From: Josh C. <jos...@us...> - 2008-09-03 12:18:51
|
Chantal Rosmuller wrote: > On Tuesday 02 September 2008 23:18:51 Jan Just Keijser wrote: > >> Hi Chantal, >> >> Chantal Rosmuller wrote: >> >>> I have a problem with a vista vpn client: >>> >>> I Installed openvpn for windows version 2.1_rc9 >>> >>> I copied key and certicates to C:/program Files/Openvpn >>> >>> It can connect to the vpn server but it cannot add a route : >>> >>> windows route add command failed returned error 1 >>> >>> The solution for this is starting openvpn as administrator which I did, >>> but then openvpn didn't find the certificate anymore!!! How is that >>> possible? >>> >>> The computer is in a windows domain, I tried installing the windos >>> openvpn client on my vista laptop which is not in the domain and when I >>> started the gui as administrator it worked. >>> [...] >> can you make sure that the >> config files and keys are accessible to the local administrator [...] >> >> thanks, >> >> JJK >> > > Unfortunately I do not have access to this computer now so I cannot start the > shell, I did however change the permissions of the certificate. Administrator > group already had all permissions and I added the everyone group and gave > them all permissions. > > I forgot to mention that I ran into a similar problem on my laptop that has > vista but is not in a domain. On the laptop the administrator could not find > the vpn config file. I solved it by starteing a text editor as administrator > and create the config file like that. I believe you may have just run into a new "feature" of Vista called "File & Registry Virtualization" [1] that caused me much problem as well. With Vista's UAC (User Access Control) enabled, any user, even one with Administrator privileges, that creates or edits system files in specific locations (including "C:\Program Files") causes the files not to be added to the filesystem as normal. Instead, the file is stored under the user's profile and "merged" into the location from the local profile whenever you view the "C:\Program Files\OpenVPN\config" folder where your config/certificate files should be stored. The important thing to note here is that the file doesn't actually exist for any other user (such as the Administrator user you are running the OpenVPN GUI as.) If this is indeed the problem, you will need to first copy the "missing" files to an easy-to-find location such as your user's desktop (at least your certificate, I'd actually just copy all your files including configuration, private key, and CA certificate just to be safe.) Next, go to the Start menu and type "msconfig" into the start box and one of the tabs should have an option to disable UAC. Do this, which will require a reboot. Log back in and copy the missing files from your desktop to the proper location under the "C:\Program Files\OpenVPN\config" location where you need them. If you'd like you can re-enable UAC at this point now that the files are no longer under the local user's profile. However, with UAC enabled you should probably make all changes to config/cert/key files for OpenVPN as the Administrator to avoid any further risk of editing the virtualized file instead of the real file. Personally I just turned UAC off after discovering this issue myself since I think this feature is broken and backwards. Another option if you really want to leave UAC enabled is to edit the registry key to point OpenVPN's GUI to a folder under your local profile for the config location. To do this, edit HKLM\SOFTWARE\OpenVPN-GUI\config_dir and set it to something like %USERPROFILE%\openvpn. From there you can create an "openvpn" folder under the profile of any user to provide a non-virtualized location to store OpenVPN configurations. This should allow you to edit the files as needed without worrying about Vista hiding them inside the virtualization store. [1] For more information on this "feature", see this article: http://windowsconnected.com/blogs/jerry/archive/2005/12/19/86.aspx -- Josh |