Advertisements

OpenVPN Client hangs on DHCP renewal, recieves APIPA address instead. Resolved

Find this post interesting? Do you like interesting things? Maybe you would like my invention, a connectible candle called a WickBrick!

Get one here http://wickbrick.etsy.com/

WickBrick

So I love openVPN, but it was just being a thorn in my side the other day. It would happen no matter what version of openVPN I was using (Openvpn gui 2.0.9, and 2.1_rc13) I spent all day trying to get it fixed. It was very strange because up until recently it had been rock solid. I think some windows update may have changed something, or possibly XP service pack 3? Anyways the symptoms:

The VPN would connect, then Route: Waiting for TUN/TAP interface to come up….

TEST ROUTES: 0/0 succeeeded len=3 ret=0 a=0 u/d=down

It would cycle like this for a long time and then

Initialization Sequence Completed With Errors [see http://openvpn.net/faq.html#dhcpclientserv ]

After a minute or two the virtual TAP adapter would grab a APIPA address instead. You know those stupid 169.x.x.x addresses.

From the error message and the behavior I surmised that it was having a problem grabbing an address via DHCP through the tunnel. Through much searching on the Internet I finally found a post that resolved my issue. Good ol Alessandro Cirelli, who ever he might be, bless his soul wrote this post

OpenVPN Experience

His words “The problem is known (the openvpn website explain that) after installing XP ServicePack 2, there are some problem with windows firewall and TAPI network adapter in configuration with a dhcp openvpn server.”

His configuration

1. Install OpenVpn 2.1 Rc7 (tha last at this time)
2. Disable Or configure firewall for TAP Interface
3. Download devcon.exe from Microsoft website http://support.microsoft.com/kb/311272
4. Rename the TAP connection in MyTap
5. Identify the interface ID on TAP interface using : devcon hwids =net @root\NET\*
In my case tap0901
6. Create two .bat file in the OpenVPN config directory:
ConfigFileName_pre.bat
devcon enable tap0901
ConfigFileName_down.bat
devcon disable tap0901
OpenVPN Gui launch this two file when start and close the connection ( note the name of the configfile )
7. ConfigFileName
client
dev tap
dev-node MyTap
proto tcp
remote server 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
cipher BF-CBC
comp-lzo
verb 3
mute 10
route-method exe
route-delay 30
ping 5
ip-win32 netsh
8. Start OpenVpn (using ConfigFileName file of course )

Another information, if you have the same subnet network class at home and at office you have to setting the metric of a TAP interface at a lower value than Etherter connection metric.

I have found this solution to work for me.

I did have to add the ‘append the DNS suffixes’ and add my domain, since the netsh method appears to not push the domain suffix. (Oh if you have TCP/IP properties open while initiating netsh it will fail!)

I haven’t tested whether I really need to enable and disable the device, or whether I really need a 30 second delay (10 appears to work just fine). But these settings do appear to fix my openVPN connection.

During the search I found a few other solutions that may help,

From, http://forums.untangle.com/showthread.php?t=1474

netsh int ip reset logfile.txt
netsh winsock reset catalog

A cool tool that I ran across as well is

netsh diag gui

It’s possible that this hotfix would address the issue as well

http://support.microsoft.com/kb/953761/

It’s possible that this is related as well

http://support.microsoft.com/kb/311218

Advertisements

One Response

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: