Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Windows clients always have to reinstall the Client GUI

    Scheduled Pinned Locked Moved OpenVPN
    19 Posts 5 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bazzacad
      last edited by

      Hi,
      I'm running pfSense 2.4.4-RELEASE-p3 with OpenVPN & using the Client Export Tool for Windows 10 (2.4.8-Ix02).
      It's running great for most users, but a few of them are a strange issue.
      They install the GUI Client & try to connect, but get "Initialization Sequence Completed with Errors."
      I've read this post that the error links to: https://community.openvpn.net/openvpn/wiki/259-tap-win32-adapter-is-not-coming-up-initialization-sequence-completed-with-errors

      But none of it helps, the DHCP Client Service is running, the TAP adapter isn't being firewalled.
      However, if the user uninstalls & reinstalls the OpenVPN Client, then it works perfectly fine on the second instillation.
      This happens every time they shutdown or restart their computer. They have to install the OpenVPN client twice to get it to work.
      Do you know why this is happening or any suggestions on how to fix it?

      Attached is the client log file with verb=4
      The client was connected to the VPN fine.
      We disconnected & then tried to reconnect & weren't able to reconnect.
      We then uninstalled the client & then reinstalled the client and were able to connect fine again.
      It seems to have an issues bringing up the TAP interface after a disconnect.
      But can bring it up fine after a fresh installation.

      pfSense-UDP4-1194-abef-config.log.txt

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Given the problem description, you'd be better off posting about that on the OpenVPN forum. It appears to be a problem with the Windows OpenVPN client on their computers, and wouldn't be related to the server (or pfSense).

        I haven't heard of that kind of thing happening before. You might have them uninstall the OpenVPN client and the TAP adapter and then download the client straight from https://openvpn.net/community-downloads/ and install it again.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • B
          bazzacad
          last edited by

          Thanks for the reply. I did try to post on the OpenVPN forum, but the only reply I received was "I have no idea".
          Can you tell me what the difference is by installing from the Client Export package & installing from OpenVPN? Is the only difference that it includes the config & certificate?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            The export package installer has the config+cert and so on but it also only runs the OpenVPN installer conditionally if it's not already installed. So if they have an older version of OpenVPN, for example, running the export package version wouldn't upgrade it.

            But mostly my suggestion was about eliminating possible differences to help pinpoint the problem. If it happens with the stock installer directly from OpenVPN, then you know it definitely is not something to do with the export package.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by johnpoz

              What version of the tap driver exactly.. I would be curious if related to the conditional running of the installer, and not updating the tap driver..

              But your saying this happens again, after they reboot - they once again have to install twice?

              Is the tap driver the new 9.24.2? That came out with 2.4.8... I just looked on mine and running 9.24.2.601

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • B
                bazzacad
                last edited by

                Thanks for the relays. Yes they're on the latest 9.24.2 TAP driver.
                efc49633-c099-4101-92a2-096b029312cf-image.png

                Most of the ones with the issue where never on the old version. They've always had OpenVPN 2.4.8 & TAP 9.24.2, so I don't think it's an upgrade issue. But I'll try the stock installer on one of them anyways.

                @johnpoz said in Windows clients always have to reinstall the Client GUI:

                But your saying this happens again, after they reboot - they once again have to install twice?

                Actually they don't have to reboot for it to happen. They will be connected, then disconnect, then try to reconnect & it won't. Then we do an uninstall & reinstall of OpenVPN (from the export tool) & then it connects fine. So It's not really twice once after another, but twice since it was already previously installed.

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by johnpoz

                  these users don't have admin rights? An admin should be installing, or the user needs to be able to elevate the install as admin..

                  Been using openvpn on windows for a very long time - have never seen such an issue to be honest.. .Don't have a huge sample of machines, etc. But can't say I have seen anything like this..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  S 1 Reply Last reply Reply Quote 0
                  • B
                    bazzacad
                    last edited by

                    Ya I know it's kind of a weird one...
                    I have added the users to the local "Administrators" group to insure that wasn't an issue.

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      Sure not related to your endpoint protection?

