All TAP-Win32 adapters on this system are currently in use.
-
I followed the stickied OpenVPN tutorial above. Everything went smoothly. The tutorial said to use UDP for everything, but in the end I couldn't make a connection. It was some TLS error or something. Anyways I changed everything to TCP and it made a connection and stuff. But now I'm getting a weird error when the client attempts to connect. Here is the log:
Tue Aug 17 11:39:29 2010 us=328000 Current Parameter Settings: Tue Aug 17 11:39:29 2010 us=328000 config = 'ovpn_client1.ovpn' Tue Aug 17 11:39:29 2010 us=328000 mode = 0 Tue Aug 17 11:39:29 2010 us=328000 show_ciphers = DISABLED Tue Aug 17 11:39:29 2010 us=328000 show_digests = DISABLED Tue Aug 17 11:39:29 2010 us=328000 NOTE: --mute triggered... Tue Aug 17 11:39:29 2010 us=328000 267 variation(s) on previous 5 message(s) suppressed by --mute Tue Aug 17 11:39:29 2010 us=328000 OpenVPN 2.1.2 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Aug 15 2010 Tue Aug 17 11:39:29 2010 us=328000 WARNING: --ping should normally be used with --ping-restart or --ping-exit Tue Aug 17 11:39:29 2010 us=328000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Aug 17 11:39:29 2010 us=531000 LZO compression initialized Tue Aug 17 11:39:29 2010 us=531000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ] Tue Aug 17 11:39:29 2010 us=531000 Socket Buffers: R=[8192->8192] S=[8192->8192] Tue Aug 17 11:39:29 2010 us=531000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Tue Aug 17 11:39:29 2010 us=531000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Tue Aug 17 11:39:29 2010 us=531000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server' Tue Aug 17 11:39:29 2010 us=531000 Local Options hash (VER=V4): '69109d17' Tue Aug 17 11:39:29 2010 us=531000 Expected Remote Options hash (VER=V4): 'c0103fa8' Tue Aug 17 11:39:29 2010 us=531000 Attempting to establish TCP connection with XXX.XXX.XXX.XXX:1194 Tue Aug 17 11:39:29 2010 us=562000 TCP connection established with XXX.XXX.XXX.XXX:1194 Tue Aug 17 11:39:29 2010 us=562000 TCPv4_CLIENT link local: [undef] Tue Aug 17 11:39:29 2010 us=562000 TCPv4_CLIENT link remote: XXX.XXX.XXX.XXX:1194 Tue Aug 17 11:39:29 2010 us=578000 TLS: Initial packet from XXX.XXX.XXX.XXX:1194, sid=3d580ee4 f9349406 Tue Aug 17 11:39:30 2010 VERIFY OK: depth=1, /C=US/ST=CO/L=City/O=BusinessName/CN=pfsense-CA/emailAddress=it@mydomain.com Tue Aug 17 11:39:30 2010 VERIFY OK: nsCertType=SERVER Tue Aug 17 11:39:30 2010 VERIFY OK: depth=0, /C=US/ST=CO/O=BusinessName/CN=server/emailAddress=it@mydomain.com Tue Aug 17 11:39:31 2010 us=15000 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Aug 17 11:39:31 2010 us=15000 NOTE: --mute triggered... Tue Aug 17 11:39:31 2010 us=15000 4 variation(s) on previous 5 message(s) suppressed by --mute Tue Aug 17 11:39:31 2010 us=15000 [server] Peer Connection Initiated with XXX.XXX.XXX.XXX:1194 Tue Aug 17 11:39:33 2010 us=296000 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Tue Aug 17 11:39:33 2010 us=546000 PUSH: Received control message: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,dhcp-option DISABLE-NBT,route 192.168.200.1,ping 10,ping-restart 60,ifconfig 192.168.200.6 192.168.200.5' Tue Aug 17 11:39:33 2010 us=546000 OPTIONS IMPORT: timers and/or timeouts modified Tue Aug 17 11:39:33 2010 us=546000 OPTIONS IMPORT: --ifconfig/up options modified Tue Aug 17 11:39:33 2010 us=546000 OPTIONS IMPORT: route options modified Tue Aug 17 11:39:33 2010 us=546000 NOTE: --mute triggered... Tue Aug 17 11:39:33 2010 us=562000 1 variation(s) on previous 5 message(s) suppressed by --mute Tue Aug 17 11:39:33 2010 us=562000 ROUTE default_gateway=192.168.1.1 Tue Aug 17 11:39:33 2010 us=562000 CreateFile failed on TAP device: \\.\Global\{824B4543-51FF-4993-95C2-BD0236ACAD8E}.tap Tue Aug 17 11:39:33 2010 us=562000 All TAP-Win32 adapters on this system are currently in use. Tue Aug 17 11:39:33 2010 us=562000 ExitingHere is the pfSense OpenVPN system log:
