Re: [Openvpn-users] Openvpn 2.4.8 on Windows 10: TAP32 Adapter seems to be fubared

2020-04-03 Thread Nathan Stratton Treadway 
I received an off-list reply stating:
> On Fri, Apr 03, 2020 at 18:43:31 -0400, Nathan Stratton Treadway wrote:
> >Based on a quick glance, it looks this log file shows a bunch of
> >drivers getting installed from this c:\$WINDOWS.~BT\ directory
> >into the C:\windows directory.  Does this ring a bell with anyone?
> 
> That's the place Windows stored upgrade files for the 7/8 -> 10 free
> upgrade.

This particular machine was new in Dec 2019 and as far as I can tell it
never had any form of Windows 7 or 8 installed on it.

However, on 3/26 the user did do a "factory reset" operation to achieve
a fresh install of Windows 10, which I guess involves running the
Windows installer off of a hidden partition on the disk drive, so
perhaps that process also uses a c:\$WINDOWS.~BT\ directory?

But that still leaves unanswered the question why the Win7 version of
the tap0901 driver was somehow included as part of that process

Nathan

Nathan Stratton Treadway  -  natha...@ontko.com  -  Mid-Atlantic region
Ray Ontko & Co.  -  Software consulting services  -   http://www.ontko.com/
 GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt   ID: 1023D/ECFB6239
 Key fingerprint = 6AD8 485E 20B9 5C71 231C  0C32 15F3 ADCD ECFB 6239


___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] First time set up using openvpn

2020-04-03 Thread The Doctor via Openvpn-users 
On Fri, Apr 03, 2020 at 08:47:36PM -0600, The Doctor via Openvpn-users wrote:
> On Sat, Apr 04, 2020 at 01:59:43AM +0100, tincanteksup wrote:
> > Hi Doctor,
> > 
> > HMAC indicates that your --tls-auth settings are incorrect.
> > 
> > I point out the fault below.
> > 
> > Shameless plug:
> > https://github.com/TinCanTech/easy-tls/wiki

Nothing useless about this issue.


> > 
> > FTR:
> >   "# This file is secret"
> > could be better explained as
> >   "# This file is shared secret"
> > 

Well the file is set to 0600

> > HTH
> > tct
> > 
> > 
> > On 04/04/2020 00:30, The Doctor via Openvpn-users wrote:
> > > All right.
> > > 
> > > Trying to set up a  radius based authentication openvpn on
> > > Freebsd 12.!
> > > 
> > > .
> > > 
> > > Server file:
> > > -
> > > 
> > 
> > 
> > 
> > > 
> > > tls-auth /usr/local/etc/openvpn/server/ta.key 0 # This file is secret
> > > 
> > 
> > 
> > 
> > > ---
> > > 
> > > Trying either LDAP or Radius authentication methphds.
> > > 
> > > I have the following client file:
> > > 
> > > 
> > > 
> > 
> > 
> > 
> > > ;tls-auth /usr/local/etc/openvpn/server/ta.key 1
> > 
> > 
> > 
> > > 
> > > 
> > > 
> > > 
> > > server log is gving me this:
> > > 
> > > 
> > > 
> > > 
> > 
> > 
> > 
> > > Apr  3 17:13:41 doctor kernel: <118>Apr  3 17:13:41 doctor 
> > > openvpn[80649]: TLS Error: cannot locate HMAC in incoming packet from 
> > > [AF_INET]75.156.190.254:58210
> > 
> > 
> > 
> > > 
> > > 
> > > 
> > > what is needed to get this to work?
> > > 
> >
> 
> Will look up and please never top post
> 
> 
> For effective Internet Etiquette and communications read 
> http://catb.org/jargon/html/T/top-post.html, 
> http://idallen.com/topposting.html
> & http://www.caliburn.nl/topposting.html
> > 
> > ___
> > Openvpn-users mailing list
> > Openvpn-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 
> -- 
> Member - Liberal International This is doctor@@nl2k.ab.ca Ici 
> doctor@@nl2k.ab.ca
> Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist 
> rising!
> https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
> Those who cannot win on facts rely upon slander.  -unknown
> 
> 
> ___
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
Those who cannot win on facts rely upon slander.  -unknown


