-
honor_the_vpn
- OpenVpn Newbie
- Posts: 7
- Joined: Wed May 19, 2021 9:07 pm
Connecting to management Interface failed error on Windows 10
Hello everyone,
In March In iused the OpenVPN 2.5.1-l601 amd64 installer to install the OpenVPN client and had been connecting to VPN successfully for the next two months. On May 13 I ran Windows updates and installed the kb5003173 update (https://support.microsoft.com/en-us/top … e249f52527). After rebooting I was no longer able to connect to VPN.
I continually got the following error: Connecting to management Interface failed. (the following screenshot shows a different version of the client because i found that screenshot online)
When I look at the verb 3 logs I see the following:
Code: Select all
2021-05-13 14:32:20 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-05-13 14:32:20 OpenVPN 2.5.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 24 2021
2021-05-13 14:32:20 Windows version 10.0 (Windows 10 or greater) 64bit
2021-05-13 14:32:20 library versions: OpenSSL 1.1.1j 16 Feb 2021, LZO 2.10
Enter Management Password:
2021-05-13 14:32:20 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2021-05-13 14:32:20 Need hold release from management interface, waiting...
2021-05-13 14:32:21 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-05-13 14:32:21 MANAGEMENT: CMD 'state on'
2021-05-13 14:32:21 MANAGEMENT: CMD 'log all on'
2021-05-13 14:32:21 MANAGEMENT: CMD 'echo all on'
2021-05-13 14:32:21 MANAGEMENT: CMD 'bytecount 5'
2021-05-13 14:32:21 MANAGEMENT: CMD 'hold off'
2021-05-13 14:32:21 MANAGEMENT: CMD 'hold release'
2021-05-13 14:32:23 MANAGEMENT: CMD 'username "Auth" "*****"'
2021-05-13 14:32:23 MANAGEMENT: Client disconnected
2021-05-13 14:32:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-05-13 14:32:46 MANAGEMENT: Client disconnected
I found this on the forums but its several years old and using an earlier version of the client- https://community.openvpn.net/openvpn/ticket/1051
Has anyone seen the «Connecting to management Interface failed» on a modern version of Windows 10?
Last edited by honor_the_vpn on Thu May 20, 2021 1:18 am, edited 2 times in total.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11142
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Connecting to management Interface failed error on Windows 10
Post
by TinCanTech » Thu May 20, 2021 1:01 am
honor_the_vpn wrote: ↑
Thu May 20, 2021 12:04 am
I continually got the following error: Connecting to management Interface failed.
Actually, your log shows that you were disconnected not a failure to connect.
-
honor_the_vpn
- OpenVpn Newbie
- Posts: 7
- Joined: Wed May 19, 2021 9:07 pm
Re: Connecting to management Interface failed error on Windows 10
Post
by honor_the_vpn » Thu May 20, 2021 1:20 am
TinCanTech wrote: ↑
Thu May 20, 2021 1:01 am
honor_the_vpn wrote: ↑
Thu May 20, 2021 12:04 am
I continually got the following error: Connecting to management Interface failed.Actually, your log shows that you were disconnected not a failure to connect.
Thanks TinCanTech.
I found a screenshot online to show the error I was referring to:
That screenshot was not from my machine but my machine is saying the same thing. The error is saying that connecting to the management interface failed.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11142
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Connecting to management Interface failed error on Windows 10
Post
by TinCanTech » Thu May 20, 2021 11:18 am
Your log file is more important than a random screen shot you found online …
Try again or re-install or something.
-
honor_the_vpn
- OpenVpn Newbie
- Posts: 7
- Joined: Wed May 19, 2021 9:07 pm
Re: Connecting to management Interface failed error on Windows 10
Post
by honor_the_vpn » Fri May 21, 2021 4:46 pm
The screenshot was not random. I included it because that is the same exact response I get with my client.
Before submitting my original post I already tried uninstalling and reinstalling. I also tried uninstalling an earlier version, 2.4.9. In both cases my vpn connection attempting is erroring/disconnecting with exit code 1 without event prompting me for credentials.
Has anyone seen anything like this?
-
honor_the_vpn
- OpenVpn Newbie
- Posts: 7
- Joined: Wed May 19, 2021 9:07 pm
Re: Connecting to management Interface failed error on Windows 10
Post
by honor_the_vpn » Fri May 21, 2021 5:18 pm
I uninstalled 2.4.9, rebooted, and reinstalled 2.5.1. When I tried to launch the connection it did not prompt me for credentials and I got the following logs which repeared infinitely until I finally hit the disconnect button:
Code: Select all
2021-05-21 13:09:16 us=526384 OpenVPN 2.5.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 24 2021
2021-05-21 13:09:16 us=526384 Windows version 10.0 (Windows 10 or greater) 64bit
2021-05-21 13:09:16 us=526384 library versions: OpenSSL 1.1.1j 16 Feb 2021, LZO 2.10
Enter Management Password:
2021-05-21 13:09:16 us=526384 WE_INIT maxevents=1 flags=0x00000002
2021-05-21 13:09:16 us=526384 WE_INIT maxevents=1 capacity=2
2021-05-21 13:09:16 us=526384 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2021-05-21 13:09:16 us=526384 Need hold release from management interface, waiting...
2021-05-21 13:09:16 us=526384 WE_CTL n=0 ev=0000000000F28280 rwflags=0x0001 arg=0x0
2021-05-21 13:09:16 us=526384 WE_WAIT enter n=1 to=0
2021-05-21 13:09:16 us=526384 [0] ev=0000000000000160 rwflags=0x0001 arg=0x0
2021-05-21 13:09:16 us=526384 WE_CTL n=0 ev=0000000000F28280 rwflags=0x0001 arg=0x0
2021-05-21 13:09:16 us=526384 WE_WAIT enter n=1 to=1000
2021-05-21 13:09:16 us=526384 [0] ev=0000000000000160 rwflags=0x0001 arg=0x0
2021-05-21 13:09:16 us=542007 WE_WAIT leave rwflags=0x0001 arg=0x0
2021-05-21 13:09:16 us=542007 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-05-21 13:09:16 us=542007 WE_CTL n=0 ev=0000000000F28280 rwflags=0x0001 arg=0x0
2021-05-21 13:09:16 us=542007 WE_WAIT enter n=1 to=0
2021-05-21 13:09:16 us=542007 [0] ev=0000000000000160 rwflags=0x0001 arg=0x0
2021-05-21 13:09:16 us=542007 WE_CTL n=0 ev=0000000000F28280 rwflags=0x0001 arg=0x0
2021-05-21 13:09:16 us=542007 WE_WAIT enter n=1 to=1000
2021-05-21 13:09:16 us=542007 [0] ev=0000000000000160 rwflags=0x0001 arg=0x0
2021-05-21 13:09:16 us=546512 WE_WAIT leave rwflags=0x0001 arg=0x0
2021-05-21 13:09:16 us=546512 WE_CTL n=0 ev=0000000000F28280 rwflags=0x0001 arg=0x0
2021-05-21 13:09:16 us=546512 WE_WAIT enter n=1 to=0
2021-05-21 13:09:16 us=546512 [0] ev=0000000000000160 rwflags=0x0001 arg=0x0
2021-05-21 13:09:16 us=546512 WE_CTL n=0 ev=0000000000F28280 rwflags=0x0001 arg=0x0
2021-05-21 13:09:16 us=546512 WE_WAIT enter n=1 to=1000
2021-05-21 13:09:16 us=546512 [0] ev=0000000000000160 rwflags=0x0001 arg=0x0
2021-05-21 13:09:16 us=662478 WE_WAIT leave rwflags=0x0001 arg=0x0
2021-05-21 13:09:16 us=662478 MANAGEMENT: CMD 'state on'
2021-05-21 13:09:16 us=662478 WE_CTL n=0 ev=0000000000F28280 rwflags=0x0001 arg=0x0
2021-05-21 13:09:16 us=662478 WE_WAIT enter n=1 to=0
...
...
...
2021-05-21 13:13:35 us=751504 WE_CTL n=0 ev=0000000000F28280 rwflags=0x0001 arg=0x0
2021-05-21 13:13:35 us=751504 WE_WAIT enter n=1 to=1000
2021-05-21 13:13:35 us=751504 [0] ev=0000000000000160 rwflags=0x0001 arg=0x0
2021-05-21 13:13:36 us=754350 WE_CTL n=0 ev=0000000000F28280 rwflags=0x0001 arg=0x0
2021-05-21 13:13:36 us=754350 WE_WAIT enter n=1 to=1000
2021-05-21 13:13:36 us=754350 [0] ev=0000000000000160 rwflags=0x0001 arg=0x0
2021-05-21 13:13:37 us=756769 Signal received from management interface, exiting
2021-05-21 13:13:37 us=756769 PKCS#11: pkcs11_terminate - entered
2021-05-21 13:13:37 us=765263 PKCS#11: pkcs11_terminate - return
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11142
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Connecting to management Interface failed error on Windows 10
Post
by TinCanTech » Fri May 21, 2021 6:24 pm
Please add your client config file to this thread.
-
honor_the_vpn
- OpenVpn Newbie
- Posts: 7
- Joined: Wed May 19, 2021 9:07 pm
Re: Connecting to management Interface failed error on Windows 10
Post
by honor_the_vpn » Mon May 24, 2021 5:33 pm
This is my config (address & certificate info have been redacted). The config was not changed between when the VPN was working and when it stopped working. There were no changes to the server during that period and no one else on my team has reported a problem like this.