Aug 17 13:35:43 openvpn[61830]: ovpn_client1/209.XXX.XXX.XXX:1069 Connection reset, restarting [-1] Aug 17 13:35:40 openvpn[61830]: 209.209.XXX.XXX.XXX:1069 [ovpn_client1] Peer Connection Initiated with 209.169.205.36:1069 Aug 17 13:35:39 openvpn[61830]: TCPv4_SERVER link remote: 209.209.XXX.XXX.XXX:1069 Aug 17 13:35:39 openvpn[61830]: TCPv4_SERVER link local: [undef] Aug 17 13:35:39 openvpn[61830]: TCP connection established with 209.209.XXX.XXX.XXX:1069 Aug 17 13:35:39 openvpn[61830]: LZO compression initialized Aug 17 13:35:39 openvpn[61830]: Re-using SSL/TLS contextNote: The time/date on the logs don't exactly match up but thats only cause I copy/pasted one of the logs from earlier this morning.
So the connection is being made and stuff, but I don't have any clue what a TAP device is. I've done some searching and Googling on this problem. I followed some instructions that said to use the batch files in Start Menu > Programs > OpenVPN to Delete and then Add TAP devices. Didn't seem to make any difference.
One important note, for one of my clients I use SonicWall VPN. I have the SonicWall VPN client installed on my Windows machine. I've read somewhere that its bad to have multiple VPN clients installed on a single computer. This could be the possible problem maybe, but I'm not sure.
-
I got that on my Windows Server 2008 R2 test machine. The TAP device is the network adapter that openvpn installs, in my case it was missing. Apparently i was using an old version of openvpn that doesn't support that OS (Win 7 included most likely).
I downloaded the most recent version from openvpn.net and it worked (http://swupdate.openvpn.net/downloads/openvpn-client.msi)
-
That was indeed the problem. I am using Windows 7 64-bit and I guess the website told me the wrong file to download.
Originally, the OpenVPN client I downloaded was from here:
http://openvpn.net/index.php/open-source/downloads.html
I downloaded the Windows Installer openvpn-2.1.2-install.exe
It doesn't say anything about being compatible or incompatible with Windows 7 x64 so I assumed that was what I needed.
That was the client that was not working for me. Then when I visited http://openvpn.net, on the front page it has a link to the following file:
http://swupdate.openvpn.net/downloads/openvpn-client.msi
which on the front page says its specifically for Windows 7. I installed that and it worked.
However, one important note, this new client I installed is COMPLETELY different than the older OpenVPN client I'm used to. You know the old one has the little system tray icon you right click on to Connect? This new one is totally different. You start the client and a window pops up asking for a IP address to connect to. And you can import your .ovpn profile as well. So a word of caution anyone reading this who tried to follow all the stickied tutorial threads, cause this part is completely different. I don't even see an easy-rsa folder in the client install directory.
-
The .msi is for connecting to OpenVPN's commercial "Access Server", and others have said that it specifically did not work.
