xopx

EIS 11 - openvpn doesn't work

Recommended Posts

Another issue.

 

Openvpn is not able to work properly (message below). Even with all protection turned off.

 

MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Need hold release from management interface, waiting...
 

 

Share this post


Link to post
Share on other sites

Are you using another tool to manage/launch OpenVPN? Do you know what version of OpenVPN you have installed?

Share this post


Link to post
Share on other sites

One of our volunteer testers mentioned a similar issue, but they indicated that the issue was resolved after the new beta version 11.0.0.5911 was released. Have there been any changes for you?

Share this post


Link to post
Share on other sites

After installing latest beta and restarting my computer I have experienced a huge slowdown. I don't know what was the reason behind it (beside EIS, of course). After the restart I've started openvpn and wanted to add openvpn gui to application rules, because that program was missing from that list. More or less at that moment computer became totally unresponsive until next 2 restarts.

 

Latest update hasn't solved the openvpn issue, it behaves exactly in the same way as before.

Share this post


Link to post
Share on other sites

I would believe I already mentioned this in another topic, however the slowdown issue should have been fixed in a beta update earlier today.

We have a bug report open on the OpenVPN issue, and our developers will look into it as soon as possible.

BTW: OpenVPN is working fine on my Windows 7 x64 system with the latest Emsisoft Internet Security 11 beta installed. I'm also using OpenVPN GUI 5 (running as an administrator of course), and the OpenVPN version number is 2.3.6.0.

Share this post


Link to post
Share on other sites

Are you running in full automatic mode?

 

I have found what was the reason that openvpn was not working. It was blocked by firewall. Firewall asked me if I wanted to open one port for openvpn. I agreed to allow this connection and since then it didn't ask anything more.

Autorule was created in "firewall incoming" window. When I changed it manually to "allow all" then openvpn started working properly.

But this is not the correct behavior.

Share this post


Link to post
Share on other sites

OpenVPN requires that the ports it uses be open, or it won't work. Blocking those ports will cause it to fail to connect.

Share this post


Link to post
Share on other sites

You misunderstood me. I didn't block anything. EIS DID NOT prompt about opening any ports and just decided to block the program WITHOUT ANY MESSAGE/INFORMATION.

Share this post


Link to post
Share on other sites

VPN's usually require ports to be opened in the firewall. In my testing OpenVPN works fine without needing to create any rules, however it is possible that you may need to add a port rule for it.

Share this post


Link to post
Share on other sites

Are you serious? That means If my application is not working I have to find out which ports it is using and add them MANUALLY in the firewall config?

Or could you please explain how the option "Ask", marked everywhere in firewall settings, should work?

It looks like I'm not a standard EIS user but my understanding is that "Ask" should trigger a popup EVERYTIME a program wants to access a network. In that case EIS just blocks the program (ie. Openvpn) and displays nothing - is this the correct behavior in your opinion? And I will repeat the question: have you tested it in full automatic mode or in "ask" mode?

 

 

Do you want me to record a video of this situation if this is still unclear?

Share this post


Link to post
Share on other sites

Do you want me to record a video of this situation if this is still unclear?

Actually, debug logs would be better, since we're not able to reproduce the issue in our own testing. Here's the instructions:

In order to get debug logs, you will first need to run a batch file to enable debug logging. This batch file is contained in the ZIP archive at this link (this ZIP archive also contains a batch file to disable debug logging).

Please save that ZIP archive on your desktop, extract its contents, and then follow these instructions:

  • Run the enable_debug_output batch file (if your computer has Windows Vista, Windows 7, or Windows 8 then please right-click on the batch file and select Run as administrator).
  • You will see a black window pop up, and then disappear very quickly. After that happens, please restart your computer.
  • Reproduce the issue you are having with alerts not being shown for network traffic.
  • Once you have reproduced the issue, hold down the Windows key on the keyboard (the one with the Windows logo on it, usually in between the Ctrl and Alt keys) and tap the R key to open the Run dialog.
  • Type the following into the Run dialog, and then click OK:

    %ALLUSERSPROFILE%\Emsisoft
  • A window should open and you should see a Logs folder. Right-click on that Logs folder, go to Send to, and select Compressed (zipped) folder.
  • Move the new ZIP archive you created with the logs folder in it to your desktop.
  • Send the ZIP archive containing the logs to me in a Private Message.
Note: If you get an error message when trying to send the Logs folder to a Compressed (zipped) folder then you may need to try a utility such as 7-Zip or WinRar to compress the folder. Both 7-Zip and WinRar have options to create an archive and save it in another location (such as on your desktop), which should prevent the error message. Here are links to the download pages for 7-Zip and WinRar.

After sending me the debug logs, you can run the disable_debug_output batch file (be sure to run it as administrator as well) and restart your computer again to disable debug logging.

Could you also post a screenshot of your automatic rule settings for the firewall? I expect our developers will want to see it.

Share this post


Link to post
Share on other sites

 Today I have found that my settings have been changed to ask/allow/ask/allow - how's that possible if beside me nobody else has access to my laptop? The only thing that I can think of and that could have affected these settings was a system crash while trying to open vmware.

Regarding openvpn, today like always I was unable to connect with message:

Tue Nov 17 21:56:34 2015 Route: Waiting for TUN/TAP interface to come up...
Tue Nov 17 21:56:35 2015 TEST ROUTES: 0/1 succeeded len=0 ret=0 a=0 u/d=up
Tue Nov 17 21:56:35 2015 Route: Waiting for TUN/TAP interface to come up...
Tue Nov 17 21:56:36 2015 TEST ROUTES: 0/1 succeeded len=0 ret=0 a=0 u/d=up
Tue Nov 17 21:56:36 2015 Route: Waiting for TUN/TAP interface to come up...
Tue Nov 17 21:56:37 2015 TEST ROUTES: 0/1 succeeded len=0 ret=0 a=0 u/d=up

Connect had been established after I switched off EIS protection

Tue Nov 17 21:56:37 2015 C:\Windows\system32\route.exe ADD 90.90.90.90 MASK 255.255.255.255 192.168.0.1
Tue Nov 17 21:56:37 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Tue Nov 17 21:56:37 2015 Route addition via IPAPI succeeded [adaptive]
Tue Nov 17 21:56:37 2015 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.1.1
Tue Nov 17 21:56:37 2015 Warning: route gateway is not reachable on any active network adapters: 192.168.1.1
Tue Nov 17 21:56:37 2015 Route addition via IPAPI failed [adaptive]
Tue Nov 17 21:56:37 2015 Route addition fallback to route.exe
Tue Nov 17 21:56:37 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Nov 17 21:56:37 2015 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.1.1
Tue Nov 17 21:56:37 2015 Warning: route gateway is not reachable on any active network adapters: 192.168.1.1
Tue Nov 17 21:56:37 2015 Route addition via IPAPI failed [adaptive]
Tue Nov 17 21:56:37 2015 Route addition fallback to route.exe
Tue Nov 17 21:56:37 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem

 

 

 

BUT, TAP interface was not working properly - my internet internet traffic was not routed through vpn.

 

EDIT: after disconnecting and connecting again everything was ok with TAP routing. Unbelievable.

 

Regarding the logs. I have already sent you the logs for another issue but still haven't got any response, so I think that it doesn't make sense to send them again - looks like devs are overloaded with work.

Share this post


Link to post
Share on other sites

It's normal for the developers to not send me any feedback (unless they need more information). Even if they aren't fixing bugs, they're always busy writing code, so they don't tend to offer any information unless I press them with a lot of questions. You can go ahead and get the debug logs, and I can send them to our QA Manager so that he can open a bug report on it. ;)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.