Code: Select all
client
dev tun
proto udp
remote ***.***.***.*** 1194
resolv-retry 1
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
auth-user-pass
verb 10
keepalive 10 60
<ca>
-----BEGIN CERTIFICATE-----
...
...
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
...
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
...
...
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
...
...
...
-----END OpenVPN Static key V1-----
</tls-auth>
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11142
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Connecting to management Interface failed error on Windows 10
Post
by TinCanTech » Mon May 24, 2021 6:27 pm
You don’t want to use verb 10, use verb 4 then read your log.
-
honor_the_vpn
- OpenVpn Newbie
- Posts: 7
- Joined: Wed May 19, 2021 9:07 pm
Re: Connecting to management Interface failed error on Windows 10
Post
by honor_the_vpn » Mon May 24, 2021 8:29 pm
So I figured out the issue and I’m embarrassed to say that it has nothing to do with OpenVPN or the Windows update. I recently migrated from one password manager to another. During the migration process it looks like the export/import added a character my OpenVPN password but I hadn’t noticed that due to the length of the password.
**facepalm**
-
honor_the_vpn
- OpenVpn Newbie
- Posts: 7
- Joined: Wed May 19, 2021 9:07 pm
Re: Connecting to management Interface failed error on Windows 10
Post
by honor_the_vpn » Mon May 24, 2021 8:34 pm
My embarrassment aside I appreciate you taking the time to respond to my thread @TinCanTech.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11142
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Connecting to management Interface failed error on Windows 10
Post
by TinCanTech » Tue May 25, 2021 12:54 am
There is no need to feel embarrassment, with a little guidance you solved the problem yourself.
And then you also fed back to the community, Kudos
We all have to start somewhere.
by Loredana Harsana
Loredana is a passionate writer with a keen interest in PC software and technology. She started off writing about mobile phones back when Samsung Galaxy S II was… read more
Published on March 26, 2022
- OpenVPN users reported getting the Connecting to management interface failed error and it seems to be due to the core process.
- You can download an executable file that will try to reconnect to the management interface and fix any error that pops up.
- Don’t miss out on our section on why you should always use a VPN.
OpenVPN implements OSI layer 2 or 3 secure network extensions using the industry-standard SSL/TLS protocol, as well as supports flexible client authentication methods based on certificates, smart cards, and/or username/password credentials.
It is a free and open-source software project developed by the Linux Foundation that can be accessed at any point in time. However, lately, it has been reported that the Connecting to management interface failed error popped up on users’ screens.
Thus, we will show you today how to fix the Connecting to management interface failed error, right after we see how OpenVPN works. Follow along!
How does OpenVPN work?
A Virtual Private Network (VPN) connects your company’s internet connection to your private network over the public internet, allowing you to work more securely and efficiently.
Protection through a virtual private network is an important component of a layered security protocol that is vital for securing both company data and an employee’s personal information.
OpenVPN products provide an almost limitless number of configuration choices. Small and medium-sized businesses (SMEs) and enterprises of all sizes use OpenVPN Cloud or OpenVPN Access Server to configure the exact access and granularity that they require for their organization.
The term Open-source refers to software that is freely available to the public. OpenVPN makes use of virtual private network technology to secure and encrypt data delivered over the internet. The key exchange protocol for its unique VPN protocol is SSL/TLS.
With more than 60 million downloads since its inception in 2001, it has established itself as the de facto standard in the open-source networking field.
What can I do when Connecting to management interface failed?
1. Retry on management timeout
- Fortunately, users found a way to fix the Connecting to management interface failed error. Thus head to Github repository with the file you need to download.
- Now scroll down and click on the link named openvpn-gui-timeout.exe in order to download it.
- Once the file is downloaded, double-click on it to run it and wait for it to complete the process. What the file will do is retry to connect to management and fix any error that pops up, including the Connecting to management interface failed error.
That’s it. Sometimes, errors can be fixed by downloading executable files that attempt to fix the error at hand. Fortunately, this was the case for you too, without having to complicate things.
- 5+ best VPNs for Windows 10 PCs
- Top 3 best VPN options fully compatible with Windows 11
- NordVPN not working in Windows 11? Fix it now
2. Use another VPN service
VPNs have quickly established themselves as essential software solutions for customers who want to secure their online privacy while also protecting their devices from hackers. In addition, we believe that Private Internet Access (PIA) is the greatest in the industry.
A super-intuitive user interface wraps around PIA VPN, making it easy to use on a variety of platforms such as Windows, Mac OS X, Android, Linux, and even straight in your web browser.
No matter whether you’re securely browsing the web, downloading torrents or streaming video, or gaming with buddies, it provides superb connection speeds. If you get sick of the Connecting to management interface failed error, we recommend that you check out PIA.
⇒ Get PIA
Why should I use a VPN?
The primary function of a virtual private network is to conceal your internet activity. It is used to protect against hackers and snoopers on public networks, but it may also be used to hide your IP address, browsing activities, and personal data on any Wi-Fi network, including those at home.
And the more digitized our lives become, the more likely it is that our personal information may be compromised.
Someone could be watching or following your online activities at any time, from your ISP (internet service provider) to organizations gathering data to monetize or sell to hackers attempting to steal your personal information for malevolent purposes.
Hackers can simply intercept and read anything you send and receive when you are connected to an unsecured public Wi-Fi network.
While the majority of your internet traffic is unimportant, it may contain vital information such as your bank account data, credit card numbers, or login credentials. Attackers cast wide nets, which is why using free public Wi-Fi puts you at greater risk of being attacked.
For more information on internet security, check out the best antiviruses for Windows 11 to secure your device.
Alternatively, if you encounter issues with the Windows Defender feature, take a look at our guide on what to do if Windows Defender is not working.
And lastly, if you find that your VPN is not working after a Windows 10/11 update, don’t worry as we got your back covered. Access the link anchored in order to see what to do about it.
Was this guide helpful for you? Let us know in the comments section below as well as if you have successfully fixed the Connecting to management interface failed error. Thanks for reading!
Newsletter
by Loredana Harsana
Loredana is a passionate writer with a keen interest in PC software and technology. She started off writing about mobile phones back when Samsung Galaxy S II was… read more
Published on March 26, 2022
- OpenVPN users reported getting the Connecting to management interface failed error and it seems to be due to the core process.
- You can download an executable file that will try to reconnect to the management interface and fix any error that pops up.
- Don’t miss out on our section on why you should always use a VPN.
OpenVPN implements OSI layer 2 or 3 secure network extensions using the industry-standard SSL/TLS protocol, as well as supports flexible client authentication methods based on certificates, smart cards, and/or username/password credentials.
It is a free and open-source software project developed by the Linux Foundation that can be accessed at any point in time. However, lately, it has been reported that the Connecting to management interface failed error popped up on users’ screens.
Thus, we will show you today how to fix the Connecting to management interface failed error, right after we see how OpenVPN works. Follow along!
How does OpenVPN work?
A Virtual Private Network (VPN) connects your company’s internet connection to your private network over the public internet, allowing you to work more securely and efficiently.
Protection through a virtual private network is an important component of a layered security protocol that is vital for securing both company data and an employee’s personal information.
OpenVPN products provide an almost limitless number of configuration choices. Small and medium-sized businesses (SMEs) and enterprises of all sizes use OpenVPN Cloud or OpenVPN Access Server to configure the exact access and granularity that they require for their organization.
The term Open-source refers to software that is freely available to the public. OpenVPN makes use of virtual private network technology to secure and encrypt data delivered over the internet. The key exchange protocol for its unique VPN protocol is SSL/TLS.
With more than 60 million downloads since its inception in 2001, it has established itself as the de facto standard in the open-source networking field.
What can I do when Connecting to management interface failed?
1. Retry on management timeout
- Fortunately, users found a way to fix the Connecting to management interface failed error. Thus head to Github repository with the file you need to download.
- Now scroll down and click on the link named openvpn-gui-timeout.exe in order to download it.
- Once the file is downloaded, double-click on it to run it and wait for it to complete the process. What the file will do is retry to connect to management and fix any error that pops up, including the Connecting to management interface failed error.
That’s it. Sometimes, errors can be fixed by downloading executable files that attempt to fix the error at hand. Fortunately, this was the case for you too, without having to complicate things.
- 5+ best VPNs for Windows 10 PCs
- Top 3 best VPN options fully compatible with Windows 11
- NordVPN not working in Windows 11? Fix it now
2. Use another VPN service
VPNs have quickly established themselves as essential software solutions for customers who want to secure their online privacy while also protecting their devices from hackers. In addition, we believe that Private Internet Access (PIA) is the greatest in the industry.
A super-intuitive user interface wraps around PIA VPN, making it easy to use on a variety of platforms such as Windows, Mac OS X, Android, Linux, and even straight in your web browser.
No matter whether you’re securely browsing the web, downloading torrents or streaming video, or gaming with buddies, it provides superb connection speeds. If you get sick of the Connecting to management interface failed error, we recommend that you check out PIA.
⇒ Get PIA
Why should I use a VPN?