The "Community Software" link at the top has the one you really need - http://openvpn.net/release/openvpn-2.1.2-install.exe
That client works fine on Windows 7, you just need to make sure you run it as Admin when it is launched.
-
Well when I use that .exe instead of the .msi install, when attempting to connect I get the above error. Any idea on why that is?
-
Did you try the steps in the first Google hit on that error + windows 7?
http://www.surfbouncer.com/TAP_adapter.htm
-
Yes I found that page, but no luck. Here is what is going on:
When I look in Control Panel > Network Connections, no TAP32 devices are listed. I only see my two physical ethernet connections, a couple VMWare interfaces, and a Sonicwall VPN Interface.
When I look under Device Manager, I DO see "TAP-Win32 Adapter V9". However it has a yellow exclamation point on the icon. The device manager says that it could not verify the digital signature of the drivers, etc…
What is strange, is if I disable the TAP in Device Manager, now it shows up back under Control Panel > Network Connections (as a disabled device). If I enable it again (in either Window), it disappears from the Network Connections window.
So apparently the only way I can get the TAP device to show up for me is to disable it in Device Manager, but then its disabled and I can't use it.
Also, I have used the OpenVPN "Add/Remove TAP devices" links in the start menu. They correctly add/remove the TAP devices but again, they only show up in Device Manager, not in Network Connections.
Also, let me get this straight: If I visit http://openvpn.net, goto Client Software > Downloads, the Windows Download link is NOT the correct client to use? Can you explain to me the difference between them? Because when I installed and tried that client, I was able to use it to successfully connect to my pfSense box. And I can verify that it did in-fact create the TAP Win32 device that showed up under Network Connections.
-
If that did work, then you might be OK. But others have reported that the very same program did not work for them.
-
I'll investigate the Access Client some more, but I still want to try to get the Community version working.
So what I think is the problem is that Windows 7 Ultimate x64 only allows digitally signed drivers to be installed (by default). And because the TAP-Win32 Adapter V9 drivers are not digitally signed, they aren't going to work for Win7.
There are some work arounds though to make Windows 7 accept unsigned drivers and I'm going that route right now. I'll post results soon.
-
Okay I have solved the problem. My assumptions about driver signatures was correct.
An important note: The following installer: http://openvpn.net/release/openvpn-2.1.2-install.exe did NOT work on Windows 7 Ultimate x64. During the installation, the installer does NOT ask you if its okay to install an non-digitally signed driver from OpenVPN. Therefore the TAP-Win32 Adapter does not get installed properly. That's why it would not show up under Network Connections. No TAP adapter means that OpenVPN will not be able to connect.
The solution: I reverted back to a previous version (2.1.0): http://openvpn.net/release/openvpn-2.1.0-install.exe
Version 2.1.0 worked just fine. As expected, during the installation, it asks if you want to accept the non-digitally signed driver. Something that 2.1.2 does NOT do. I'm not sure if the OpenVPN community knows of this problem or not. I believe this is the root of the problem though.
Thanks for the help guys.
Also, for the record, as I said, that Access Server OpenVPN client was working for me at one point. I was able to successfully connect to my pfSense box with it.
-
Just wanted to state that the reversion back to the older client worked for me as well….digital signature was not allowing newer version to install TAP device properly.
thanks for the help! -
What versions of windows 7 are you using?
The install worked fine for me here with Professional. Install asked if I wanted to install the unsigned drivers and worked fine connecting. -
Generally people with signed vs unsigned trouble are running Windows 7 on amd64 (x64, 64-bit, whatever you want to call it)
-
But that's exactly what I am running
AMD Athlon
64 X2 Dual-Core Processor TK-53 1.7GHz
4.00GB RAM
Running the 64 bit version of windows 7I am just wondering what the cause might be, because I am looking at a new laptop (since this one is older and I need something that can handle VMWare workstation better).
-
Perhaps your current system shipped with driver integrity checking disabled. Google for it, there are ways to turn it off.
