Menu
▾
▴
openvpn-devel
|
From: Selva N. <sel...@gm...> - 2017-05-28 15:20:30
|
Hi, Copying the -devel list: On Sun, May 28, 2017 at 10:16 AM, ValdikSS <val...@gm...> wrote: > Pavel, a friend of mine, made a service to circumvent Ukrainian blocks of > Russian websites. He configured OpenVPN TCP without persist-tun on the > client side and pushes block-outside-dns from server. > > When he restarts OpenVPN server, DNS no longer works on the clients. > Neither with or without VPN. Users say this can be fixed only with > rebooting, I believe restarting service would help too. > Is this only with 2.4.2 or is 2.4.1 also affected? As you imply, the filters won't persist after the process ends (in this case the service), restarting service should be enough to clear them. Further, even if the openvpn client process terminates without removing the filters, the service should clean up all filters added in that session during the undo() processing. However, that wont happen if the openvpn.exe process fails to exit. Verify that a stale client process is not hanging around. > > I tried to do exactly what he did with Windows 7 and OpenVPN 2.4.2 and I > can't reproduce this bug. I think service in some cases loses TAP adapter > index before unblocking DNS. > The tap adapter index is used to allow dns traffic through it, not block it, so I would think the failure is in unblocking dns through non-tap adapters. If that is the case, dns should start working again through the tunnel when the client reconnects. Anyway, we need to see the client logs and any error event logged by the service when this happens. Can you get the user to open a ticket with logs? > > Works fine with persist-tun on client side. > Selva |
|
From: ValdikSS <val...@gm...> - 2017-06-03 20:13:33
|
On 28.05.2017 18:20, Selva Nair wrote: > Hi, > > Copying the -devel list: > > On Sun, May 28, 2017 at 10:16 AM, ValdikSS <val...@gm... <mailto:val...@gm...>> wrote: > > Is this only with 2.4.2 or is 2.4.1 also affected? As you imply, the filters won't persist after the process ends (in this case the service), restarting service should be enough to clear them. Further, even if the openvpn client process terminates without removing the filters, the service should clean up all filters added in that session during the undo() processing. However, that wont happen if the openvpn.exe process fails to exit. Verify that a stale client process is not hanging around. I believe it was tested with 2.4.2. I cannot reproduce this issue and persons who reported it are not tech-savvy. Pavel configured server to push "persist-tun" to clients and says it works correctly now. > > > The tap adapter index is used to allow dns traffic through it, not block it, so I would think the failure is in unblocking dns through non-tap adapters. If that is the case, dns should start working again through the tunnel when the client reconnects. > > Anyway, we need to see the client logs and any error event logged by the service when this happens. Can you get the user to open a ticket with logs? Since this service is becoming popular and Pavel has 4000+ users, we have seen a lot of absolutely crazy OpenVPN errors on Windows. Most of them are because of old Windowses with disabled updates, but some of them are interesting, like sometimes block-outside-dns fails to remove it's own filters. We ask people to create bugs on OpenVPN bugtracker but I think almost nobody feels comfortable for their English and do not do that. You can skip through comments on https://zaborona.help/ to see some screenshots and logs. Like this one: https://zaborona.help/faq.html#comment-3328754341 |
|
From: Selva N. <sel...@gm...> - 2017-06-04 04:12:18
|
On Sat, Jun 3, 2017 at 4:13 PM, ValdikSS <val...@gm...> wrote: > > You can skip through comments on https://zaborona.help/ to see some > screenshots and logs. > Like this one: https://zaborona.help/faq.html#comment-3328754341 I did not find any related to failure to remove WFP filters. That specific comment link reads <quote> Sun May 28 18:07:25 2017 Block_DNS: WFP engine opened Sun May 28 18:07:25 2017 Error in add_block_dns_filters(): add_sublayer: failed to add persistent sublayer : Отказано в доступе. [status=0x5] Sun May 28 18:07:25 2017 Blocking DNS failed! Sun May 28 18:07:25 2017 Exiting due to fatal error </quote> Obviously "access denied" due to not running as admin and service not in use. Selva |