The primary function of a virtual private network is to conceal your internet activity. It is used to protect against hackers and snoopers on public networks, but it may also be used to hide your IP address, browsing activities, and personal data on any Wi-Fi network, including those at home.
And the more digitized our lives become, the more likely it is that our personal information may be compromised.
Someone could be watching or following your online activities at any time, from your ISP (internet service provider) to organizations gathering data to monetize or sell to hackers attempting to steal your personal information for malevolent purposes.
Hackers can simply intercept and read anything you send and receive when you are connected to an unsecured public Wi-Fi network.
While the majority of your internet traffic is unimportant, it may contain vital information such as your bank account data, credit card numbers, or login credentials. Attackers cast wide nets, which is why using free public Wi-Fi puts you at greater risk of being attacked.
For more information on internet security, check out the best antiviruses for Windows 11 to secure your device.
Alternatively, if you encounter issues with the Windows Defender feature, take a look at our guide on what to do if Windows Defender is not working.
And lastly, if you find that your VPN is not working after a Windows 10/11 update, don’t worry as we got your back covered. Access the link anchored in order to see what to do about it.
Was this guide helpful for you? Let us know in the comments section below as well as if you have successfully fixed the Connecting to management interface failed error. Thanks for reading!
Newsletter
Comments
selvanair
added a commit
to selvanair/openvpn
that referenced
this issue
Jan 29, 2020
Check the config file location and command line options first and membership in OpenVPNAdministrators group after that as the latter could be a slow process for active directory users. When connection to domain controllers is poor or unavailable, checking the group membership is slow and causes timeouts in the GUI (Trac 1051). However, in cases where the config is in the global directory, no group membership check should be required. The re-ordering here avoids the redundant check in such cases. In addition to this, its also proposed to improve the timeout handling in the GUI, but this change is still useful as it will eliminate the problem for many users. Also see: OpenVPN/openvpn-gui#332 Signed-off-by: Selva Nair <selva.nair@gmail.com>
selvanair
added a commit
to selvanair/openvpn
that referenced
this issue
Jan 31, 2020
Check the config file location and command line options first and membership in OpenVPNAdministrators group after that as the latter could be a slow process for active directory users. When connection to domain controllers is poor or unavailable, checking the group membership is slow and causes timeouts in the GUI (Trac 1051). However, in cases where the config is in the global directory, no group membership check should be required. The re-ordering here avoids the redundant check in such cases. In addition to this, its also proposed to improve the timeout handling in the GUI, but this change is still useful as it should completely eliminate the timeout issue for many users. Also see: OpenVPN/openvpn-gui#332 Signed-off-by: Selva Nair <selva.nair@gmail.com>
selvanair
added a commit
to selvanair/openvpn
that referenced
this issue
Feb 9, 2020
Check the config file location and command line options first and membership in OpenVPNAdministrators group after that as the latter could be a slow process for active directory users. When connection to domain controllers is poor or unavailable, checking the group membership is slow and causes timeouts in the GUI (Trac 1051). However, in cases where the config is in the global directory, no group membership check should be required. The re-ordering here avoids the redundant check in such cases. In addition to this, its also proposed to improve the timeout handling in the GUI, but this change is still useful as it should completely eliminate the timeout issue for many users. v3: Do not send error message to the client pipe from ValidateOptions(). Instead save the error and send it on only if user authorization also fails. Also see: OpenVPN/openvpn-gui#332 Signed-off-by: Selva Nair <selva.nair@gmail.com>
selvanair
added a commit
to selvanair/openvpn
that referenced
this issue
Feb 10, 2020
Check the config file location and command line options first and membership in OpenVPNAdministrators group after that as the latter could be a slow process for active directory users. When connection to domain controllers is poor or unavailable, checking the group membership is slow and causes timeouts in the GUI (Trac 1051). However, in cases where the config is in the global directory, no group membership check should be required. The re-ordering here avoids the redundant check in such cases. In addition to this, its also proposed to improve the timeout handling in the GUI, but this change is still useful as it should completely eliminate the timeout issue for many users. v3: Do not send error message to the client pipe from ValidateOptions(). Instead save the error and send it on only if user authorization also fails. The error buffer size is increased to 512 wide chars as these messages could get long in some cases and may get truncated otherwise. Also see: OpenVPN/openvpn-gui#332 Signed-off-by: Selva Nair <selva.nair@gmail.com>
cron2
pushed a commit
to OpenVPN/openvpn
that referenced
this issue
Feb 10, 2020
Check the config file location and command line options first and membership in OpenVPNAdministrators group after that as the latter could be a slow process for active directory users. When connection to domain controllers is poor or unavailable, checking the group membership is slow and causes timeouts in the GUI (Trac 1051). However, in cases where the config is in the global directory, no group membership check should be required. The re-ordering here avoids the redundant check in such cases. In addition to this, its also proposed to improve the timeout handling in the GUI, but this change is still useful as it should completely eliminate the timeout issue for many users. v3: Do not send error message to the client pipe from ValidateOptions(). Instead save the error and send it on only if user authorization also fails. The error buffer size is increased to 512 wide chars as these messages could get long in some cases and may get truncated otherwise. Also see: OpenVPN/openvpn-gui#332 Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Lev Stipakov <lstipakov@gmail.com> Message-Id: <1581309200-27870-1-git-send-email-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19388.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
selvanair
added a commit
to selvanair/openvpn
that referenced
this issue
Feb 18, 2020
Check the config file location and command line options first and membership in OpenVPNAdministrators group after that as the latter could be a slow process for active directory users. When connection to domain controllers is poor or unavailable, checking the group membership is slow and causes timeouts in the GUI (Trac 1051). However, in cases where the config is in the global directory, no group membership check should be required. The re-ordering here avoids the redundant check in such cases. In addition to this, its also proposed to improve the timeout handling in the GUI, but this change is still useful as it should completely eliminate the timeout issue for many users. v3: Do not send error message to the client pipe from ValidateOptions(). Instead save the error and send it on only if user authorization also fails. The error buffer size is increased to 512 wide chars as these messages could get long in some cases and may get truncated otherwise. Also see: OpenVPN/openvpn-gui#332 Signed-off-by: Selva Nair <selva.nair@gmail.com>
cron2
pushed a commit
to OpenVPN/openvpn
that referenced
this issue
Mar 8, 2020
Check the config file location and command line options first and membership in OpenVPNAdministrators group after that as the latter could be a slow process for active directory users. When connection to domain controllers is poor or unavailable, checking the group membership is slow and causes timeouts in the GUI (Trac 1051). However, in cases where the config is in the global directory, no group membership check should be required. The re-ordering here avoids the redundant check in such cases. In addition to this, its also proposed to improve the timeout handling in the GUI, but this change is still useful as it should completely eliminate the timeout issue for many users. v3: Do not send error message to the client pipe from ValidateOptions(). Instead save the error and send it on only if user authorization also fails. The error buffer size is increased to 512 wide chars as these messages could get long in some cases and may get truncated otherwise. Also see: OpenVPN/openvpn-gui#332 Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Lev Stipakov <lstipakov@gmail.com> Message-Id: <1582077261-9467-1-git-send-email-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19474.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
OpenVPN не работает в Windows 10? Вот что делать
OpenVPN — это VPN-клиент с открытым исходным кодом, который вы можете использовать с различными провайдерами VPN. Пока ваш провайдер VPN поддерживает протокол OpenVPN TCP или UDP, вы можете установить соединение OpenVPN.
Вы можете запустить клиент OpenVPN со сценариями и настроить соединения через его файлы настроек.
Однако OpenVPN все еще может столкнуться с некоторыми трудностями. Это несколько разрешений, которые могут исправить соединения OpenVPN в Windows 10.
Как я могу исправить проблемы запуска OpenVPN в Windows 10?
- Отключить брандмауэр Windows
- Отключить стороннее антивирусное программное обеспечение
- Перезапустите адаптер TAP
- Переустановите и обновите драйвер TAP-Windows
- Проверьте, работает ли служба DHCP
- Очистить DNS
- Сброс Winsock
1. Отключите брандмауэр Windows
Брандмауэры и VPN не всегда хорошо сочетаются друг с другом. Брандмауэр Windows может заблокировать ваше соединение OpenVPN, если вы не настроили исходящие порты .
Лучший способ проверить, так ли это, — отключить брандмауэр Windows. Вот как вы можете отключить брандмауэр в Windows 10:
- Нажмите кнопку Cortana на панели задач, чтобы открыть это приложение.
- Введите ключевое слово «Брандмауэр Windows» в поле поиска и выберите, чтобы открыть Брандмауэр Защитника Windows .
- Нажмите Включить или выключить брандмауэр Защитника Windows, чтобы открыть настройки, показанные на снимке ниже.
- Выберите оба параметра « Отключить брандмауэр Защитника Windows» .
- Нажмите кнопку ОК .
2. Отключите стороннее антивирусное программное обеспечение
Также обратите внимание, что стороннее антивирусное программное обеспечение может препятствовать VPN с их собственными брандмауэрами. Таким образом, отключение сторонних антивирусных утилит может также помочь исправить соединение OpenVPN.
Вы можете временно отключить некоторые антивирусные программы, выбрав отключить настройки в их контекстных меню. Или вы также можете удалить программное обеспечение из автозагрузки Windows следующим образом:
- Щелкните правой кнопкой мыши панель задач Windows и выберите « Диспетчер задач» в открывшемся контекстном меню.