___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] First time set up using openvpn

2020-04-03 Thread The Doctor via Openvpn-users 
On Sat, Apr 04, 2020 at 01:59:43AM +0100, tincanteksup wrote:
> Hi Doctor,
> 
> HMAC indicates that your --tls-auth settings are incorrect.
> 
> I point out the fault below.
> 
> Shameless plug:
> https://github.com/TinCanTech/easy-tls/wiki
> 
> FTR:
>   "# This file is secret"
> could be better explained as
>   "# This file is shared secret"
> 
> HTH
> tct
> 
> 
> On 04/04/2020 00:30, The Doctor via Openvpn-users wrote:
> > All right.
> > 
> > Trying to set up a  radius based authentication openvpn on
> > Freebsd 12.!
> > 
> > .
> > 
> > Server file:
> > -
> > 
> 
> 
> 
> > 
> > tls-auth /usr/local/etc/openvpn/server/ta.key 0 # This file is secret
> > 
> 
> 
> 
> > ---
> > 
> > Trying either LDAP or Radius authentication methphds.
> > 
> > I have the following client file:
> > 
> > 
> > 
> 
> 
> 
> > ;tls-auth /usr/local/etc/openvpn/server/ta.key 1
> 
> 
> 
> > 
> > 
> > 
> > 
> > server log is gving me this:
> > 
> > 
> > 
> > 
> 
> 
> 
> > Apr  3 17:13:41 doctor kernel: <118>Apr  3 17:13:41 doctor openvpn[80649]: 
> > TLS Error: cannot locate HMAC in incoming packet from 
> > [AF_INET]75.156.190.254:58210
> 
> 
> 
> > 
> > 
> > 
> > what is needed to get this to work?
> > 
>

Will look up and please never top post


For effective Internet Etiquette and communications read 
http://catb.org/jargon/html/T/top-post.html, http://idallen.com/topposting.html
& http://www.caliburn.nl/topposting.html
> 
> ___
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
Those who cannot win on facts rely upon slander.  -unknown


___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] Openvpn 2.4.8 on Windows 10: TAP32 Adapter seems to be fubared

2020-04-03 Thread blz 

On 4/3/2020 12:06 PM, Nathan Stratton Treadway wrote:

On Fri, Apr 03, 2020 at 20:00:54 +0300, Samuli Seppänen wrote:

Hi,

Il 02/04/20 22:07, Nathan Stratton Treadway ha scritto:

Would this second option be consistent with the fact that the failed
setupapi log says the driver package was "already imported?

Seems like it. You can use



to get rid of all tap-windows instances in the Driver Store. That's what
I use when I need to be 100% positive the latest driver version is
actually being used and not some cached version.

Yeah, I will plan to do that once it seems like there's nothing more to
learn investigating the system in its current state


Is "oemvista.inf_amd64_6d4bec28a2ef0cdf" a name that is hard-coded
inside the TAP-Windows installer, or is that generated dynamically at
installer-execution time?

I have absolutely no idea. We don't actively create such identifiers,
identifiers so I have to assume it's Windows.

Well, I guess the interesting thing is that the same directory name was
used on both the failing- and succeeding-installation machines.  So I
guess it is baked into the driver-installer somewhere (unlike the
"c:\windows\inf\oem*.inf" name used, which was different between the two
machines)  But I'm wondering whether or not that directory name is
constant across tap-windows versions, etc.
What I am wondering is Windows Update, which can and does sometimes 
download drivers from Microsoft's repository, could be a possible 
culprit? I've seen WU time and again be the root cause of some pretty 
big driver-related headaches before.


--
blz


___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] Openvpn 2.4.8 on Windows 10: TAP32 Adapter seems to be fubared

2020-04-03 Thread Nathan Stratton Treadway 
On Thu, Apr 02, 2020 at 01:33:11 -0400, Nathan Stratton Treadway wrote:
> =
> $ diff -ui setupapi_TAP-Windows_{succeeded,failed}.log_cleaned
> --- setupapi_TAP-Windows_succeeded.log_cleaned2020-04-02 
> 00:18:12.0 -0400
> +++ setupapi_TAP-Windows_failed.log_cleaned   2020-04-02 00:19:09.0 
> -0400
> @@ -1,5 +1,5 @@
>  >>>  [Device Install (UpdateDriverForPlugAndPlayDevices) - tap0901]
> ->>>  Section start 2020/03/13 HH:MM:SS.sss
> +>>>  Section start 2020/03/27 HH:MM:SS.sss
>cmd: "C:\Program Files\TAP-Windows\bin\tapinstall.exe" install 
> "C:\Program Files\TAP-Windows\driver\OemVista.inf" tap0901
>   ndv: INF path: C:\Program Files\TAP-Windows\driver\OemVista.inf
>   ndv: Install flags: 0x0001
> @@ -9,19 +9,13 @@
>   dvi:  {Build Driver List} HH:MM:SS.sss
>   dvi:   Searching for hardware ID(s):
>   dvi:tap0901
> - sig:   {_VERIFY_FILE_SIGNATURE} HH:MM:SS.sss
> - sig:Key  = oemvista.inf
> - sig:FilePath = c:\program 
> files\tap-windows\driver\oemvista.inf
> - sig:Catalog  = c:\program 
> files\tap-windows\driver\tap0901.cat
> - sig:Success: File is signed in catalog.
> - sig:   {_VERIFY_FILE_SIGNATURE exit(0x)} HH:MM:SS.sss
>   dvi:   Created Driver Node:
>   dvi:HardwareID   - tap0901
>   dvi:InfName  - c:\program 
> files\tap-windows\driver\oemvista.inf
>   dvi:DevDesc  - TAP-Windows Adapter V9
>   dvi:Section  - tap0901.ndi
>   dvi:Rank - 0x00ff
> - dvi:Signer Score - WHQL
> + dvi:Signer Score - Authenticode
>   dvi:DrvDate  - 09/27/2019
>   dvi:Version  - 9.24.2.601
>   dvi:  {Build Driver List - exit(0x)} HH:MM:SS.sss
> @@ -40,70 +34,15 @@
>   ndv:   Inf Name   - oemvista.inf
>   ndv:   Driver Date- 09/27/2019
>   ndv:   Driver Version - 9.24.2.601
> + ndv:  Driver package 
> 'C:\WINDOWS\System32\DriverStore\FileRepository\oemvista.inf_amd64_6d4bec28a2ef0cdf\oemvista.inf'
>  is already imported.
>   sto:  {Setup Import Driver Package: c:\program 
> files\tap-windows\driver\oemvista.inf} HH:MM:SS.sss
> - inf:   Provider: TAP-Windows Provider V9
> - inf:   Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
> - inf:   Driver Version: 09/27/2019,9.24.2.601
> - inf:   Catalog File: tap0901.cat
> - sto:   {Copy Driver Package: c:\program 
> files\tap-windows\driver\oemvista.inf} HH:MM:SS.sss
[...]
> + sto:   Driver package already imported as 'oem43.inf'.