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • B
                        bazzacad
                        last edited by

                        That did cross my mind, but I ruled it out, since all the users have the same protraction, but only a few have the VPN connection issue. I'll disable it just to be sure.

                        1 Reply Last reply Reply Quote 0
                        • B
                          bazzacad
                          last edited by

                          Grrrr, still no luck. I disabled Anti-virus, still didn't work. I installed from the stock installer, still didn't work.
                          I collected these screen shots of ipconfig of the TAP adapter when it works & when it doesn't.
                          Why would it Auto configure the IP address & why isn't it receiving the correct DNS server?

                          f57e560d-e910-4163-ad00-af029929edb8-image.png

                          41ff63cc-0421-4b43-b659-16f2a8badfe5-image.png

                          And here are the logs when it works & when it doesn't compared side-by-side.
                          c5d1d51e-85f4-4411-8e63-be68a0464547-image.png

                          And here are the full log files....
                          pfSense-UDP4-1194-pintar-config_good.txt
                          pfSense-UDP4-1194-pintar-config_bad.txt

                          1 Reply Last reply Reply Quote 0
                          • jimpJ
                            jimp Rebel Alliance Developer Netgate
                            last edited by

                            Check in the Services control panel on Windows and see the the OpenVPN services which are running are the same when it's in both states. Maybe something is killing its service.

                            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator
                              last edited by

                              This seems to be related.. You could try the suggestions in there
                              https://community.openvpn.net/openvpn/ticket/665

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              1 Reply Last reply Reply Quote 0
                              • GertjanG
                                Gertjan
                                last edited by Gertjan

                                Just a wild guess :
                                I had an issue very comparable with the PC of a fellow home worker.

                                Someone or something swapped the TAP driver out ....

                                It was one of the 2 (!) client apps installed for his private VPNxxxxx and VNbbbb access. These often use their own versions.

                                @bazzacad : check your Network card's list : how many TAP-virtual-NIC drivers are listed there ?
                                You named one of them to "tipping.lan", but not the other. Up to you to discover where the other came from. There is probably even a program running that 'repairs' it's settings and files after you installed the OpenVPN-client-from-pfSense.

                                edit : or even multiple OpenVPN instances running with their own TAP versions ...

                                edit2 : jimp said the same thing. Look and check also all the tasks at services.msc

                                No "help me" PM's please. Use the forum, the community will thank you.
                                Edit : and where are the logs ??

                                1 Reply Last reply Reply Quote 0
                                • S
                                  SteveITS Galactic Empire @johnpoz
                                  last edited by

                                  @johnpoz said in Windows clients always have to reinstall the Client GUI:

                                  An admin should be installing, or the user needs to be able to elevate the install as admin

                                  In addition when running the OpenVPN GUI it needs to be run as admin so it can modify the routes in Windows. (I am a standard user on my PC). Could it still be running as an admin when launching from the install? It's been a long time since I installed...

                                  Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                                  When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                                  Upvote ๐Ÿ‘ helpful posts!

                                  1 Reply Last reply Reply Quote 0
                                  • johnpozJ
                                    johnpoz LAYER 8 Global Moderator
                                    last edited by

                                    The current version has a service that will do the admin stuff.. So no the user doesn't have to be admin.

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                                    1 Reply Last reply Reply Quote 0
                                    • B
                                      bazzacad
                                      last edited by

                                      This link: https://community.openvpn.net/openvpn/ticket/665 from @johnpoz look promising, so I'll try those solutions.
                                      The users have full admin rights when installing & running the GUI.

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        bazzacad
                                        last edited by

                                        OK, I'm pretty sure I've got it fixed now. Per the bug report link above, all I had to do was add dhcp-renew to the client config file.

                                        1 Reply Last reply Reply Quote 0
                                        • johnpozJ
                                          johnpoz LAYER 8 Global Moderator
                                          last edited by

                                          Your posting of the log showing the route waiting for interface to come up was key in finding that info...

                                          So glad you got it sorted!

                                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                                          If you get confused: Listen to the Music Play
                                          Please don't Chat/PM me for help, unless mod related
                                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.