- Откройте вкладку «Автозагрузка» в окне «Диспетчер задач».
- Выберите антивирусное программное обеспечение и нажмите кнопку « Отключить» .
- Затем перезагрузите свой ноутбук или рабочий стол.
Если вы хотите узнать, как добавлять или удалять загрузочные приложения в Windows 10, ознакомьтесь с этим простым руководством . Кроме того, если вы не можете открыть диспетчер задач в Windows 10, не беспокойтесь. У нас есть правильное решение для вас.
3. Перезапустите адаптер TAP.
Добавление программного обеспечения OpenVPN в Windows также добавляет адаптер TAP-Windows. В одном сообщении об ошибке OpenVPN говорится: « Все адаптеры TAP-Windows в этой системе в настоящее время используются. »
Если вы получаете это сообщение об ошибке, перезапуск адаптера TAP может исправить OpenVPN. Вы можете перезапустить адаптер TAP следующим образом:
- Нажмите сочетание клавиш Windows + R, чтобы открыть аксессуар «Запуск».
- Введите «Панель управления» в «Выполнить» и нажмите кнопку ОК .
- Нажмите « Центруправлениясетями и общим доступом», чтобы открыть настройки панели управления , показанные непосредственно ниже.
- Нажмите Изменить настройки адаптера, чтобы открыть свои подключения, как показано ниже.
- Затем щелкните правой кнопкой мыши Адаптер TAP-Windows и выберите Отключить .
- Щелкните правой кнопкой мыши TAP-Windows Adapter и выберите Enable, чтобы перезапустить адаптер.
4. Переустановите и обновите драйвер TAP-Windows
Если перезапуск адаптера не помогает, попробуйте переустановить драйвер TAP-Windows. Для этого сначала откройте диспетчер устройств, чтобы удалить адаптер, нажав клавишу Windows + горячую клавишу X.
- Выберите Диспетчер устройств, чтобы открыть окно в кадре прямо ниже.
- Дважды щелкните Сетевые адаптеры, чтобы развернуть список сетевых адаптеров.
- Щелкните правой кнопкой мыши TAP-Windows Adapter и выберите « Удалить устройство» .
- Теперь откройте эту страницу OpenVPN в вашем браузере .
- Прокрутите страницу до конца и нажмите tap-windows-9.21.2.exe, чтобы загрузить последнюю версию драйвера TAP (NDIS 6) для OpenVPN. Драйвер NDIS 5 предназначен для Windows XP.
- Щелкните правой кнопкой мыши исполняемый файл TAP-Windows и выберите « Запуск от имени администратора».
- Перезагрузите Windows после установки драйвера.
Ничего не происходит, когда вы нажимаете на Запуск от имени администратора? Не волнуйтесь, у нас есть правильное решение для вас.
5. Проверьте, работает ли служба DHCP
« Последовательность инициализации завершена с ошибками » — это еще одно сообщение об ошибке, которое может открыться для некоторых пользователей OpenVPN. Если это сообщение об ошибке открывается для вас, проверьте, что служба DHCP работает.
Вы можете запустить службу DHCP следующим образом:
- Введите «services.msc» в «Выполнить» и нажмите кнопку « ОК» .
- Прокрутите вниз до DHCP-клиента, показанного на снимке ниже.
- Дважды щелкните DHCP-клиент, чтобы открыть окно его свойств.
- Выберите « Автоматически» в раскрывающемся меню «Тип запуска».
- Затем нажмите кнопку « Начать обслуживание».
- Если DHCP-клиент уже запущен, нажмите кнопки « Стоп» и « Пуск», чтобы перезапустить его.
- Нажмите кнопку Применить и ОК .
6. Очистите DNS
Различные ошибки подключения могут быть связаны с повреждением кэша DNS. Таким образом, очистка кеша DNS может стать потенциальным исправлением для OpenVPN. Вот как вы можете очистить DNS в Windows 10.
- Откройте меню Win + X с помощью клавиши Windows + X.
- Нажмите Командная строка (Администратор) в меню Win + X.
- Введите следующие команды отдельно в окне подсказки:
интерфейс netsh ip удалить arpcache
- Закройте командную строку и перезапустите Windows.
7. Сброс Winsock
Сброс поврежденных настроек TCP / IP Winsock также может исправить сообщения об ошибках OpenVPN. Для этого введите «Командная строка» в поле поиска Кортаны.
- Щелкните правой кнопкой мыши Командную строку и выберите Запуск от имени администратора, чтобы открыть ее.
- Затем введите «netsh int ip reset logfile.txt» в командной строке и нажмите клавишу Enter.
- Войдите в каталог сброса netsh winsock и нажмите кнопку возврата.
- Перезагрузите ваш рабочий стол или ноутбук.
Некоторые из этих решений могут исправить ошибки инициализации клиента OpenVPN в Windows 10. Ознакомьтесь с этой статьей, где приведены некоторые более общие советы по исправлению VPN-подключений.
Если у вас есть какие-либо другие предложения или вопросы, не стесняйтесь оставлять их в разделе комментариев ниже, и мы обязательно их рассмотрим.
OpenVPN GUI «Connection to management interface failed» error for domain user, with no local admin privileges #332
Client = OpenVPN GUI 11.14.0.0/2.4.8 (config and installer generated by pfSense client export plugin)
Server = OpenVPN on up-to-date pfSense
OS = Windows 10 Pro, feature pack 1803
Laptop = Lenovo ThinkPad E550
- User is a domain user with no local admin privileges
- OpenVPN GUI launches on Windows startup
- Config file and TLS key are located at C:Program FilesOpenVPNconfig
- OpenVPN Interactive Service is set to Automatic and is running
- OpenVPNService and OpenVPN Legacy Service are disabled
Issue Description
Sometimes, when double clicking on the OpenVPN GUI, the error message «Connecting to management interface failed» is displayed and no VPN connection is established. However, sometimes the VPN connects normally.
My work pc uses openvpn gui and I’ve been randomly having this issue pop up. It will persist for several hours and then randomly I can connect again with seemingly no prompt on either end of the issue. We initially thought it was a firewall issue and turned off the firewall, adjusted the firewall settings, reset the firewall, etc.I attempted to append the config file with the —askpass setting, but I believe I may have entered it incorrectly into the file (if this is indeed a solution, it would be helpful to know how to correctly format it)
I am using openvpn gui 11.25.0.0
Here is the error that pops up:
Here is the text from the log file:
2021-09-16 10:36:14 OpenVPN 2.5.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 17 2021
2021-09-16 10:36:14 Windows version 10.0 (Windows 10 or greater) 64bit
2021-09-16 10:36:14 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
Enter Management Password:
2021-09-16 10:36:14 MANAGEMENT: TCP Socket listening on [AF_INET](IP ADDRESS)
2021-09-16 10:36:14 Need hold release from management interface, waiting.
Содержание
- Ошибка OpenVPN: connecting to management interface failed
- Не подключается OpenVPN
- Windows 10 после обновления и OpenVPN
- Лига Сисадминов
- Правила сообщества
- Очередная шутка про UDP, которая дойдёт не до всех
- Заполняется SSD диск сам по себе
- Крик души, сил моих уже нет. BSODы с рандомной ошибкой
- Openvpn connecting to management interface failed windows 10
- OpenVPN проблема с настройкой
Ошибка OpenVPN: connecting to management interface failed
Добавлено через 30 минут
Что то я наделал и ошибка сменилась на «Не удалось подключиться к client»
Логи перезаписались, изменилась только дата
Добавлено через 5 минут
мда, я как обычно невнимателен. Нашёл в чём проблема.
Помощь в написании контрольных, курсовых и дипломных работ здесь.
Ошибка в Crysis 2: «Failed to initialize the GameStartup Interface»
Установил репак от механиков.Выдаёт ошибку Failed to initialize the GameStartup Interface! Чтобы я.
Intel(R) Management Engine Interface
Я переустановил винду и ноут стал работать заметно быстрее. После установки всех драйверов скорость.
Не устанавливается драйвер Intel Management Engine Interface
Здравствуйте как установить драйвер Intel Management Engine Interface всегда появляется.
После переустановки ОС не устанавливается драйвер Intel Management Engine Interface
Приветствую! присоединяюсь к вопросу. Была винда х64. пк. стояла 2 года. стала.
WoW не запускается на нетбуке: «failed to archive interface»
я год назад купил нетбук, установил вов и начал играть)) недавно переустановил винду с хр на.
Что не правильно в функции. Возникает ошибка error connecting: Timeout expired
При работе функции провожу ниже возникает постоянно ошибка Error: error connecting: Timeout.
Источник
Не подключается OpenVPN
Уважаемые специалисты! У меня большая проблема из-за которой я не могу работать и, которую не может решить штатный сотрудник по технической поддержке. Дело в программе OpenVPN GUI, или в моем компьютере, я не до конца разобралась еще.( Прошу простить, если это выглядит очень глупо, но мне правда нужна помощь. При подключении выдается ошибка:
Комментарий модератора | ||
|
Я не знаю,какой отрезок журнала Вам должен о чем-то сказать,вот и скопировала весь лог. Заранее огромное спасибо.
Помощь в написании контрольных, курсовых и дипломных работ здесь.