I am still not sure exactly how oem48.inf came to be pre-loaded on this
computer, but at this point it seems like an important question is "how
does Windows decide a driver package is 'already loaded'?"

When I looked around on the machine while the TAP driver was broken, I
believe that the oemvista.inf file that got pre-installed was identical
to the one distributed in the openvpn-install-2.4.8-I602-Win10.exe
file... while obviously the two tap0901.* files were different.

So I'm wondering if Windows just does some sort of file compare on the
.inf files and concludes "no work to do here" if they match?

Whatever the mechinism Windows uses, it seems maybe the .inf files could
to be tweaked in some way between the Win7 and Win10 packages so that if
the wrong one is pre-installed Windows goes ahead and uninstalls that
version rather than leaving it unchanged...

Nathan



Nathan Stratton Treadway  -  natha...@ontko.com  -  Mid-Atlantic region
Ray Ontko & Co.  -  Software consulting services  -   http://www.ontko.com/
 GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt   ID: 1023D/ECFB6239
 Key fingerprint = 6AD8 485E 20B9 5C71 231C  0C32 15F3 ADCD ECFB 6239


___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] First time set up using openvpn

2020-04-03 Thread tincanteksup 

Hi Doctor,

HMAC indicates that your --tls-auth settings are incorrect.

I point out the fault below.

Shameless plug:
https://github.com/TinCanTech/easy-tls/wiki

FTR:
  "# This file is secret"
could be better explained as
  "# This file is shared secret"

HTH
tct


On 04/04/2020 00:30, The Doctor via Openvpn-users wrote:

All right.

Trying to set up a  radius based authentication openvpn on
Freebsd 12.!

.

Server file:
-







tls-auth /usr/local/etc/openvpn/server/ta.key 0 # This file is secret






---

Trying either LDAP or Radius authentication methphds.

I have the following client file:








;tls-auth /usr/local/etc/openvpn/server/ta.key 1









server log is gving me this:









Apr  3 17:13:41 doctor kernel: <118>Apr  3 17:13:41 doctor openvpn[80649]: TLS 
Error: cannot locate HMAC in incoming packet from [AF_INET]75.156.190.254:58210








what is needed to get this to work?




___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

[Openvpn-users] First time set up using openvpn

2020-04-03 Thread The Doctor via Openvpn-users 
All right.

Trying to set up a  radius based authentication openvpn on 
Freebsd 12.!

.

Server file:
-

local 192.168.81.1

port 1194

proto udp

dev tun

ca /usr/local/etc/openvpn/server/ca.crt
cert /usr/local/etc/openvpn/server/issued/server.crt
key /usr/local/etc/openvpn/server/private/server.key

dh /usr/local/etc/openvpn/server/dh.pem

topology subnet

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS 192.168.81.1"
push "dhcp-option DNS 192.168.81.3"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DOMAIN domain.ca"

client-to-client

keepalive 10 120

tls-auth /usr/local/etc/openvpn/server/ta.key 0 # This file is secret

cipher AES-256-CBC

comp-lzo

max-clients 1000

user nobody
group nobody

persist-key
persist-tun

status /var/log/openvpn-status.log

verb 9
mute 20

explicit-exit-notify 1
fast-io
auth SHA512
remote-cert-tls client

---

Trying either LDAP or Radius authentication methphds.

