Discussion:
[Openvpn-users] OpenVPN client on Vista
Paul Harlow
2007-10-02 21:31:58 UTC
Permalink
Hello,



I keep seeing that it's possible to run OpenVPN on Vista however I
cannot get it to work on a laptop with Vista Business installed. OpenVPN
2.1_rc4 installs flawlessly and the drivers appear to install without
issues as well. Initially I've tested this client/server setup on
Windows XP and it works flawlessly.

When I connect the client on Vista (using the GUI tool) it appears to
connect successfully however no traffic will route via the 'new'
interface. When I look in the log I get the following errors:



NOTE: FlushIpNetTable failed on interface [18]
{CE78FFF2-3B21-4A7F-931E-6D07AE329934} (status=5) : Access is denied.

TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up

route ADD 10.9.1.0 MASK 255.255.255.0 10.10.9.5

ROUTE: route addition failed using CreateIpForwardEntry: Access is
denied. [status=5 if_index=18]

Route addition via IPAPI failed [adaptive]

Route addition fallback to route.exe

The requested operation requires elevation.

ERROR: Windows route add command failed [adaptive]: system() returned
error code 1

route ADD 10.10.9.1 MASK 255.255.255.255 10.10.9.5

ROUTE: route addition failed using CreateIpForwardEntry: Access is
denied. [status=5 if_index=18]

Route addition via IPAPI failed [adaptive]

Route addition fallback to route.exe

The requested operation requires elevation.

ERROR: Windows route add command failed [adaptive]: system() returned
error code 1

Initialization Sequence Completed



Are there fixes or work arounds to this? I cannot find anything and the
archives only go back to April.



Paul
Leonardo Rodrigues Magalhães
2007-10-02 21:32:52 UTC
Permalink
You're running with non-admin user. OpenVPN needs some network
privileges for adding the new (and required) routes for traffic flowing
through the VPN tunnel.

You have to run with some admin user OR get the right permissions on
your non-admin user. I dont know what's the right privilege on Vista
neither how to give privileges on Vista. But that's the point, you dont
have right for creating new routes and, thus, nothing will flow through
the vpn tunnel.
Post by Paul Harlow
Hello,
I keep seeing that it's possible to run OpenVPN on Vista however I
cannot get it to work on a laptop with Vista Business installed.
OpenVPN 2.1_rc4 installs flawlessly and the drivers appear to install
without issues as well. Initially I've tested this client/server setup
on Windows XP and it works flawlessly.
When I connect the client on Vista (using the GUI tool) it appears to
connect successfully however no traffic will route via the 'new'
NOTE: FlushIpNetTable failed on interface [18]
{CE78FFF2-3B21-4A7F-931E-6D07AE329934} (status=5) : Access is denied.
TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
route ADD 10.9.1.0 MASK 255.255.255.0 10.10.9.5
ROUTE: route addition failed using CreateIpForwardEntry: Access is
denied. [status=5 if_index=18]
Route addition via IPAPI failed [adaptive]
Route addition fallback to route.exe
The requested operation requires elevation.
ERROR: Windows route add command failed [adaptive]: system() returned
error code 1
route ADD 10.10.9.1 MASK 255.255.255.255 10.10.9.5
ROUTE: route addition failed using CreateIpForwardEntry: Access is
denied. [status=5 if_index=18]
Route addition via IPAPI failed [adaptive]
Route addition fallback to route.exe
The requested operation requires elevation.
ERROR: Windows route add command failed [adaptive]: system() returned
error code 1
Initialization Sequence Completed
Are there fixes or work arounds to this? I cannot find anything and
the archives only go back to April.
Paul
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
***@solutti.com.br
My SPAMTRAP, do not email it
Paul Harlow
2007-10-02 21:39:52 UTC
Permalink
Apologies, I failed to mention that yes I am an administrator. Domain administrator to be exact so permissions should not be an issue however I run into permission issues all the time with Vista.



I know that in order to add routes to Vista even an administrator must run the CMD tool in an 'administrative mode'.



Thanks for the response. J



Paul Harlow

303.695.3861 - desk

303.913.2804 - cell



From: Leonardo Rodrigues Magalhães [mailto:***@solutti.com.br]
Sent: Tuesday, October 02, 2007 3:33 PM
To: Paul Harlow
Cc: openvpn-***@lists.sourceforge.net
Subject: Re: [Openvpn-users] OpenVPN client on Vista




You're running with non-admin user. OpenVPN needs some network privileges for adding the new (and required) routes for traffic flowing through the VPN tunnel.