Openvpn + Webmin OpenVPN admin
Vps CentOS6 Поставил openvpn + Webmin OpenVPN admin при попытке запуска выдает Error Command.
Не подключается к интернету: находит WiFi но не подключается, хотя пароль введен верно
У меня стоит Windows 7, находит WiFi но не подключаеться, хотя пароль введен верно, пишит.
Точка доступа всегда открытая; то подключается, то не подключается
от чего зависит не пойму. >Highgates technology SSID: UR-325BN Протокол: 802.11n Тип.
Источник
Windows 10 после обновления и OpenVPN
После очередного принудительного обновления от Мелкомягких перестали мои устройства на Windows 10 подключаться к моему серверу OpenVPN.
До середины июля все было шик и блеск, работало корректно и стабильно. После накатывания обновы параметры в системе не поменялись(и на том спасибо, MS), но к одному из моих серверов OpenVPN устройства подключаться перестали.
Сервер на Ubuntu, настроенный на работу по UDP. К нему подключаются и корректно работают по сей день несколько машинок на Win7, несколько на Debian и Ubuntu и одна на Win 10, где обновления отключены по-максимому(насколько это сейчас позволяет система и лайфхаки).
Конфиги приводить не буду, т.к. сервер с другими машинами функционирует корректно, а клиент-конфиги у всех одинаковые(только каждый со своими сертификатами).
Проблема исключительно в винде, т.к. в локалке есть Ubuntu машина, которая через мой роутер и моего провайдера удачно работает с сервером.
Всякие фаерволы на винде поотрубал, ничего вроде сеть не контролирует. Левого ПО нет(ноут так вообще чистый, только Putty, OpenVPN и Chrome стоят).
По факту происходит следующее:
Клиент отправляет серверу по нужному порту пакет запроса на подключение(14 байт), а ответа от сервера не получает. После чего через некоторое время несколько раз дублирует пакет, а потом говорит, что все плохо.
Логи, если это необходимо, могу приложить, но в них ничего интересного. Клиент не дожидается ответа от сервера, а на сервере в логах видна попытка подключения и сервер даже верифицирует коннект.
Может кто сталкивался и знает куда копать?
P.S. Есть также еще один OpenVPN настроенный на TCP протокол. Работает на Win 10 машинах нормально.
Лига Сисадминов
648 постов 12.3K подписчиков
Правила сообщества
— # mount /dev/good_story /sysodmins_league
— # mount /dev/photo_it /sysodmins_league
— # mount /dev/best_practice /sysodmins_league
— # mount /dev/tutorial /sysodmins_league
У клиента после обновления перестал работать VPN. Помогло это:
Open a command prompt in administrator mode. This is important, since the commands do not work correctly as a non-admin and can’t be run as an admin from the program menu.
Delete the current TAP configuration (if it is present, it was already absent on my system): «C:Program FilesTAP-Windowsbindeltapall.bat»
Reboot to ensure that everything is updated correctly. This may not be 100% necessary here, but it doesn’t hurt and other users seem to suggest that it was required for them.
Log on and open a command prompt in administrator mode.
Add the TAP configuration: «C:Program FilesTAP-Windowsbinaddtap.bat»
Reboot (yes, again) to ensure that everything is updated correctly. This was necessary for me in order to get it to work correctly. It didn’t work until I rebooted after adding the TAP configuration.
Log on and use OpenVPN normally
На работе стоит Win 10 Enterprise LTS.
На ней нет этой дичи с обновлениями, как в обычной десятке, и кучи ненужных свистелок/перделок в ней тоже нет. Но она, как следует из названия, распространяется только в корпоративном варианте
Вы бы еще windows начали обвинять в том, что у вас оно по SSL не авторизуется.
Нашли уязвимость, закрыли, на офсайте продукта есть обновление. В чем проблема, не понимаю.
А гугл что говорит?
А что говорит TCPdump? на обоих концах
Немного не понятно, если «ответа от сервера не получает», и «Клиент не дожидается ответа от сервера» то причем тут винда?
А где со стороны сервера дамп?
и одна на Win 10, где обновления отключены по-максимому(насколько это сейчас позволяет система и лайфхаки).
У меня сеть все на лицензионной винде, 39 машин все работает как часы.
Очередная шутка про UDP, которая дойдёт не до всех
Заполняется SSD диск сам по себе
С помощью WinDirStat стала смотреть, что за файл тянет на себя одеяло (следовало это сразу же сделать, соглашусь).
Оказался client.log от OpenVPN, подключение по которому осуществлялось 24/7. На момент, когда смотрела, этот текстовый файл весил уже 130 Гб о_О
Отключение логирования помогло. Для этого необходимо в папке OpenVPNconfig найти файл client.ovpn, открыть блокнотом и воткнуть значение 0 в строке verb:
Может, кому-то будет полезно.
Крик души, сил моих уже нет. BSODы с рандомной ошибкой
В общем, ближе к сути. Собрал я компьютер следующей конфигурации:
Видеокарта 0 Asus PCI-Ex GeForce GTX 1660 Super Dual EVO OC 6GB GDDR6
4 кулера PcCooler F122B 120 мм (3 на вдув, 1 на выдув)
Корпус, думаю, вообще не имеет значения.
Месяц данная сборка работала идеально, никаких проблем. Но потребовалась переустановка винды, так как была проблема с аккаунтом Origin, которая, как выяснилось не имела отношения к системе. Первый раз стояла Win10 x64 скачанная с сайта майкрософт, потом была установлена пиратка (каюсь), но даже с ней все некоторое время работало хорошо.
Потом начали вылетать BSODы с рандомными ошибками. Выискивая инфу по инету, было проделано практически все что предлагалось:
— Переустановка системы (разные дистрибутивы, сейчас опять стоит официальная Win10. BSODы вылазили даже сразу после установки, когда еще не успевал даже первый полноценный запуск происходить)
— Откаты драйверов и их переустановка (в том числе драйвер Realtek, на который тоже жаловались люди в интернете)
— Проверка оперативной памяти встроенным в винду ПО и с помощью MemTest (ошибок не обнаружено)
— Несколько проверок системных файлов через командную строку (один раз было что-то обнаружено и исправлено, не помогло)
— Использован DISM /RestoreHealth (не помогло)
— Проверены жесткие диски с помощью встроенных в винду инструментов (не помогло)
— Проведены чистки реестра с помощью CCleaner
— Пробовал менять плашки памяти местами, оставить только одну, потом оставить только вторую, проверка контактов (не помогло)
— Пробовал установку винды на другой жесткий диск (не помогло)
— Проверка температур (все в норме)
— Сброс БИОС до значений по умолчанию
— Было обнаружено что частота памяти в биосе выставлена на 2400, установил на 3200 (не помогло, но тут я не силен, может при изменении предустановок частоты тайминги тоже нужно поменять?)
— Чиста системного блока
— Откаты обновлений винды
Почему начали вылазить синие экраны я тоже без понятия, ничего такого на копе не делал, стоял аваст и защитник виндовс, ПО только лицензии (ну кроме попыток установить разные дистрибутивы винды), использовал как игровую станцию.
Источник
Openvpn connecting to management interface failed windows 10
Профиль | Отправить PM | Цитировать
Сообщения: 5681
Благодарности: 1145
Собственно, надо просто перевести то, что пишут.
Ignoring option ‘dh’ in tls-client mode, please only include this in your server configuration »
В клиенте опцию dh не надо указывать, это для сервера.
Не активирован режим проверки сертификата на сервере, см. ссылку.
А зачем вам ОпенВПН, если у вас Керио есть, который сам прекрасно умеет VPN?
Если же вы забыли свой пароль на форуме, то воспользуйтесь данной ссылкой для восстановления пароля.
OpenVPN проблема с настройкой
Привет знатоки.
Возможно кто сталкивался с похожей проблемой настройки VPN сервера в среде Windows server 2008 и сможет объяснить причину её возникновения или указать на мою ошибку.
После генерации ключей и написания конфигурации, сервер при попытке соединения, зависает на этапе соединения. (значок жёлтого цвета)
—
Версия OpenVPN 2.4.4-I601
—
Файл конфигурации:
proto tcp4-server
port 12345
dev tun
tls-server
tls-auth «C:\OpenVPN\easy-rsa\keys\ta.key» 0
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca «C:\OpenVPN\easy-rsa\keys\ca.crt»
cert «C:\OpenVPN\easy-rsa\keys\SrvVPN.crt»
key «C:\OpenVPN\easy-rsa\keys\SrvVPN.key»
dh «C:\OpenVPN\easy-rsa\keys\dh4096.pem»
server 10.10.10.0 255.255.255.0
client-to-client
keepalive 10 120
cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
client-config-dir «C:\OpenVPN\config»
verb 3
route-delay 5
route-method exe
push «route 192.168.0.0 255.255.255.0»
route 192.168.182.0 255.255.255.0
—
Лог соединения:
Tue May 08 12:08:55 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Tue May 08 12:08:55 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Tue May 08 12:08:55 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Tue May 08 12:08:55 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue May 08 12:08:55 2018 Need hold release from management interface, waiting.