I have the following client file:



client
dev tun
proto udp

remote doctor.nl2k.ab.ca 1194

nobind

ca ca.crt
cert client.crt
key client.key

revolv-retry infinite

persist-key
persist-tun

mute-replay-warnings
auth-user-pass
remote-cert-tls server
cipher AES-256-CBC
auth SHA512
;tls-auth /usr/local/etc/openvpn/server/ta.key 1
verb 9

mute 5





server log is gving me this:




Apr  3 17:13:41 doctor openvpn[80649]: SCHEDULE: schedule_find_least NULL
Apr  3 17:13:41 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=7 arg=0x002a9820
Apr  3 17:13:41 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=6 arg=0x002a8c14
Apr  3 17:13:41 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=9 arg=0x002a8c1c
Apr  3 17:13:41 doctor openvpn[80649]: I/O WAIT TR|Tw|SR|Sw [10/0]
Apr  3 17:13:41 doctor kernel: <118>Apr  3 17:13:41 doctor openvpn[80649]: TLS 
Error: cannot locate HMAC in incoming packet from [AF_INET]75.156.190.254:58210
Apr  3 17:13:42 doctor openvpn[80649]: PO_WAIT[0,0] fd=7 rev=0x0001 
rwflags=0x0001 arg=0x002a9820 
Apr  3 17:13:42 doctor openvpn[80649]:  event_wait returned 1
Apr  3 17:13:42 doctor openvpn[80649]: I/O WAIT status=0x0001
Apr  3 17:13:42 doctor openvpn[80649]: MULTI: REAP range 240 -> 256
Apr  3 17:13:42 doctor openvpn[80649]: UDPv4 read returned 14
Apr  3 17:13:42 doctor openvpn[80649]: TLS Error: cannot locate HMAC in 
incoming packet from [AF_INET]75.156.190.254:58210
Apr  3 17:13:42 doctor openvpn[80649]: GET INST BY REAL: 75.156.190.254:58210 
[failed]
Apr  3 17:13:42 doctor openvpn[80649]: SCHEDULE: schedule_find_least NULL
Apr  3 17:13:42 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=7 arg=0x002a9820
Apr  3 17:13:42 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=6 arg=0x002a8c14
Apr  3 17:13:42 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=9 arg=0x002a8c1c
Apr  3 17:13:42 doctor openvpn[80649]: I/O WAIT TR|Tw|SR|Sw [10/0]
Apr  3 17:13:42 doctor kernel: <118>Apr  3 17:13:42 doctor openvpn[80649]: TLS 
Error: cannot locate HMAC in incoming packet from [AF_INET]75.156.190.254:58210
Apr  3 17:13:43 doctor openvpn[80649]: PO_WAIT[0,0] fd=7 rev=0x0001 
rwflags=0x0001 arg=0x002a9820 
Apr  3 17:13:43 doctor openvpn[80649]:  event_wait returned 1
Apr  3 17:13:43 doctor openvpn[80649]: I/O WAIT status=0x0001
Apr  3 17:13:43 doctor openvpn[80649]: MULTI: REAP range 0 -> 16
Apr  3 17:13:43 doctor openvpn[80649]: UDPv4 read returned 14
Apr  3 17:13:43 doctor openvpn[80649]: TLS Error: cannot locate HMAC in 
incoming packet from [AF_INET]75.156.190.254:58210
Apr  3 17:13:43 doctor openvpn[80649]: GET INST BY REAL: 75.156.190.254:58210 
[failed]
Apr  3 17:13:43 doctor openvpn[80649]: SCHEDULE: schedule_find_least NULL
Apr  3 17:13:43 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=7 arg=0x002a9820
Apr  3 17:13:43 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=6 arg=0x002a8c14
Apr  3 17:13:43 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=9 arg=0x002a8c1c
Apr  3 17:13:43 doctor openvpn[80649]: I/O WAIT TR|Tw|SR|Sw [10/0]
Apr  3 17:13:43 doctor kernel: <118>Apr  3 17:13:43 doctor openvpn[80649]: TLS 
Error: cannot locate HMAC in incoming packet from [AF_INET]75.156.190.254:58210
Apr  3 17:13:44 doctor openvpn[80649]: PO_WAIT[0,0] fd=7 rev=0x0001 
rwflags=0x0001 arg=0x002a9820 
Apr  3 17:13:44 doctor openvpn[80649]:  event_wait returned 1
Apr  3 17:13:44 doctor openvpn[80649]: I/O WAIT status=0x0001
Apr  3 17:13:44 doctor openvpn[80649]: MULTI: REAP range 16 -> 32
Apr  3 17:13:44 doctor openvpn[80649]: UDPv4 read returned 14
Apr  3 17:13:44 doctor openvpn[80649]: TLS Error: cannot locate HMAC in 
incoming packet from [AF_INET]75.156.190.254:58210
Apr  3 17:13:44 doctor openvpn[80649]: GET INST BY REAL: 75.156.190.254:58210 
[failed]
Apr

Re: [Openvpn-users] Openvpn 2.4.8 on Windows 10: TAP32 Adapter seems to be fubared