You have to run with some admin user OR get the right permissions on your non-admin user. I dont know what's the right privilege on Vista neither how to give privileges on Vista. But that's the point, you dont have right for creating new routes and, thus, nothing will flow through the vpn tunnel.


Paul Harlow escreveu:

Hello,



I keep seeing that it's possible to run OpenVPN on Vista however I cannot get it to work on a laptop with Vista Business installed. OpenVPN 2.1_rc4 installs flawlessly and the drivers appear to install without issues as well. Initially I've tested this client/server setup on Windows XP and it works flawlessly.

When I connect the client on Vista (using the GUI tool) it appears to connect successfully however no traffic will route via the 'new' interface. When I look in the log I get the following errors:



NOTE: FlushIpNetTable failed on interface [18] {CE78FFF2-3B21-4A7F-931E-6D07AE329934} (status=5) : Access is denied.

TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up

route ADD 10.9.1.0 MASK 255.255.255.0 10.10.9.5

ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=18]

Route addition via IPAPI failed [adaptive]

Route addition fallback to route.exe

The requested operation requires elevation.

ERROR: Windows route add command failed [adaptive]: system() returned error code 1

route ADD 10.10.9.1 MASK 255.255.255.255 10.10.9.5

ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=18]

Route addition via IPAPI failed [adaptive]

Route addition fallback to route.exe

The requested operation requires elevation.

ERROR: Windows route add command failed [adaptive]: system() returned error code 1

Initialization Sequence Completed



Are there fixes or work arounds to this? I cannot find anything and the archives only go back to April.



Paul
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
***@solutti.com.br
My SPAMTRAP, do not email it
Rob MacGregor
2007-10-02 22:16:28 UTC
Permalink
Post by Paul Harlow
Apologies, I failed to mention that yes I am an administrator. Domain
administrator to be exact so permissions should not be an issue however I
run into permission issues all the time with Vista.
What does your client config file look like?

I'm running the OpenVPN client (GUI install) on Vista and it connects
just fine to 3 different OpenVPN servers, so it's certainly possible.

The errors do suggest that the tool wasn't run with the "Run as
administrator" option. If I do that for the GUI tool then adding
routes work, if I just run it as an Administrator account then it
doesn't.
--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
Dave Green
2007-10-03 02:26:19 UTC
Permalink
Top posting to follow exisitng trend...

I think that in Vista, even the admin accounts don't have full admin
privileges. I had a similar problem with OpenVPN on a vista laptop and
the fix was to assign administrative privileges to the Openvpn
executable itself. I think it was done via the properties page.

Dave
Post by Paul Harlow
Apologies, I failed to mention that yes I am an administrator. Domain
administrator to be exact so permissions should not be an issue
however I run into permission issues all the time with Vista.
I know that in order to add routes to Vista even an administrator must
run the CMD tool in an ‘administrative mode’.
Thanks for the response. J
Paul Harlow
303.695.3861 - desk
303.913.2804 - cell
*Sent:* Tuesday, October 02, 2007 3:33 PM
*To:* Paul Harlow
*Subject:* Re: [Openvpn-users] OpenVPN client on Vista
You're running with non-admin user. OpenVPN needs some network
privileges for adding the new (and required) routes for traffic
flowing through the VPN tunnel.
You have to run with some admin user OR get the right permissions on
your non-admin user. I dont know what's the right privilege on Vista
neither how to give privileges on Vista. But that's the point, you
dont have right for creating new routes and, thus, nothing will flow
through the vpn tunnel.
Hello,
I keep seeing that it’s possible to run OpenVPN on Vista however I
cannot get it to work on a laptop with Vista Business installed.
OpenVPN 2.1_rc4 installs flawlessly and the drivers appear to install
without issues as well. Initially I’ve tested this client/server setup
on Windows XP and it works flawlessly.
When I connect the client on Vista (using the GUI tool) it appears to
connect successfully however no traffic will route via the ‘new’
NOTE: FlushIpNetTable failed on interface [18]
{CE78FFF2-3B21-4A7F-931E-6D07AE329934} (status=5) : Access is denied.
TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
route ADD 10.9.1.0 MASK 255.255.255.0 10.10.9.5
ROUTE: route addition failed using CreateIpForwardEntry: Access is
denied. [status=5 if_index=18]
Route addition via IPAPI failed [adaptive]
Route addition fallback to route.exe
The requested operation requires elevation.
ERROR: Windows route add command failed [adaptive]: system() returned error code 1
route ADD 10.10.9.1 MASK 255.255.255.255 10.10.9.5
ROUTE: route addition failed using CreateIpForwardEntry: Access is
denied. [status=5 if_index=18]
Route addition via IPAPI failed [adaptive]
Route addition fallback to route.exe
The requested operation requires elevation.
ERROR: Windows route add command failed [adaptive]: system() returned error code 1
Initialization Sequence Completed
Are there fixes or work arounds to this? I cannot find anything and
the archives only go back to April.
Paul
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
My SPAMTRAP, do not email it
------------------------------------------------------------------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Colin Ryan
2007-10-03 02:34:57 UTC
Permalink
Absolutely, a painful fact. The Tap driver itself can be opened and
connect without explicit "Run as Administrator" properties but the
routing can't be.