Tue May 08 12:08:56 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue May 08 12:08:56 2018 MANAGEMENT: CMD ‘state on’
Tue May 08 12:08:56 2018 MANAGEMENT: CMD ‘log all on’
Tue May 08 12:08:56 2018 MANAGEMENT: CMD ‘echo all on’
Tue May 08 12:08:56 2018 MANAGEMENT: CMD ‘hold off’
Tue May 08 12:08:56 2018 MANAGEMENT: CMD ‘hold release’
Tue May 08 12:08:58 2018 MANAGEMENT: CMD ‘proxy NONE ‘
—
Никак не пойму, в чём ошибка и как с этим бороться.
Так ребята, всем спасибо за внимание и за отклик.
Проблему удалось решить.
—
Для тех, кто столкнётся с подобной проблемой необходимо выполнить следующие действия:
Зайди в настройки GUI OpenVPN, закладка «прокси-сервер» и установи отметку напротив «Использовать настройки из файла конфигурации OpenVPN» (по умолчанию, стоит отметка на пункте «Использовать системные настройки прокси-сервера»)
p.s. После изменения настроек, перезапусти GUI OpenVPN и повтори соединение.
Если не сложно, опиши корректно свой вопрос, тогда постараюсь дать на него ответ.
(13) Нет, спасибо. Я не фанат сторонних впн клиентов, винрара, тотал коммандера.
(14) Я про настройку подключения к OpenVPN серверу в винде из коробки. Но оказалось что она не умеет это, и нужно ставить дополнительные программы шифрующие и дешефрующие трафик.
Источник
Adblock
detector
Источник
Вот такое в логе:
2021-07-22 12:49:20,339 [INFO] ------------ OPEN VPN Log END -------------
2021-07-22 12:49:20,344 [INFO] command "connect" done
2021-07-22 12:58:50,490 [INFO] Daemon: got command: "connect"
2021-07-22 12:58:50,490 [INFO] GET Session
2021-07-22 12:58:50,496 [INFO] Starting new HTTPS connection (1): api.windscribe.com
2021-07-22 12:58:50,989 [DEBUG] "GET /Session?client_auth_hash=80277f3906c30cf6cc4a951e24bf8d10&session_auth_hash=47979677%3A3%3A1625921952%3Aae5055e267ff6739943e6d6450c5e55d09723c4fc6%3A8f66ddb138b54cd861cc01358d2aae0a60d4428eb3&time=1626947930 HTTP/1.1" 200 None
2021-07-22 12:58:50,994 [INFO] Loading Account
2021-07-22 12:58:50,999 [INFO] location revision changed from 16b6dc888da6942090bdcf3b40ee2ee137916390 to a28c5fcf743a63ddf7339ab7053cb61be23c784f, updating server locations
2021-07-22 12:58:50,999 [INFO] GET ServerLocations
2021-07-22 12:58:51,009 [INFO] Starting new HTTPS connection (1): assets.windscribe.com
2021-07-22 12:58:51,376 [DEBUG] "GET /serverlist/desktop/0/a28c5fcf743a63ddf7339ab7053cb61be23c784f HTTP/1.1" 200 None
2021-07-22 12:58:51,396 [INFO] Updating server list revision to: a28c5fcf743a63ddf7339ab7053cb61be23c784f
2021-07-22 12:58:51,409 [INFO] Daemon: connect arg: None
2021-07-22 12:58:51,410 [INFO] CACHED - GET AssetsServerList
2021-07-22 12:58:51,416 [INFO] Chosen connection "no" not in chosen nodes, using parent location
2021-07-22 12:58:51,416 [INFO] Chosen node: {u'wg_pubkey': u'y+Kvlfz0z8DF17hVvEezMml3SH3OaB2l5l09DPdQNCk=', u'group': u'Oslo - Fjord', u'weight': 1, u'ip': u'91.219.215.98', u'hostname': u'no-007.whiskergalaxy.com', u'ip2': u'91.219.215.99', u'ip3': u'91.219.215.100', u'tz': u'Europe/Oslo', u'type': u'normal', u'gps': u'59.91,10.75'}
2021-07-22 12:58:51,416 [INFO] Connecting to Norway Oslo Fjord (UDP:443)
2021-07-22 12:58:51,423 [INFO] Starting new HTTPS connection (1): api.windscribe.com
2021-07-22 12:58:51,840 [DEBUG] "GET /MyIp?client_auth_hash=6a60aac60cc91e9798342feaf9573b27&time=1626947931 HTTP/1.1" 200 None
2021-07-22 12:58:51,844 [INFO] Writing OpenVPN config
2021-07-22 12:58:51,857 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:58:51,884 [INFO] Write ServerCredentials: qbl7uchw-g635dyx / zsrh46e3cw
2021-07-22 12:58:51,896 [INFO] checking for resolvconf symlink: /run/resolvconf/resolv.conf
2021-07-22 12:58:51,896 [INFO] openvpn exec path: /usr/sbin/openvpn on port: unix
2021-07-22 12:58:51,896 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:58:51,896 [INFO] running openvpn command: /usr/sbin/openvpn --verb 4 --daemon --management /etc/windscribe/openvpn.sock unix --management-hold --config /etc/windscribe/client.ovpn --log /var/log/windscribe/ovpn_log.txt --up /etc/windscribe/update-resolv.sh --down /etc/windscribe/update-resolv.sh --script-security 2
2021-07-22 12:58:51,906 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:58:51,906 [INFO] OPENVPN HOLD Release State: None delaycount 0
2021-07-22 12:58:52,908 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:58:52,908 [INFO] OPENVPN HOLD Release State: None delaycount 1
2021-07-22 12:58:53,909 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:58:53,909 [INFO] OPENVPN HOLD Release State: None delaycount 2
2021-07-22 12:58:54,911 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:58:54,911 [INFO] OPENVPN HOLD Release State: None delaycount 3
2021-07-22 12:58:55,913 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:58:55,913 [INFO] OPENVPN HOLD Release State: None delaycount 4
2021-07-22 12:58:56,915 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:58:56,916 [INFO] OPENVPN HOLD Release State: None delaycount 5
2021-07-22 12:58:56,918 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:58:56,952 [INFO] CONNECT: openvpn failed, retrying: True
2021-07-22 12:58:56,952 [INFO] GET ServerCredentials
2021-07-22 12:58:56,957 [INFO] Starting new HTTPS connection (1): api.windscribe.com
2021-07-22 12:58:57,398 [DEBUG] "GET /ServerCredentials?client_auth_hash=5ec2ed402b87275cd2553fb5a03903a0&session_auth_hash=47979677%3A3%3A1625921952%3Aae5055e267ff6739943e6d6450c5e55d09723c4fc6%3A8f66ddb138b54cd861cc01358d2aae0a60d4428eb3&time=1626947936 HTTP/1.1" 200 None
2021-07-22 12:58:57,401 [INFO] Write ServerCredentials: qbl7uchw-g635dyx / zsrh46e3cw
2021-07-22 12:58:57,408 [INFO] Failed to connect, retrying
2021-07-22 12:58:57,408 [INFO] ------------ OPEN VPN Log START -------------
2021-07-22 12:58:57,408 [INFO] Fri Jul 9 08:27:44 2021 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 9 2019
Fri Jul 9 08:27:44 2021 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Fri Jul 9 08:27:44 2021 WARNING: file '/etc/windscribe/credentials.txt' is group or others accessible
Fri Jul 9 08:27:44 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jul 9 08:27:44 2021 Control Channel Authentication: tls-auth using INLINE static key file
Fri Jul 9 08:27:44 2021 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Jul 9 08:27:44 2021 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Jul 9 08:27:44 2021 UDPv4 link local: [undef]
Fri Jul 9 08:27:44 2021 UDPv4 link remote: [AF_INET]82.102.22.3:443
Fri Jul 9 08:27:44 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jul 9 08:27:44 2021 VERIFY OK: depth=3, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
Fri Jul 9 08:27:44 2021 VERIFY OK: depth=2, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X1
Fri Jul 9 08:27:44 2021 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X2
Fri Jul 9 08:27:44 2021 Validating certificate key usage
Fri Jul 9 08:27:44 2021 ++ Certificate has key usage 00a0, expects 00a0
Fri Jul 9 08:27:44 2021 VERIFY KU OK
Fri Jul 9 08:27:44 2021 Validating certificate extended key usage
Fri Jul 9 08:27:44 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Jul 9 08:27:44 2021 VERIFY EKU OK
Fri Jul 9 08:27:44 2021 VERIFY OK: depth=0, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=osl-169.windscribe.com
Fri Jul 9 08:27:44 2021 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1550'
Fri Jul 9 08:27:44 2021 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
Fri Jul 9 08:27:44 2021 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
Fri Jul 9 08:27:44 2021 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jul 9 08:27:44 2021 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Jul 9 08:27:44 2021 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jul 9 08:27:44 2021 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Jul 9 08:27:44 2021 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Fri Jul 9 08:27:44 2021 [osl-169.windscribe.com] Peer Connection Initiated with [AF_INET]82.102.22.3:443
Fri Jul 9 08:27:46 2021 TUN/TAP device tun0 opened
Fri Jul 9 08:27:46 2021 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Jul 9 08:27:46 2021 /sbin/ip link set dev tun0 up mtu 1500
Fri Jul 9 08:27:46 2021 /sbin/ip addr add dev tun0 10.114.70.56/23 broadcast 10.114.71.255
Fri Jul 9 08:27:46 2021 /etc/windscribe/update-resolv.sh tun0 1500 1605 10.114.70.56 255.255.254.0 init
dhcp-option DOMAIN-ROUTE .
