entry fees, and if you need to go out for a little bit, they give you a stamp on the back of your hand, or put a paper/plastic strip around your wrist, so that you can show up again later and be admitted access again. That’s a very simplified explanation. With a session token, each token is unique and uniquely identifies you. This avoids having to store your credentials in memory or bothering the user to reauthenticate when you temporarily lose contact with the server and reconnect again, so it’s safer and more convenient. The session token is locked to the IP address that the original authentication attempt was made from, this is a security feature. When you see this message it means the session token your client program offered to the server was generated originally from another IP address. This can happen for example if you switch Internet connection, like logging in at work, then moving your laptop home and it tries to reconnect automatically with the session token. This session token IP lock is a security feature that can be disabled to allow such automatic reconnects to occur without this error message.

Authentication Error: Session: your session has expired, please reauthenticate

The OpenVPN Access Server works with a session token based authentication system when you are using a server-locked or user-locked profile. When you authenticate successfully, you are given a session token instead. The session token identifies you now from that moment onward. By default the session token expires after 5 minutes of inactivity as in not being connected to the server, and it also expires after 24 hours by default. Furthermore, when the session token is generated on the server, it gets locked to the VPN client’s connecting IP address. This session IP lock can be disabled, and the timeout for session inactivity and the timeout for total session duration mentioned can also be adjusted. If for example you are on your phone and you are connected through WiFi, and you walk out of range of WiFi, and it switches to another Internet connection like 3G/4G or something, then your VPN client will disconnect but attempt to reconnect automatically. Your IP will now be different and as such the session token is not valid anymore. You will see an error like in the previous section in the server side log file (SESSION_ID only allowed to be used by client IP address that created it). And if your connection has lasted 24 hours in total, then it will also disconnect you if you’re on a session-based connection with server-locked or user-locked profile. The solution is to either use an auto-login type profile or to increase the session token duration.

unable to obtain session ID from vpn.yourserver.com, ports=443: (error description here)

This error message can be found in the capi.log file and also shown in the popup message in Windows or macOS when you use OpenVPN Connect Client for Windows or macOS. This error message indicates that a server-locked connection profile is being used, which is the default on OpenVPN Access Server when you download and install the OpenVPN Connect Client. A server-locked connection profile is designed to be user-agnostic, meaning it doesn’t carry any user-identifiable information in it, and is a sort of universal profile. This allows any valid user accounts to start a connection with this OpenVPN Connect Client. The credentials are passed over a secure HTTPS channel to the XML-RPC services of the Access Server for verification, and if approved, the client will receive a copy of the user-locked profile for this user, and a session token. Those will be used to start the OpenVPN tunnel. After the tunnel is disconnected, the user-locked profile and session token are deleted. But for this to work, there must be a working HTTPS connection to the web services of the Access Server.

unable to obtain session ID from vpn.yourserver.com, ports=443:
Other SSL errors:[(‘SSLroutines’,’SSL23_READ’,’ssl handshake failure’)]

This could indicate that the Connect Client was able to reach some service, but it does not appear to be the Access Server web services, or perhaps the traffic is mangled by some firewall or proxy solution. For example we have seen situations where OpenVPN Access Server was installed with default settings, and OpenVPN Connect Client was installed and working, and then the port was changed on the server side from TCP 443, to TCP 444 for example, and then a web server was setup on that same server system, with an HTTPS website running on it on port TCP 443. The OpenVPN Connect Client won’t have received an update to the new port setting for the Access Server web services, and so it tries to talk to the old port, where now a web server runs. This causes an unexpected problem that can result in this type of error. If you encounter this problem you should investigate if the port that the client is trying to reach is actually reachable by this client, and to try to determine if there really is an Access Server web service running there. If you changed the ports on the server you need to reinstall this client so it updates the settings.

unable to obtain session ID from vpn.yourserver.com, ports=443:
ConnectionRefusedError: 10061: No connection could be made because the target machine actively refused it

This is a very clear indication that the address and port that the OpenVPN Connect Client is trying to reach, does not have an Access Server web service running there. For example if you install OpenVPN Connect Client on a client computer, and then you go to the Access Server and change the ports that it listens to, then the client will still be trying to connect to the old ports that were originally configured. This can also sometimes occur if the address of your server is simply misconfigured. The solution is making sure that in the Admin UI in the Network Settings page you have set the address that your server can be reached at correctly (it is best to do a DNS name instead of an IP) and that the ports are how you want them, and then after that’s set up, to download and install the OpenVPN Connect Client on your client computers.