I believe there are ways to sign and register executable for privilege
escalation, but in my first reading it was obscure, looked messy and
needed some tool set's that I not being much of a developer - especially
a Windoze developer - couldn't seem to get a firm handle on.

So for now, until I find the time this is the reality. But if you run
openvpn or the openvpn-gui executable's properties tab, select
"Compatibility Mode" and check the "Run as Administrator" at least you
don't have to worry about this all the time. However this will still
break if you attempt to have OpenVPN GUI - for example - startup on
login/boot. I do NOT know what happens when you try to run as a service,
but I do know it is documented in Openvpn-Gui that service mode makes
the log output and status difficult to get at so it's troublesome from a
support perspective.

C
Post by Dave Green
Top posting to follow exisitng trend...
I think that in Vista, even the admin accounts don't have full admin
privileges. I had a similar problem with OpenVPN on a vista laptop and
the fix was to assign administrative privileges to the Openvpn
executable itself. I think it was done via the properties page.
Dave
Post by Paul Harlow
Apologies, I failed to mention that yes I am an administrator. Domain
administrator to be exact so permissions should not be an issue
however I run into permission issues all the time with Vista.
I know that in order to add routes to Vista even an administrator must
run the CMD tool in an ‘administrative mode’.
Thanks for the response. J
Paul Harlow
303.695.3861 - desk
303.913.2804 - cell
*Sent:* Tuesday, October 02, 2007 3:33 PM
*To:* Paul Harlow
*Subject:* Re: [Openvpn-users] OpenVPN client on Vista
You're running with non-admin user. OpenVPN needs some network
privileges for adding the new (and required) routes for traffic
flowing through the VPN tunnel.
You have to run with some admin user OR get the right permissions on
your non-admin user. I dont know what's the right privilege on Vista
neither how to give privileges on Vista. But that's the point, you
dont have right for creating new routes and, thus, nothing will flow
through the vpn tunnel.
Hello,
I keep seeing that it’s possible to run OpenVPN on Vista however I
cannot get it to work on a laptop with Vista Business installed.
OpenVPN 2.1_rc4 installs flawlessly and the drivers appear to install
without issues as well. Initially I’ve tested this client/server setup
on Windows XP and it works flawlessly.
When I connect the client on Vista (using the GUI tool) it appears to
connect successfully however no traffic will route via the ‘new’
NOTE: FlushIpNetTable failed on interface [18]
{CE78FFF2-3B21-4A7F-931E-6D07AE329934} (status=5) : Access is denied.
TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
route ADD 10.9.1.0 MASK 255.255.255.0 10.10.9.5
ROUTE: route addition failed using CreateIpForwardEntry: Access is
denied. [status=5 if_index=18]
Route addition via IPAPI failed [adaptive]
Route addition fallback to route.exe
The requested operation requires elevation.
ERROR: Windows route add command failed [adaptive]: system() returned error code 1
route ADD 10.10.9.1 MASK 255.255.255.255 10.10.9.5
ROUTE: route addition failed using CreateIpForwardEntry: Access is
denied. [status=5 if_index=18]
Route addition via IPAPI failed [adaptive]
Route addition fallback to route.exe
The requested operation requires elevation.
ERROR: Windows route add command failed [adaptive]: system() returned error code 1
Initialization Sequence Completed
Are there fixes or work arounds to this? I cannot find anything and
the archives only go back to April.
Paul
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
My SPAMTRAP, do not email it
------------------------------------------------------------------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Paul Harlow
2007-10-03 19:44:13 UTC
Permalink
Thanks to all that responded to this issue for me. I appreciate it. It would appear that adding the ability for the executables to run as administrative resources has resolved this issue. I went into the properties on both the OpenVPN and the GUI executables and set them to both run as administrators. While I do now have to answer to User Account Control request to "continue" or "cancel", it does now work completely and without errors.