dhcp-option DNS 10.255.255.2
Fri Jul 9 08:27:47 2021 Initialization Sequence Completed
Fri Jul 9 08:29:37 2021 TLS Error: unknown opcode received from [AF_INET]82.102.22.3:443 op=23
Fri Jul 9 10:02:41 2021 TLS Error: local/remote TLS keys are out of sync: [AF_INET]82.102.22.3:443 [5]
Fri Jul 9 12:28:08 2021 TLS Error: Unroutable control packet received from [AF_INET]82.102.22.3:443 (si=3 op=P_CONTROL_SOFT_RESET_V1)
Fri Jul 9 13:47:02 2021 TLS Error: unknown opcode received from [AF_INET]82.102.22.3:443 op=21
Fri Jul 9 17:23:16 2021 Closing TUN/TAP interface
Fri Jul 9 17:23:16 2021 /sbin/ip addr del dev tun0 10.114.70.56/23
Fri Jul 9 17:23:16 2021 /etc/windscribe/update-resolv.sh tun0 1500 1605 10.114.70.56 255.255.254.0 init
2021-07-22 12:58:57,408 [INFO] ------------ OPEN VPN Log END -------------
2021-07-22 12:58:57,409 [INFO] CACHED - GET AssetsServerList
2021-07-22 12:58:57,415 [INFO] Chosen connection "no" not in chosen nodes, using parent location
2021-07-22 12:58:57,416 [INFO] Chosen node: {u'wg_pubkey': u'y+Kvlfz0z8DF17hVvEezMml3SH3OaB2l5l09DPdQNCk=', u'group': u'Oslo - Fjord', u'weight': 1, u'ip': u'82.102.22.2', u'hostname': u'no-004.whiskergalaxy.com', u'ip2': u'82.102.22.3', u'ip3': u'82.102.22.4', u'tz': u'Europe/Oslo', u'type': u'normal', u'gps': u'59.91,10.75'}
2021-07-22 12:58:57,416 [INFO] Connecting to Norway Oslo Fjord (UDP:443)
2021-07-22 12:58:57,423 [INFO] Starting new HTTPS connection (1): api.windscribe.com
2021-07-22 12:58:57,799 [DEBUG] "GET /MyIp?client_auth_hash=7bac951c9ed34d3ac9ebb1f10f14db98&time=1626947937 HTTP/1.1" 200 None
2021-07-22 12:58:57,805 [INFO] Writing OpenVPN config
2021-07-22 12:58:57,828 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:58:57,850 [INFO] Write ServerCredentials: qbl7uchw-g635dyx / zsrh46e3cw
2021-07-22 12:58:57,866 [INFO] checking for resolvconf symlink: /run/resolvconf/resolv.conf
2021-07-22 12:58:57,867 [INFO] openvpn exec path: /usr/sbin/openvpn on port: unix
2021-07-22 12:58:57,869 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:58:57,870 [INFO] running openvpn command: /usr/sbin/openvpn --verb 4 --daemon --management /etc/windscribe/openvpn.sock unix --management-hold --config /etc/windscribe/client.ovpn --log /var/log/windscribe/ovpn_log.txt --up /etc/windscribe/update-resolv.sh --down /etc/windscribe/update-resolv.sh --script-security 2
2021-07-22 12:58:57,879 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:58:57,880 [INFO] OPENVPN HOLD Release State: None delaycount 0
2021-07-22 12:58:58,881 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:58:58,881 [INFO] OPENVPN HOLD Release State: None delaycount 1
2021-07-22 12:58:59,883 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:58:59,883 [INFO] OPENVPN HOLD Release State: None delaycount 2
2021-07-22 12:59:00,884 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:59:00,884 [INFO] OPENVPN HOLD Release State: None delaycount 3
2021-07-22 12:59:01,887 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:59:01,889 [INFO] OPENVPN HOLD Release State: None delaycount 4
2021-07-22 12:59:02,890 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:59:02,890 [INFO] OPENVPN HOLD Release State: None delaycount 5
2021-07-22 12:59:02,891 [INFO] OPENVPN: unable to connect to management interface
2021-07-22 12:59:02,917 [INFO] CONNECT: openvpn failed, retrying: False
2021-07-22 12:59:02,921 [INFO] ------------ IPTABLES -------------
2021-07-22 12:59:02,921 [INFO] Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 192.168.0.0/16
ACCEPT all -- 0.0.0.0/0 10.0.0.0/8
ACCEPT all -- 0.0.0.0/0 172.16.0.0/12
2021-07-22 12:59:02,921 [INFO] ------------ IPTABLES END -------------
2021-07-22 12:59:02,921 [INFO] Failed to connect
2021-07-22 12:59:02,921 [INFO] ------------ OPEN VPN Log START -------------
2021-07-22 12:59:02,921 [INFO] Fri Jul 9 08:27:44 2021 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 9 2019
Fri Jul 9 08:27:44 2021 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Fri Jul 9 08:27:44 2021 WARNING: file '/etc/windscribe/credentials.txt' is group or others accessible
Fri Jul 9 08:27:44 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jul 9 08:27:44 2021 Control Channel Authentication: tls-auth using INLINE static key file
Fri Jul 9 08:27:44 2021 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Jul 9 08:27:44 2021 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Jul 9 08:27:44 2021 UDPv4 link local: [undef]
Fri Jul 9 08:27:44 2021 UDPv4 link remote: [AF_INET]82.102.22.3:443
Fri Jul 9 08:27:44 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jul 9 08:27:44 2021 VERIFY OK: depth=3, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
Fri Jul 9 08:27:44 2021 VERIFY OK: depth=2, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X1
Fri Jul 9 08:27:44 2021 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X2
Fri Jul 9 08:27:44 2021 Validating certificate key usage
Fri Jul 9 08:27:44 2021 ++ Certificate has key usage 00a0, expects 00a0
Fri Jul 9 08:27:44 2021 VERIFY KU OK
Fri Jul 9 08:27:44 2021 Validating certificate extended key usage
Fri Jul 9 08:27:44 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Jul 9 08:27:44 2021 VERIFY EKU OK
Fri Jul 9 08:27:44 2021 VERIFY OK: depth=0, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=osl-169.windscribe.com
Fri Jul 9 08:27:44 2021 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1550'
Fri Jul 9 08:27:44 2021 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
Fri Jul 9 08:27:44 2021 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
Fri Jul 9 08:27:44 2021 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jul 9 08:27:44 2021 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Jul 9 08:27:44 2021 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jul 9 08:27:44 2021 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Jul 9 08:27:44 2021 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Fri Jul 9 08:27:44 2021 [osl-169.windscribe.com] Peer Connection Initiated with [AF_INET]82.102.22.3:443
Fri Jul 9 08:27:46 2021 TUN/TAP device tun0 opened
Fri Jul 9 08:27:46 2021 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Jul 9 08:27:46 2021 /sbin/ip link set dev tun0 up mtu 1500
Fri Jul 9 08:27:46 2021 /sbin/ip addr add dev tun0 10.114.70.56/23 broadcast 10.114.71.255
Fri Jul 9 08:27:46 2021 /etc/windscribe/update-resolv.sh tun0 1500 1605 10.114.70.56 255.255.254.0 init
dhcp-option DOMAIN-ROUTE .
dhcp-option DNS 10.255.255.2
Fri Jul 9 08:27:47 2021 Initialization Sequence Completed
Fri Jul 9 08:29:37 2021 TLS Error: unknown opcode received from [AF_INET]82.102.22.3:443 op=23
Fri Jul 9 10:02:41 2021 TLS Error: local/remote TLS keys are out of sync: [AF_INET]82.102.22.3:443 [5]
Fri Jul 9 12:28:08 2021 TLS Error: Unroutable control packet received from [AF_INET]82.102.22.3:443 (si=3 op=P_CONTROL_SOFT_RESET_V1)
OSAGist, [22.07.21 13:40]
Fri Jul 9 13:47:02 2021 TLS Error: unknown opcode received from [AF_INET]82.102.22.3:443 op=21
Fri Jul 9 17:23:16 2021 Closing TUN/TAP interface
Fri Jul 9 17:23:16 2021 /sbin/ip addr del dev tun0 10.114.70.56/23
Fri Jul 9 17:23:16 2021 /etc/windscribe/update-resolv.sh tun0 1500 1605 10.114.70.56 255.255.254.0 init
2021-07-22 12:59:02,921 [INFO] ------------ OPEN VPN Log END -------------
2021-07-22 12:59:02,924 [INFO] command "connect" done
Помогите вылечить (
I’m desperately trying to troubleshoot an issue with our OpenVPN, but whatever I’m trying, the OpenVPN GUI window just comes up blank.
I’ve already increased the verb
directive in the config file to 9
, but the window still stays blank. After about 20 seconds, I will get a message box saying Connecting to MyVPN has failed. and that’s it.
I ran Process Monitor to see what the application is actually doing and I’m seeing a lot of connections to 127.0.0.1:25340
, which seems to be the default managment port. But it doesn’t seem like the connection succeeds.
asked Oct 28, 2013 at 16:30
Oliver SalzburgOliver Salzburg
85.3k61 gold badges258 silver badges306 bronze badges
0
OpenVPN GUI is probably trying to connect to the management interface of an OpenVPN instance which should have already been started.