unable to obtain session ID from vpn.yourserver.com, ports=443:
XML-RPC: TimeoutError

This indicates that the Access Server web interface’s XML-RPC interface is unreachable. The OpenVPN Connect Client uses this interface to obtain the necessary certificates and configuration to start the OpenVPN connection when you are using a server-locked profile. You will not be needing the XML-RPC interface when you use user-locked and auto-login profiles. The advantage of server-locked profiles is that they are universal — any valid user at the Access Server can log in and connect. The timeout error just means the connection timed out, usually a firewall or such is blocking the connection. The solution is to ensure that the web interface is reachable from this OpenVPN client, or instead use a user-locked or auto-login type profile.

unable to obtain session ID from vpn.yourserver.com, ports=443:
XML-RPC function GetSession with 1 arguments may not be called at the configured relay level

The OpenVPN Connect Client program for Windows and macOS by default uses server-locked profiles. These contain only the information necessary to talk to the XML-RPC web interface of the Access Server for the purpose of authenticating a user and obtaining the required certificates and connection information to start the OpenVPN tunnel. This is done so this client is universal. It will work for all valid users on the server and isn’t locked to a specific user. This does require that the web interface is reachable and that under client settings in the Admin UI the XML-RPC function is set to at least limited functionality. Full functionality also works, but when you set this to disabled, then you will get this error. The solution is to either stop using server-locked profiles and switch to user-locked or auto-login profiles, or to enable at least limited functionality for XML-RPC calls. The default is limited functionality and that is sufficient for OpenVPN Connect Client and server-locked profiles.

See the logfile ‘C:Program Files (x86)OpenVPN TechnologiesOpenVPN Clientcoreovpntray.exe.log’ for details

If you see this error message while launching the OpenVPN Connect Client, and it fails to launch, you may be missing specific Microsoft Visual C++ Redistributable DLL library files. This issue was resolved in OpenVPN Connect Client for Windows version 2.5.0.136 by adding specific required library files into the OpenVPN Connect Client program directories. You should ensure you use up-to-date software to resolve this issue. You can upgrade your Access Server to the latest version so that it offers updated OpenVPN Connect Client software, or you can separately download the OpenVPN Connect Client for Windows from our website, to upgrade your existing Connect Client version.

Serial number not found in DB

OpenVPN Access Server by default comes with an internal PKI structure, which means a self-signed root certificate with unique certificates generated for each OpenVPN client for that server. These are all unique and tied together. This is part of the strength of OpenVPN, the identity of a VPN client and a VPN server are verified in both directions when a connection is made. The client verifies the server, and the server verifies the client. So for each user account you add to the Access Server, a unique certificate is generated. The certificate is bound to the user account name, so you can’t log in with the credentials for user bob with the certificates for user billy. Each certificate also has a serial number, a unique number identifying the certificate. If you see the error that the serial number is not found in the database, that means this certificate is not known to this server. Even if you revoke a certificate, it is still known to the server, and will not produce this particular error. So you may be using a certificate from a completely different Access Server by mistake, or maybe you started with a new setup of Access Server on your server and the certificates are wiped and new ones generated for the new setup, while you’re still using old certificates from the previous installation. To resolve this problem, make sure to delete the wrong connection profile from your client computer and obtain a new one from your current Access Server installation and use that to connect.

Open TAP device «» PATH=»» FAILED TUN Error: cannot acquire TAP handle EVENT: TUN_IFACE_CREATE cannot acquire TAP handle [FATAL-ERR] 2021 EVENT: DISCONNECTED Client exception in transport_recv: tun_exception: not connected

You may receive this error message when the OpenVPN Connect 3.x service stops or does not resume when you sign back into the computer. The issue is likely caused by an antivirus program. Specifically, we’ve seen this with ESET Antivirus. You can reconnect by restarting the service manually, but the automatic connection may still encounter the issue. To test, turn off ESET. If that resolves the issue, then you may want to open a support ticket with ESET.

See also the topic authentication problems for more possible error messages and solutions regarding authentication issues.

Источник