2020-04-03 Thread Nathan Stratton Treadway 
On Fri, Apr 03, 2020 at 23:26:46 +0200, Gert Doering wrote:
> Hi,
> 
> On Fri, Apr 03, 2020 at 05:04:51PM -0400, Nathan Stratton Treadway wrote:
> > Just to wrap up some a few loose ends: the 10,042-byte tap0901.cat file
> > from the DriverStore... directory _does_ seem to have the unwanted
> > "OpenVPN, Inc." signature:
> 
> Now things are starting to get interesting... just this minute, I
> get a question on IRC (#openvpn-devel)
> 
> 23:06 < kitsune1> Anyone knows why Kaspersky anti virus includes tapwindows 
>   driver (looks like 9.23.x). I'm running into a conflict 
> with 
>   it and OpenVPN 2.4.8 install on a Windows machine. No tap 
>   adapter shows up (except the one Kaspersky installed) and 
>   services dont start etc.. Struggling with this for a user 
>   over a remote line.. sigh..
> 
> any chance that you have Kaspersky on the problematic Win10 machines?

I am not sure if this relates in any way to the Kaspersky situation...
but I did just track down a little bit of hint as to the origin of the
incorrect driver files on our failing box.

Specifically, I discoverd that there was a file
C:\Windows\INF\setupapi.offline.log which is dated 03/26/2020 04:04 PM,
so righin sync iwth the 03/26/2020 04:03 PM timestamp for the bizarre
oem43.inf file.

Sure enough, tap0901 is mentioned in that file:


>>>  [Import Driver Package -
>>>  C:\Windows\System32\DriverStore\FileRepository\oem
vista.inf_amd64_6d4bec28a2ef0cdf\oemvista.inf]
>>>  Section start 2020/03/26 12:03:38.780
   os: Version = 10.0.18362, Service Pack = 0.0, Suite = 0x0100, 
ProductType  = 1, Architecture = amd64
  
cmd:C:\$WINDOWS.~BT\Work\8281DF86-CE40-4716-9BC0-D8633386BCF0\dismhost.exe 
{7EE7940C-F55C-48C2-BD75-FFE81BDC58C9}
 sto: Driver Store   = C:\$WINDOWS.~BT\NewOS\Windows\System32\DriverStore 
(10.0.18362)
 sto: Driver Package = 
C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_6d4bec28a2ef0cdf\oemvista.inf
 sto: Architecture   = amd64
 sto: Flags  = 0x0040
 inf: Provider   = TAP-Windows Provider V9
 inf: Class GUID = {4d36e972-e325-11ce-bfc1-08002be10318}
 inf: Driver Version = 09/27/2019,9.24.2.601
 inf: Catalog File   = tap0901.cat
[...]


(I guess the timestamps in the log are 4 hours earlier than the file
timestamps, for some reason...)

Based on a quick glance, it looks this log file shows a bunch of drivers
getting installed from this c:\$WINDOWS.~BT\ directory into the
C:\windows directory.  Does this ring a bell with anyone?


Nathan




Nathan Stratton Treadway  -  natha...@ontko.com  -  Mid-Atlantic region
Ray Ontko & Co.  -  Software consulting services  -   http://www.ontko.com/
 GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt   ID: 1023D/ECFB6239
 Key fingerprint = 6AD8 485E 20B9 5C71 231C  0C32 15F3 ADCD ECFB 6239


___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] Openvpn 2.4.8 on Windows 10: TAP32 Adapter seems to be fubared

2020-04-03 Thread Nathan Stratton Treadway 
On Fri, Apr 03, 2020 at 23:26:46 +0200, Gert Doering wrote:
> Hi,
> 
> On Fri, Apr 03, 2020 at 05:04:51PM -0400, Nathan Stratton Treadway wrote:
> > Just to wrap up some a few loose ends: the 10,042-byte tap0901.cat file
> > from the DriverStore... directory _does_ seem to have the unwanted
> > "OpenVPN, Inc." signature:
> 
> Now things are starting to get interesting... just this minute, I
> get a question on IRC (#openvpn-devel)
> 
> 23:06 < kitsune1> Anyone knows why Kaspersky anti virus includes tapwindows 
>   driver (looks like 9.23.x). I'm running into a conflict 
> with 
>   it and OpenVPN 2.4.8 install on a Windows machine. No tap 
>   adapter shows up (except the one Kaspersky installed) and 
>   services dont start etc.. Struggling with this for a user 
>   over a remote line.. sigh..
> 
> any chance that you have Kaspersky on the problematic Win10 machines?