OpenVPN GUI will first try to start openvpn.exe
and then connect to the port shown above. If you look carefully at your Process Monitor output, you would see a Process Create event pointing to openvpn.exe
.
Sadly, OpenVPN GUI doesn’t (or can’t) capture the output of that process. So you’re going to want to start it yourself manually. You’ll then see what the problem with your configuration file is.
answered Oct 28, 2013 at 16:30
Oliver SalzburgOliver Salzburg
85.3k61 gold badges258 silver badges306 bronze badges
0
On Windows this issue sometimes persists and requires a restart to clear it. However as an alternative you can look at the active processes list in Task Manager and End the OpenVPN Daemon process and OpenVPN-GUI process, then restart OpenVPN-GUI. This should clear the throat.
answered Jun 22, 2018 at 9:08
On Windows…
exit the OpenVPN program (via the icon next to the windows clock)
and see in the background process window if the OpenVPN Deamon process is still open
If it is open, kill the process
answered Mar 6, 2020 at 18:31
0
OpenVPN GUI «Connection to management interface failed» error for domain user, with no local admin privileges
Client = OpenVPN GUI 11.14.0.0/2.4.8 (config and installer generated by pfSense client export plugin)
Server = OpenVPN on up-to-date pfSense
OS = Windows 10 Pro, feature pack 1803
Laptop = Lenovo ThinkPad E550
- User is a domain user with no local admin privileges
- OpenVPN GUI launches on Windows startup
- Config file and TLS key are located at C:Program FilesOpenVPNconfig
- OpenVPN Interactive Service is set to Automatic and is running
- OpenVPNService and OpenVPN Legacy Service are disabled
Issue Description
Sometimes, when double clicking on the OpenVPN GUI, the error message «Connecting to management interface failed» is displayed and no VPN connection is established. However, sometimes the VPN connects normally.
Steps to Consistently Reproduce the Issue
- Reboot the PC
- Login as a regular domain user
- Double click on the OpenVPN GUI icon
- When prompted, enter username and password
- Wait for VPN to fully establish
- Disconnect from the VPN
- Wait until icon is no longer green
- Continue connecting and disconnecting until the error message is displayed, then click OK to close the error window. Sometimes it only takes once, sometimes it takes 2 or 3 tries.
- Launch Task Manager as a local admin user
- Kill the OpenVPN Daemon process
- Wait at least 1 minute. The issue does seem to be timing related, so it is important to wait a full 60 seconds. I have tried immediately reconnecting (after killing the daemon) and often it will work. I tried longer and longer delays until I found that it would never connect after 60 seconds.
- Double click on the OpenVPN GUI icon and wait for the error to pop up
- Again, if I kill the openvpn.exe process and immediately try to reconnect, it works. But if I wait 60 seconds or more, then I again get the error message
Steps Taken to Troubleshoot
- Uninstalled client, deleted config, reinstalled client
- Confirmed, as per this wiki entry, that the correct services were running
- Set verb 4 in config and used diff to compare a successful connection to an unsuccessful one.
They are identical until the «Enter Management Password:» entry in the logs, after which the successful connection continues, but there is nothing further from the failed connection. - Suspected some sort of timeout threshold had been reached, so continued to insert longer and longer delays, following the killing of openvpn.exe, until I found the magic number of 1 minute.
- Tried logging in with a local admin user and following the above steps to reproduce the issue. It is not possible to reproduce the issue when logged in as a local admin user.
Client Config
dev tun
persist-tun
persist-key
cipher AES-128-GCM
ncp-ciphers AES-128-GCM:AES-128-CBC
auth SHA512
tls-client
client
resolv-retry 2
remote vpn.example.com 1194 udp
setenv opt block-outside-dns
lport 0
verify-x509-name «hostname» name
auth-user-pass
pkcs12 fw1-udp-1194-hostname.p12
tls-auth fw1-udp-1194-hostname-tls.key 1
remote-cert-tls server
passtos
verb 4
Sounds somewhat similar to the issue reported here:
https://community.openvpn.net/openvpn/ticket/1051
If the GUI fails to connect to management interface within 15 seconds after spawning oepnvpn.exe it times out. For some reason the core process may be taking a longer time to come up causing this behaviour. See the above link for more details.
The delay may be because user credentials are checked by the service before starting openvpn.exe and that may be taking long for domain accounts when the DC is unreachable or slow to respond. But the 60 second wait before restart causing issues sounds bizzare and could be related to some Windows cache not controlled by OpenVPN.
Anyway, please try the exe in the proposed fix here:
https://github.com/selvanair/openvpn-gui/releases/tag/mgmt-timeout
This will to repeatedly try to connect to the management i/f instead of aborting, and may fix the problem.
Hello @selvanair,
Thank you so much for your quick response and for a solution that works!
While the fix does work (and I’m very thankful for it!), I think it may be masking an underlying problem. I say this because the behaviour of a domain user with local admin privileges, is different than a domain user that has no local admin privileges. When I’m logged into the laptop as a domain user with local admin privileges, I cannot reproduce the problem. Yet, when logged in as a domain user with no local admin privileges, the issue is consistently reproducible. In both cases, I frequently experience delays during the VPN connection process, which are much longer than if I’m connecting using a non-domain local admin user.
When you have local admin privilege the interactive service considers you as authorized to use any connection profile, and no connection to DC is involved. Otherwise it has to check your group membership which can involve a connection to the DC with fallback to cached data.
So the underlying problem is that either your DC is not reachable or is slow to respond. The patch takes care of such cases by not timing out in 15 seconds.
The DC is unreachable because this laptop is a roaming device that is only able to connect to the DC once the VPN is established, so this will always be the case for this device.
If there is a way to decrease the DC connection timeout period or have the VPN client recognize that a domain user is attempting to connect, but there is no DC available? If neither of these options are feasible, do you know when/if your patch is going to be merged into master and when that might make it to a release?
There could be some setting in the OS on how long to wait for the DC before falling back to the cached result. Even if you manage to control that, the patch is required as its not correct, not required to assume that openvpn.exe will come up in 15 seconds.
But, to turn a patch to a PR takes a lot of due-diligence and even for submitted PRs we are short of people to review and ACK them, so no idea when this will get submitted, reviewed and merged.
By the way, its possible to eliminate the group membership check (and connection attempt to DC) if the config is in the global directory (not in user profile). I’ll submit a patch to openvpn core for this.
I assume by «global directory» you mean C:Program FilesOpenVPNconfig. That’s where my configs are located. So are you saying that currently the OpenVPN client does the group membership check, regardless of where the configs are located, but you’re going to submit a patch to core, to change the current behaviour? Presumably, this would result in less delay and might therefore allow me to use the official packages, rather than the patched version?
@mason-ftl Yes, no further check is necessary in that case (but still done in the current code) and there will be virtually no delay in spawning openvpn.exe by the service or for the management i/f to come up. Delays in establishing connection with the server is irrelevant here.
Excellent! That seems like a great interim solution to the problem, while you’re waiting for your other patch to make it’s way into core.
Thanks @selvanair!
Hi,
On Mon, Feb 17, 2020 at 03:22:21PM -0800, Selva Nair wrote:
The patch for interactive service has been merged and will be available in the 2.5 release.
Shall we pull this up to the next 2.4? If I am remembering correctly,
this is a «standalone» thing, with no dependencies on other changes.
gert
—
«If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor.»
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering — Munich, Germany gert@greenie.muc.de
On Tue, Feb 18, 2020 at 7:03 AM Gert Doering <notifications@github.com>
wrote:
Hi,
On Mon, Feb 17, 2020 at 03:22:21PM -0800, Selva Nair wrote:
> The patch for interactive service has been merged and will be available
in the 2.5 release.
Shall we pull this up to the next 2.4? If I am remembering correctly,
this is a «standalone» thing, with no dependencies on other changes.
Yes, this would be useful in 2.4 and there are no real functionality
changes.
Unfortunately it doesn’t cherry-pick cleanly because of past swprintf ->
openvpn_swprintf
changes. Resolution is easy, but I can send a 2.4 specific patch if
preferred.
Selva
Hi,
On Tue, Feb 18, 2020 at 07:46:08AM -0800, Selva Nair wrote:
Resolution is easy, but I can send a 2.4 specific patch if preferred.
As I’m lazy *and* very busy these weeks, this would be nice
gert
—
«If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor.»
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering — Munich, Germany gert@greenie.muc.de
I’m still having this issue with the latest version of OpenVPN (2.5.2)
I’m still having this issue with the latest version of OpenVPN (2.5.2)
This issue means what? There are number of things discussed here related to location of config, user local admin or not, DC reachable or not, timeout not long enough etc.
I’m still having this issue with the latest version of OpenVPN (2.5.2)
This issue means what? There are number of things discussed here related to location of config, user local admin or not, DC reachable or not, timeout not long enough etc.
Hi, sorry I should have been more precise.
I had the error «Connection to management interface failed» when trying to connect to any VPN with OpenVPN GUI.
However, after a reboot, it started working properly.
You can keep this closed
However, after a reboot, it started working properly.
There is nothin’ that a little «reboot» can’t fix
However, there is a temp fix:
1. Kill OpenVPN processes from the task manager.
2. Disable and Enable TAP network adapter.
3. Then try to connect.