|
From: ValdikSS <val...@gm...> - 2017-06-04 06:43:23
|
What about a bit later comment? Sun May 28 18:32:38 2017 Block_DNS: WFP engine opened Sun May 28 18:32:38 2017 Block_DNS: Using existing sublayer Sun May 28 18:32:38 2017 Block_DNS: Added permit filters for exe_path Sun May 28 18:32:38 2017 Block_DNS: Added block filters for all interfaces Sun May 28 18:32:38 2017 Block_DNS: Added permit filters for TAP interface Sun May 28 18:32:38 2017 Blocking DNS failed! Sun May 28 18:32:38 2017 Exiting due to fatal error On 04.06.2017 07:11, Selva Nair wrote: > > On Sat, Jun 3, 2017 at 4:13 PM, ValdikSS <val...@gm... <mailto:val...@gm...>> wrote: > > I did not find any related to failure to remove WFP filters. That specific comment link reads > > <quote> > Sun May 28 18:07:25 2017 Block_DNS: WFP engine opened > Sun May 28 18:07:25 2017 Error in add_block_dns_filters(): add_sublayer: failed to add persistent sublayer : Отказано в доступе. [status=0x5] > Sun May 28 18:07:25 2017 Blocking DNS failed! > Sun May 28 18:07:25 2017 Exiting due to fatal error > </quote> > > Obviously "access denied" due to not running as admin and service not in use. > > Selva > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > Openvpn-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-devel |
|
From: ValdikSS <val...@gm...> - 2017-06-04 07:11:55
|
Also this: http://clip2net.com/s/3KOUHWv "Unable to start OpenVPN Interactive Service on local computer: Error 1075: parent service does not exist or has been marked as removed". This is on fresh installation. And this: Error in add_block_dns_filters(): FwpEngineOpen: open fwp session failed : В системе отображения конечных точек не осталось доступных конечных точек. [status=0x6d9] Tue May 30 02:28:26 2017 Blocking DNS failed! "open fwp session failed : There are no more endpoints available from the endpoint mapper." On 04.06.2017 07:11, Selva Nair wrote: > > On Sat, Jun 3, 2017 at 4:13 PM, ValdikSS <val...@gm... <mailto:val...@gm...>> wrote: > > I did not find any related to failure to remove WFP filters. That specific comment link reads > > <quote> > Sun May 28 18:07:25 2017 Block_DNS: WFP engine opened > Sun May 28 18:07:25 2017 Error in add_block_dns_filters(): add_sublayer: failed to add persistent sublayer : Отказано в доступе. [status=0x5] > Sun May 28 18:07:25 2017 Blocking DNS failed! > Sun May 28 18:07:25 2017 Exiting due to fatal error > </quote> > > Obviously "access denied" due to not running as admin and service not in use. > > Selva > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > Openvpn-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-devel |
|
From: Илья Ш. <chi...@gm...> - 2017-06-04 09:52:38
|
I recall similar issue. When install -> unistall -> install some service were marked for pending removal and were not installed 4 июн. 2017 г. 12:13 ПП пользователь "ValdikSS" <val...@gm...> написал: Also this: http://clip2net.com/s/3KOUHWv "Unable to start OpenVPN Interactive Service on local computer: Error 1075: parent service does not exist or has been marked as removed". This is on fresh installation. And this: Error in add_block_dns_filters(): FwpEngineOpen: open fwp session failed : В системе отображения конечных точек не осталось доступных конечных точек. [status=0x6d9] Tue May 30 02:28:26 2017 Blocking DNS failed! "open fwp session failed : There are no more endpoints available from the endpoint mapper." On 04.06.2017 07:11, Selva Nair wrote: On Sat, Jun 3, 2017 at 4:13 PM, ValdikSS <val...@gm...> wrote: I did not find any related to failure to remove WFP filters. That specific comment link reads <quote> Sun May 28 18:07:25 2017 Block_DNS: WFP engine opened Sun May 28 18:07:25 2017 Error in add_block_dns_filters(): add_sublayer: failed to add persistent sublayer : Отказано в доступе. [status=0x5] Sun May 28 18:07:25 2017 Blocking DNS failed! Sun May 28 18:07:25 2017 Exiting due to fatal error </quote> Obviously "access denied" due to not running as admin and service not in use. Selva ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing lis...@li...https://lists.sourceforge.net/lists/listinfo/openvpn-devel ------------------------------------------------------------ ------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/openvpn-devel |
Thanks for helping keep SourceForge clean.
X