That sounds very similar, but as far as I can tell Kaspersky is NOT
installed on the box in question

Nathan



Nathan Stratton Treadway  -  natha...@ontko.com  -  Mid-Atlantic region
Ray Ontko & Co.  -  Software consulting services  -   http://www.ontko.com/
 GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt   ID: 1023D/ECFB6239
 Key fingerprint = 6AD8 485E 20B9 5C71 231C  0C32 15F3 ADCD ECFB 6239


___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] Openvpn 2.4.8 on Windows 10: TAP32 Adapter seems to be fubared

2020-04-03 Thread Gert Doering 
Hi,

On Fri, Apr 03, 2020 at 05:04:51PM -0400, Nathan Stratton Treadway wrote:
> Just to wrap up some a few loose ends: the 10,042-byte tap0901.cat file
> from the DriverStore... directory _does_ seem to have the unwanted
> "OpenVPN, Inc." signature:

Now things are starting to get interesting... just this minute, I
get a question on IRC (#openvpn-devel)

23:06 < kitsune1> Anyone knows why Kaspersky anti virus includes tapwindows 
  driver (looks like 9.23.x). I'm running into a conflict with 
  it and OpenVPN 2.4.8 install on a Windows machine. No tap 
  adapter shows up (except the one Kaspersky installed) and 
  services dont start etc.. Struggling with this for a user 
  over a remote line.. sigh..

any chance that you have Kaspersky on the problematic Win10 machines?

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] Openvpn 2.4.8 on Windows 10: TAP32 Adapter seems to be fubared

2020-04-03 Thread Nathan Stratton Treadway 
On Fri, Apr 03, 2020 at 14:56:05 -0400, Nathan Stratton Treadway wrote:
> However, when I search under c:\windwos\, the tap0901.sys files found
> are different:
> 
> =
> C:\Windows>dir /s tap0901.*
>  Volume in drive C is Windows
>  Volume Serial Number is 0687-5D0C
> 
>  Directory of C:\Windows\System32\drivers
> 10/31/2019  02:09 AM30,720 tap0901.sys
>1 File(s) 30,720 bytes
> 
>  Directory of 
> C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_6d4bec28a2ef0cdf
> 10/31/2019  02:11 AM10,042 tap0901.cat
> 10/31/2019  02:09 AM30,720 tap0901.sys
>2 File(s) 40,762 bytes
> 
>  Total Files Listed:
>3 File(s) 71,482 bytes
>0 Dir(s)  79,828,119,552 bytes free
> =
> 

Just to wrap up some a few loose ends: the 10,042-byte tap0901.cat file
from the DriverStore... directory _does_ seem to have the unwanted
"OpenVPN, Inc." signature:

=
$ ls -l failed_DriverStore_oemvista.inf_amd64_6d4bec28a2ef0cdf_tap0901.cat 
-rw-rw-r-- 1 nathanst nathanst 10042 Apr  3 16:22 
failed_DriverStore_oemvista.inf_amd64_6d4bec28a2ef0cdf_tap0901.cat

$ sha1sum failed_DriverStore_oemvista.inf_amd64_6d4bec28a2ef0cdf_tap0901.cat 
d99e38968de1ca1850971a2b81bfdab49626aaed  
failed_DriverStore_oemvista.inf_amd64_6d4bec28a2ef0cdf_tap0901.cat

$ strings failed_DriverStore_oemvista.inf_amd64_6d4bec28a2ef0cdf_tap0901.cat | 
grep "OpenVPN\|Code Sign"
"DigiCert EV Code Signing CA (SHA2)0
OpenVPN Inc.1
OpenVPN Inc.0
"DigiCert EV Code Signing CA (SHA2)0
"DigiCert EV Code Signing CA (SHA2)

=


As I mentioned in the previous email, the
emvista.inf_amd64_6d4bec28a2ef0cdf has a timestamp which coincides with
the moment that the OpenVPN installer was being run.

However, I noticed that the oem43.inf file does have an earlier
timestamp:

=
Directory of c:\windows\inf
03/26/2020  04:03 PM 7,537 oem43.inf
03/27/2020  11:09 AM 8,828 oem43.PNF
=

... though weirdly Windows on that box was reinstalled in the _morning_ of
3/26, and 16:03 doesn't correspond to any entries at all in the
setupapi.dev.log file (which jumps from 2020/03/26 12:30:18 in one entry
to 2020/03/27 07:50:45 in the next).  So it doesn't quite seem like
oem43.inf would have been created during the initial reinstall of
Windows, but I also don't know what would have created it later that
day...

The c:\windows\inf\oem43.inf file is identical to the one in C:\Program
Files\TAP-Windows\driver:

=
$ sha1sum failed_windows-inf_oem43.inf failed_program-files_OemVista.inf 
d85f4e65fe10f13ded1780ddbd074edfc75f2d25  failed_windows-inf_oem43.inf
d85f4e65fe10f13ded1780ddbd074edfc75f2d25  failed_program-files_OemVista.inf
=

... but I suppose that might just indicate that the Win7 and Win10
versions of that file are identical (if in fact the \windows\inf\ copy
came from the Win7 drivers somehow).


Nathan



Nathan Stratton Treadway  -  natha...@ontko.com  -  Mid-Atlantic region
Ray Ontko & Co.  -  Software consulting services  -   http://www.ontko.com/
 GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt   ID: 1023D/ECFB6239
 Key fingerprint = 6AD8 485E 20B9 5C71 231C  0C32 15F3 ADCD ECFB 6239


___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] Openvpn 2.4.8 on Windows 10: TAP32 Adapter seems to be fubared

2020-04-03 Thread Nathan Stratton Treadway 
On Fri, Apr 03, 2020 at 20:00:54 +0300, Samuli Seppänen wrote:
> Hi,
> 
> Il 02/04/20 22:07, Nathan Stratton Treadway ha scritto:
> > 
> > Would this second option be consistent with the fact that the failed
> > setupapi log says the driver package was "already imported?
> 
> Seems like it. You can use
> 
> 
> 
> to get rid of all tap-windows instances in the Driver Store. That's what
> I use when I need to be 100% positive the latest driver version is
> actually being used and not some cached version.

Yeah, I will plan to do that once it seems like there's nothing more to
learn investigating the system in its current state

> 
> > Is "oemvista.inf_amd64_6d4bec28a2ef0cdf" a name that is hard-coded
> > inside the TAP-Windows installer, or is that generated dynamically at
> > installer-execution time?
> 
> I have absolutely no idea. We don't actively create such identifiers,
> identifiers so I have to assume it's Windows.

Well, I guess the interesting thing is that the same directory name was
used on both the failing- and succeeding-installation machines.  So I
guess it is baked into the driver-installer somewhere (unlike the
"c:\windows\inf\oem*.inf" name used, which was different between the two
machines)  But I'm wondering whether or not that directory name is
constant across tap-windows versions, etc.


Nathan


Nathan Stratton Treadway  -  natha...@ontko.com  -  Mid-Atlantic region
Ray Ontko & Co.  -  Software consulting services  -   http://www.ontko.com/
 GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt   ID: 1023D/ECFB6239
 Key fingerprint = 6AD8 485E 20B9 5C71 231C  0C32 15F3 ADCD ECFB 6239


___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] Openvpn 2.4.8 on Windows 10: TAP32 Adapter seems to be fubared

2020-04-03 Thread Nathan Stratton Treadway 
On Thu, Apr 02, 2020 at 21:16:48 +0300, Samuli Seppänen wrote:
> So, with 7zip on Windows I opened
> 
> openvpn-install-2.4.8-i602-Win10.exe
> -> $TEMP
>-> tap-windows.exe
>   -> driver
> 
> That contains OemVista.inf, tap0901.cat and tap0901.sys in three
> flavors: i386, amd64 and arm64. I extracted the cat and sys files and
> checked their signatures. They were all signed by Microsoft. With
> "Get-AuthenticodeSignature " all showed SignerCertificate
> starting with 87D211E3. Checking the File Properties showed that
> corresponds to Microsoft.
> 
> The installer I extracted had a sha1sum of
> 
> 9c3fa39b6dc1ca9a02bf940c0509cf58a13fdf7d

So...

I took our copy of openvpn-install-2.4.8-i602-Win10.exe and was able
extract tap-windows.exe out of it.  (In case it helps anyone following
along on this thread later, I found that the "p7zip-full" Ubuntu
package, and the "7z" command, was needed in order to unpack the NSIS
installer executable.)

=
$ sha1sum openvpn-install-2.4.8-I602-Win10.exe 
9c3fa39b6dc1ca9a02bf940c0509cf58a13fdf7d  openvpn-install-2.4.8-I602-Win10.exe

$ 7z e openvpn-install-2.4.8-I602-Win10.exe '$TEMP/tap-windows.exe'

7-Zip [64] 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18
p7zip Version 9.20 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,8 CPUs)

Processing archive: openvpn-install-2.4.8-I602-Win10.exe

Extracting  $TEMP/tap-windows.exe

Everything is Ok

Size:   587928
Compressed: 4335648

$ sha1sum tap-windows.exe 
2dc03ec37fa11783f1d1965961a93237cde12f69  tap-windows.exe

$ 7z x tap-windows.exe
[... bunch of files extracted...]
=

When I did that second extraction, the three flavors you mention all
unpacked into the same subdirectory (which had a non-ASCII directory
name), but I assume that's just a side-effect of the NSIS archive format
somehow.  To proceed with the unpacking I chose the "A(u)to rename
all" option so all the duplicate files were renamed as they unpacked.


Anyway the main point from that is that all nine files unpacked in the
.../drivers/ subdirectory were dated 10/23:

=
$ ls -lR
[...]
./???/driver:
total 176
-rw-rw-r-- 1 nathanst nathanst  7537 Oct 23 04:38 OemVista_1.inf
-rw-rw-r-- 1 nathanst nathanst  7533 Oct 23 04:37 OemVista_2.inf
-rw-rw-r-- 1 nathanst nathanst  7537 Oct 23 04:38 OemVista.inf
-rw-rw-r-- 1 nathanst nathanst 10861 Oct 23 06:00 tap0901_1.cat
-rw-rw-r-- 1 nathanst nathanst 40128 Oct 23 06:00 tap0901_1.sys
-rw-rw-r-- 1 nathanst nathanst 10866 Oct 23 05:02 tap0901_2.cat
-rw-rw-r-- 1 nathanst nathanst 35008 Oct 23 05:02 tap0901_2.sys
-rw-rw-r-- 1 nathanst nathanst 10711 Oct 23 04:58 tap0901.cat
-rw-rw-r-- 1 nathanst nathanst 39920 Oct 23 04:58 tap0901.sys

[...]
=

(and, consistent with what you found under windows, all three .sys files
contain the string "Microsoft Windows Hardware Compatibility
Publisher" no file contains the string "OpenVPN, Inc.").

In this case, the non-auto-renamed files are the amd64 flavor of the
driver:
=
$ grep amd *.inf
OemVista.inf:   %Provider% = tap0901, NTamd64
OemVista.inf:[tap0901.NTamd64]

$ file *.sys
tap0901_1.sys: PE32+ executable (native), for MS Windows
tap0901_2.sys: PE32 executable (native) Intel 80386, for MS Windows
tap0901.sys:   PE32+ executable (native) x86-64, for MS Windows

$ ls -l OemVista.inf tap0901.*
-rw-rw-r-- 1 nathanst nathanst  7537 Oct 23 04:38 OemVista.inf
-rw-rw-r-- 1 nathanst nathanst 10711 Oct 23 04:58 tap0901.cat
-rw-rw-r-- 1 nathanst nathanst 39920 Oct 23 04:58 tap0901.sys
=



So, turning my attention to the Windows box where the installation
failed, I found that the c:\program files\ files do match the
amd64-flavor files unpacked above.

=
Directory of C:\Program Files\TAP-Windows\driver
03/27/2020  11:09 AM  .
03/27/2020  11:09 AM  ..
10/23/2019  04:38 AM 7,537 OemVista.inf
10/23/2019  04:58 AM10,711 tap0901.cat
10/23/2019  04:58 AM39,920 tap0901.sys
=

However, when I search under c:\windwos\, the tap0901.sys files found
are different:

=
C:\Windows>dir /s tap0901.*
 Volume in drive C is Windows
 Volume Serial Number is 0687-5D0C

 Directory of C:\Windows\System32\drivers
10/31/2019  02:09 AM30,720 tap0901.sys
   1 File(s) 30,720 bytes

 Directory of 
C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_6d4bec28a2ef0cdf
10/31/2019  02:11 AM10,042 tap0901.cat
10/31/2019  02:09 AM30,720 tap0901.sys
   2 File(s) 40,762 bytes

 Total Files Listed:
   3 File(s) 71,482 bytes
   0 Dir(s)  79,828,119,552 bytes free
=


These two files .sys files are indeed identical, and looking inside them
with "strings" it appears they are not signed.  (The strings "Microsoft"
and "Hardware" don't occur, and the spot at the end of the file where
the various strings that appear to be related to the signing certificate
in the Oct 23/39,920-byte version of the file has no sim

Re: [Openvpn-users] Openvpn 2.4.8 on Windows 10: TAP32 Adapter seems to be fubared

2020-04-03 Thread Samuli Seppänen 
Hi,

Il 02/04/20 22:07, Nathan Stratton Treadway ha scritto:
> On Thu, Apr 02, 2020 at 21:16:48 +0300, Samuli Seppänen wrote:
>> The installer I extracted had a sha1sum of
>>
>> 9c3fa39b6dc1ca9a02bf940c0509cf58a13fdf7d
>>
>> That matches the sha1sum of openvpn-install-2.4.8-i602-Win10.exe's which
>> I just a few minutes ago downloaded from the official download page and
>> our alternative download server:
> 
> Yes, this matches the other copies of the installer we have (though
> unfortunately on the machine where this failed, the installer .exe file
> was not saved, so I guess there is some remote possibility that it was
> not the same file, somehow).
> 
> 
>>
>> 
>> 
>>
>> At this point I have no clue where a Windows 7 version of the driver
>> could have appeared from, unless:
>>
>> - The installer you're using is somehow accidentally not the correct one
>> - Windows has the Windows 7 driver hidden somewhere (Driver Store)
> 
> Would this second option be consistent with the fact that the failed
> setupapi log says the driver package was "already imported?

Seems like it. You can use



to get rid of all tap-windows instances in the Driver Store. That's what
I use when I need to be 100% positive the latest driver version is
actually being used and not some cached version.

> Is "oemvista.inf_amd64_6d4bec28a2ef0cdf" a name that is hard-coded
> inside the TAP-Windows installer, or is that generated dynamically at
> installer-execution time?

I have absolutely no idea. We don't actively create such identifiers,
identifiers so I have to assume it's Windows.

> 
> Anway, I will see if I can determine anything by checking the timestamps
> for the various c:\windows\ files mentioned in the log, etc.

Ok, let me know what you find!

Samuli


___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users