[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Routes fail to add on Vista machine using 2.1_rc4 client


  • Subject: [Openvpn-users] Routes fail to add on Vista machine using 2.1_rc4 client
  • From: Bob James <bjames@xxxxxxxxxxx>
  • Date: Mon, 17 Sep 2007 19:57:19 -0500

I have a user that is not getting access  when he tries to access the
VPN. The routes do not get added. He's using Vista, and he's got the
latest client:

Fri Sep 14 15:40:51 2007 OpenVPN 2.1_rc4 Win32-MinGW [SSL] [LZO2] built
on Apr 25 2007

He can get a connection to the target host, and the tunnel starts to
build, but then:

Fri Sep 14 15:41:07 2007 PUSH: Received control message:
'PUSH_REPLY,route 172.18.39.0 255.255.255.0,route 172.18.21.0
255.255.255.0,route 172.18.24.0 255.255.255.128,route 172.18.133.0
255.255.255.0,route 172.18.134.0 255.255.255.0,route 208.62.67.203
255.255.255.255,route 10.92.0.63 255.255.255.255,route 166.189.6.10
255.255.255.255,route 10.17.10.0 255.255.255.0,route 10.17.1.0
255.255.255.0,route 10.10.10.0 255.255.255.0,dhcp-option DNS
172.18.134.14 172.18.134.8,dhcp-option WINS 172.18.134.14,dhcp-option
DOMAIN xxxxx.com,route 10.100.1.1,ping 10,ping-restart 60,ifconfig
10.100.1.6 10.100.1.5'
Fri Sep 14 15:41:07 2007 OPTIONS IMPORT: timers and/or timeouts modified
Fri Sep 14 15:41:07 2007 OPTIONS IMPORT: --ifconfig/up options modified
Fri Sep 14 15:41:07 2007 OPTIONS IMPORT: route options modified
Fri Sep 14 15:41:07 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Fri Sep 14 15:41:07 2007 TAP-WIN32 device [Local Area Connection 7]
opened: \\.\Global\{4851C858-0AE7-470B-96AD-E571C16FECAE}.tap
Fri Sep 14 15:41:07 2007 TAP-Win32 Driver Version 9.3
Fri Sep 14 15:41:07 2007 TAP-Win32 MTU=1500
Fri Sep 14 15:41:07 2007 Notified TAP-Win32 driver to set a DHCP
IP/netmask of 10.100.1.6/255.255.255.252 on interface
{4851C858-0AE7-470B-96AD-E571C16FECAE} [DHCP-serv: 10.100.1.5,
lease-time: 31536000]
Fri Sep 14 15:41:07 2007 NOTE: FlushIpNetTable failed on interface [4]
{4851C858-0AE7-470B-96AD-E571C16FECAE} (status=6) : The handle is
invalid.
Fri Sep 14 15:41:13 2007 TEST ROUTES: 0/0 succeeded len=12 ret=0 a=0
u/d=down
Fri Sep 14 15:41:13 2007 Route: Waiting for TUN/TAP interface to come up...
Fri Sep 14 15:41:17 2007 TEST ROUTES: 12/12 succeeded len=12 ret=1 a=0
u/d=up
Fri Sep 14 15:41:17 2007 route ADD 172.18.39.0 MASK 255.255.255.0
10.100.1.5
Fri Sep 14 15:41:17 2007 ROUTE: route addition failed using
CreateIpForwardEntry: Network access is denied.   [status=65 if_index=4]
Fri Sep 14 15:41:17 2007 Route addition via IPAPI failed [adaptive]
Fri Sep 14 15:41:17 2007 Route addition fallback to route.exe
The route addition failed: Network access is denied.
....

Following the above are similar error messages for all added routes.
Adding the user to the Administrators group on his workstation fixes the
problem; the routes add correctly. But without those privs, it fails.

I understood this issue to have been corrected as of 2.1_rc2. Has anyone
else seen a repeat of this kind of behavior? Any suggestions?


-- 
-Bob James, SNSE
TrustWave
bjames@xxxxxxxxxxxxx
http://www.trustwave.com

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users