Windows clients always have to reinstall the Client GUI



  • Hi,
    I'm running pfSense 2.4.4-RELEASE-p3 with OpenVPN & using the Client Export Tool for Windows 10 (2.4.8-Ix02).
    It's running great for most users, but a few of them are a strange issue.
    They install the GUI Client & try to connect, but get "Initialization Sequence Completed with Errors."
    I've read this post that the error links to: https://community.openvpn.net/openvpn/wiki/259-tap-win32-adapter-is-not-coming-up-initialization-sequence-completed-with-errors

    But none of it helps, the DHCP Client Service is running, the TAP adapter isn't being firewalled.
    However, if the user uninstalls & reinstalls the OpenVPN Client, then it works perfectly fine on the second instillation.
    This happens every time they shutdown or restart their computer. They have to install the OpenVPN client twice to get it to work.
    Do you know why this is happening or any suggestions on how to fix it?

    Attached is the client log file with verb=4
    The client was connected to the VPN fine.
    We disconnected & then tried to reconnect & weren't able to reconnect.
    We then uninstalled the client & then reinstalled the client and were able to connect fine again.
    It seems to have an issues bringing up the TAP interface after a disconnect.
    But can bring it up fine after a fresh installation.

    pfSense-UDP4-1194-abef-config.log.txt


  • Rebel Alliance Developer Netgate

    Given the problem description, you'd be better off posting about that on the OpenVPN forum. It appears to be a problem with the Windows OpenVPN client on their computers, and wouldn't be related to the server (or pfSense).

    I haven't heard of that kind of thing happening before. You might have them uninstall the OpenVPN client and the TAP adapter and then download the client straight from https://openvpn.net/community-downloads/ and install it again.



  • Thanks for the reply. I did try to post on the OpenVPN forum, but the only reply I received was "I have no idea".
    Can you tell me what the difference is by installing from the Client Export package & installing from OpenVPN? Is the only difference that it includes the config & certificate?


  • Rebel Alliance Developer Netgate

    The export package installer has the config+cert and so on but it also only runs the OpenVPN installer conditionally if it's not already installed. So if they have an older version of OpenVPN, for example, running the export package version wouldn't upgrade it.

    But mostly my suggestion was about eliminating possible differences to help pinpoint the problem. If it happens with the stock installer directly from OpenVPN, then you know it definitely is not something to do with the export package.


  • LAYER 8 Global Moderator

    What version of the tap driver exactly.. I would be curious if related to the conditional running of the installer, and not updating the tap driver..

    But your saying this happens again, after they reboot - they once again have to install twice?

    Is the tap driver the new 9.24.2? That came out with 2.4.8... I just looked on mine and running 9.24.2.601



  • Thanks for the relays. Yes they're on the latest 9.24.2 TAP driver.
    efc49633-c099-4101-92a2-096b029312cf-image.png

    Most of the ones with the issue where never on the old version. They've always had OpenVPN 2.4.8 & TAP 9.24.2, so I don't think it's an upgrade issue. But I'll try the stock installer on one of them anyways.

    @johnpoz said in Windows clients always have to reinstall the Client GUI:

    But your saying this happens again, after they reboot - they once again have to install twice?

    Actually they don't have to reboot for it to happen. They will be connected, then disconnect, then try to reconnect & it won't. Then we do an uninstall & reinstall of OpenVPN (from the export tool) & then it connects fine. So It's not really twice once after another, but twice since it was already previously installed.


  • LAYER 8 Global Moderator

    these users don't have admin rights? An admin should be installing, or the user needs to be able to elevate the install as admin..

    Been using openvpn on windows for a very long time - have never seen such an issue to be honest.. .Don't have a huge sample of machines, etc. But can't say I have seen anything like this..



  • Ya I know it's kind of a weird one...
    I have added the users to the local "Administrators" group to insure that wasn't an issue.


  • LAYER 8 Global Moderator

    Sure not related to your endpoint protection?



  • That did cross my mind, but I ruled it out, since all the users have the same protraction, but only a few have the VPN connection issue. I'll disable it just to be sure.



  • Grrrr, still no luck. I disabled Anti-virus, still didn't work. I installed from the stock installer, still didn't work.
    I collected these screen shots of ipconfig of the TAP adapter when it works & when it doesn't.
    Why would it Auto configure the IP address & why isn't it receiving the correct DNS server?

    f57e560d-e910-4163-ad00-af029929edb8-image.png

    41ff63cc-0421-4b43-b659-16f2a8badfe5-image.png

    And here are the logs when it works & when it doesn't compared side-by-side.
    c5d1d51e-85f4-4411-8e63-be68a0464547-image.png

    And here are the full log files....
    pfSense-UDP4-1194-pintar-config_good.txt
    pfSense-UDP4-1194-pintar-config_bad.txt


  • Rebel Alliance Developer Netgate

    Check in the Services control panel on Windows and see the the OpenVPN services which are running are the same when it's in both states. Maybe something is killing its service.


  • LAYER 8 Global Moderator

    This seems to be related.. You could try the suggestions in there
    https://community.openvpn.net/openvpn/ticket/665



  • Just a wild guess :
    I had an issue very comparable with the PC of a fellow home worker.

    Someone or something swapped the TAP driver out ....

    It was one of the 2 (!) client apps installed for his private VPNxxxxx and VNbbbb access. These often use their own versions.

    @bazzacad : check your Network card's list : how many TAP-virtual-NIC drivers are listed there ?
    You named one of them to "tipping.lan", but not the other. Up to you to discover where the other came from. There is probably even a program running that 'repairs' it's settings and files after you installed the OpenVPN-client-from-pfSense.

    edit : or even multiple OpenVPN instances running with their own TAP versions ...

    edit2 : jimp said the same thing. Look and check also all the tasks at services.msc



  • @johnpoz said in Windows clients always have to reinstall the Client GUI:

    An admin should be installing, or the user needs to be able to elevate the install as admin

    In addition when running the OpenVPN GUI it needs to be run as admin so it can modify the routes in Windows. (I am a standard user on my PC). Could it still be running as an admin when launching from the install? It's been a long time since I installed...


  • LAYER 8 Global Moderator

    The current version has a service that will do the admin stuff.. So no the user doesn't have to be admin.



  • This link: https://community.openvpn.net/openvpn/ticket/665 from @johnpoz look promising, so I'll try those solutions.
    The users have full admin rights when installing & running the GUI.



  • OK, I'm pretty sure I've got it fixed now. Per the bug report link above, all I had to do was add dhcp-renew to the client config file.


  • LAYER 8 Global Moderator

    Your posting of the log showing the route waiting for interface to come up was key in finding that info...

    So glad you got it sorted!


Log in to reply