Paul Harlow

-----Original Message-----
From: openvpn-users-***@lists.sourceforge.net [mailto:openvpn-users-***@lists.sourceforge.net] On Behalf Of Dave Green
Sent: Tuesday, October 02, 2007 8:26 PM
To: openvpn-***@lists.sourceforge.net
Subject: Re: [Openvpn-users] OpenVPN client on Vista

Top posting to follow exisitng trend...

I think that in Vista, even the admin accounts don't have full admin
privileges. I had a similar problem with OpenVPN on a vista laptop and
the fix was to assign administrative privileges to the Openvpn
executable itself. I think it was done via the properties page.

Dave
Post by Paul Harlow
Apologies, I failed to mention that yes I am an administrator. Domain
administrator to be exact so permissions should not be an issue
however I run into permission issues all the time with Vista.
I know that in order to add routes to Vista even an administrator must
run the CMD tool in an 'administrative mode'.
Thanks for the response. J
Paul Harlow
303.695.3861 - desk
303.913.2804 - cell
*Sent:* Tuesday, October 02, 2007 3:33 PM
*To:* Paul Harlow
*Subject:* Re: [Openvpn-users] OpenVPN client on Vista
You're running with non-admin user. OpenVPN needs some network
privileges for adding the new (and required) routes for traffic
flowing through the VPN tunnel.
You have to run with some admin user OR get the right permissions on
your non-admin user. I dont know what's the right privilege on Vista
neither how to give privileges on Vista. But that's the point, you
dont have right for creating new routes and, thus, nothing will flow
through the vpn tunnel.
Hello,
I keep seeing that it's possible to run OpenVPN on Vista however I
cannot get it to work on a laptop with Vista Business installed.
OpenVPN 2.1_rc4 installs flawlessly and the drivers appear to install
without issues as well. Initially I've tested this client/server setup
on Windows XP and it works flawlessly.
When I connect the client on Vista (using the GUI tool) it appears to
connect successfully however no traffic will route via the 'new'
NOTE: FlushIpNetTable failed on interface [18]
{CE78FFF2-3B21-4A7F-931E-6D07AE329934} (status=5) : Access is denied.
TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
route ADD 10.9.1.0 MASK 255.255.255.0 10.10.9.5
ROUTE: route addition failed using CreateIpForwardEntry: Access is
denied. [status=5 if_index=18]
Route addition via IPAPI failed [adaptive]
Route addition fallback to route.exe
The requested operation requires elevation.
ERROR: Windows route add command failed [adaptive]: system() returned error code 1
route ADD 10.10.9.1 MASK 255.255.255.255 10.10.9.5
ROUTE: route addition failed using CreateIpForwardEntry: Access is
denied. [status=5 if_index=18]
Route addition via IPAPI failed [adaptive]
Route addition fallback to route.exe
The requested operation requires elevation.
ERROR: Windows route add command failed [adaptive]: system() returned error code 1
Initialization Sequence Completed
Are there fixes or work arounds to this? I cannot find anything and
the archives only go back to April.
Paul
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
My SPAMTRAP, do not email it
------------------------------------------------------------------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Florin Andrei
2007-10-11 00:16:24 UTC
Permalink
Post by Paul Harlow
Thanks to all that responded to this issue for me. I appreciate it. It would appear that adding the ability for the executables to run as administrative resources has resolved this issue. I went into the properties on both the OpenVPN and the GUI executables and set them to both run as administrators. While I do now have to answer to User Account Control request to "continue" or "cancel", it does now work completely and without errors.
Running OpenVPN as a service + "Run as Administrator" is what I did a
while ago. Works flawlessly, the laptop gets connected as soon as it
boots up.
--
Florin Andrei

http://florin.myip.org/
Continue reading on narkive:
Loading...