My OpenVPN Client Connects, But....


  • I am running pfSense 2.4.5 on an AMD Phenom as a firewall / VPN router into a Windows domain. Everything inside the firewall seems to be okay and I am able to hit internet. My OpenVPN client seems to connect to the router (green light on client app) but that is where the good news stops. I have a warning and several messages that I could use some guidance with.

    OpenVPN Client Login.jpg

    Any advise would be appreciated.

  • LAYER 8 Rebel Alliance

    Try with a "real" Windows 10 Reboot: shutdown /r /t0
    I had the same problem some weeks ago after clean installing OpenVPN 2.4.8, normal Shutdown or Reboot didn't help there.

    -Rico

  • LAYER 8 Global Moderator

    Not sure why you cross posted this... But going to let it fly because its somewhat different question anyway.

    But you have to have rights to do routes.. So you either need the OpenVPN Interactive Service running, or you need to run the gui as admin when you run it..

    When that service is not running and you try and start the gui - you should get this warning

    servicestopped.jpg

    openvpn.jpg

    And yeah routes will fail..

    Mon Apr 06 05:26:38 2020 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied.   [status=5 if_index=12]
    Mon Apr 06 05:26:38 2020 Route addition via IPAPI failed [adaptive]
    Mon Apr 06 05:26:38 2020 Route addition fallback to route.exe
    Mon Apr 06 05:26:38 2020 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    Mon Apr 06 05:26:38 2020 ERROR: Windows route add command failed [adaptive]: returned error code 1
    Mon Apr 06 05:26:38 2020 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.240.1
    Mon Apr 06 05:26:38 2020 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied.   [status=5 if_index=19]
    Mon Apr 06 05:26:38 2020 Route addition via IPAPI failed [adaptive]
    Mon Apr 06 05:26:38 2020 Route addition fallback to route.exe
    Mon Apr 06 05:26:38 2020 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    Mon Apr 06 05:26:38 2020 ERROR: Windows route add command failed [adaptive]: returned error code 1
    Mon Apr 06 05:26:38 2020 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.240.1
    Mon Apr 06 05:26:38 2020 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied.   [status=5 if_index=19]
    Mon Apr 06 05:26:38 2020 Route addition via IPAPI failed [adaptive]
    Mon Apr 06 05:26:38 2020 Route addition fallback to route.exe
    Mon Apr 06 05:26:38 2020 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    Mon Apr 06 05:26:38 2020 ERROR: Windows route add command failed [adaptive]: returned error code 1
    Mon Apr 06 05:26:38 2020 Initialization Sequence Completed
    

    so if I run the gui as admin... Then it will work..

    Mon Apr 06 05:29:56 2020 Route addition via IPAPI succeeded [adaptive]
    Mon Apr 06 05:29:56 2020 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.240.1
    Mon Apr 06 05:29:56 2020 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
    Mon Apr 06 05:29:56 2020 Route addition via IPAPI succeeded [adaptive]
    Mon Apr 06 05:29:56 2020 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.240.1
    Mon Apr 06 05:29:56 2020 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
    Mon Apr 06 05:29:56 2020 Route addition via IPAPI succeeded [adaptive]
    Mon Apr 06 05:29:56 2020 Initialization Sequence Completed
    

    Or if the service is running that will allow openvpn to add the routes...


  • I agree with @johnpoz. Looks like the OP is attempting to install and use the OpenVPN client package on a Windows 10 box either without using, or perhaps by not having access to, administrator permissions.

    Is this Windows 10 domain box perhaps at an office and employees do not routinely have local administrator permission? That would be a typical corporate setup, for sure.