8
6
Fork
You've already forked windows
1

Windows client does not connect on Windows 11 24H2 ARM #261

Closed
opened 2025年04月09日 11:31:11 +02:00 by bepok · 6 comments

Hello,

I have 2 users using Windows 11 on ARM (different hardware). About 3 months ago I tested the application on my system and it worked. A few days ago a colleague came to me reporting that the client does not connect to the server on his machine. When I tried (usually I run Linux on this machine) it doesn't work anymore. I had Windows updates installed since the time the connection worked. I tried updating the client to the last released version but that did not resolve the issue.

The symptom is that the client authorization works (opens VPN server in browser, login and authorize the client is OK), but then when clicking the connect slider in the client it tries connecting and then fails after a second or two.

I have a bunch of other users using Windows on Intel/AMD who have no issues. Also no issues on other systems (Mac and Linux).

Using OpenVPN connect or Wireguard client (with manual configuration) on the misbehaving system works, so it doesn't seem to be a server issue.

Server is up to date v3 on Debian 12. All I get in the logs there is this when I try to connect with the misbehaving client:

Apr 09 11:02:37 openvpn1 openvpn[464]: MANAGEMENT: Client connected from /run/openvpn-server/XXX-admins-1.sock
Apr 09 11:02:37 openvpn1 openvpn[464]: MANAGEMENT: CMD 'kill CaIW1stqA5aYSHIQ/ZSi7fyXoLeQ0bMyEp4GJs4I5BE='
Apr 09 11:02:37 openvpn1 openvpn[471]: MANAGEMENT: Client connected from /run/openvpn-server/XXX-users-1.sock
Apr 09 11:02:37 openvpn1 openvpn[471]: MANAGEMENT: CMD 'kill CaIW1stqA5aYSHIQ/ZSi7fyXoLeQ0bMyEp4GJs4I5BE='
Apr 09 11:02:37 openvpn1 openvpn[471]: MANAGEMENT: Client disconnected
Apr 09 11:02:37 openvpn1 openvpn[463]: MANAGEMENT: Client connected from /run/openvpn-server/XXX-admins-0.sock
Apr 09 11:02:37 openvpn1 openvpn[463]: MANAGEMENT: CMD 'kill CaIW1stqA5aYSHIQ/ZSi7fyXoLeQ0bMyEp4GJs4I5BE='
Apr 09 11:02:37 openvpn1 openvpn[463]: MANAGEMENT: Client disconnected
Apr 09 11:02:37 openvpn1 openvpn[465]: MANAGEMENT: Client connected from /run/openvpn-server/XXX-users-0.sock
Apr 09 11:02:37 openvpn1 openvpn[465]: MANAGEMENT: CMD 'kill CaIW1stqA5aYSHIQ/ZSi7fyXoLeQ0bMyEp4GJs4I5BE='
Apr 09 11:02:37 openvpn1 openvpn[465]: MANAGEMENT: Client disconnected
Apr 09 11:02:37 openvpn1 openvpn[464]: MANAGEMENT: Client disconnected

I managed to get the client logs by editing the config file directly, but I don't see anything useful there. I attached a sanitized version (replaced server hostname, my username and computer name).

I didn't know how to force the usage of wireguard for testing in the client, it seems it only tries openvpn. Also it would probably be useful to get openvpn client logs, but I don't know how to get those.

Hello, I have 2 users using Windows 11 on ARM (different hardware). About 3 months ago I tested the application on my system and it worked. A few days ago a colleague came to me reporting that the client does not connect to the server on his machine. When I tried (usually I run Linux on this machine) it doesn't work anymore. I had Windows updates installed since the time the connection worked. I tried updating the client to the last released version but that did not resolve the issue. The symptom is that the client authorization works (opens VPN server in browser, login and authorize the client is OK), but then when clicking the connect slider in the client it tries connecting and then fails after a second or two. I have a bunch of other users using Windows on Intel/AMD who have no issues. Also no issues on other systems (Mac and Linux). Using OpenVPN connect or Wireguard client (with manual configuration) on the misbehaving system works, so it doesn't seem to be a server issue. Server is up to date v3 on Debian 12. All I get in the logs there is this when I try to connect with the misbehaving client: ``` Apr 09 11:02:37 openvpn1 openvpn[464]: MANAGEMENT: Client connected from /run/openvpn-server/XXX-admins-1.sock Apr 09 11:02:37 openvpn1 openvpn[464]: MANAGEMENT: CMD 'kill CaIW1stqA5aYSHIQ/ZSi7fyXoLeQ0bMyEp4GJs4I5BE=' Apr 09 11:02:37 openvpn1 openvpn[471]: MANAGEMENT: Client connected from /run/openvpn-server/XXX-users-1.sock Apr 09 11:02:37 openvpn1 openvpn[471]: MANAGEMENT: CMD 'kill CaIW1stqA5aYSHIQ/ZSi7fyXoLeQ0bMyEp4GJs4I5BE=' Apr 09 11:02:37 openvpn1 openvpn[471]: MANAGEMENT: Client disconnected Apr 09 11:02:37 openvpn1 openvpn[463]: MANAGEMENT: Client connected from /run/openvpn-server/XXX-admins-0.sock Apr 09 11:02:37 openvpn1 openvpn[463]: MANAGEMENT: CMD 'kill CaIW1stqA5aYSHIQ/ZSi7fyXoLeQ0bMyEp4GJs4I5BE=' Apr 09 11:02:37 openvpn1 openvpn[463]: MANAGEMENT: Client disconnected Apr 09 11:02:37 openvpn1 openvpn[465]: MANAGEMENT: Client connected from /run/openvpn-server/XXX-users-0.sock Apr 09 11:02:37 openvpn1 openvpn[465]: MANAGEMENT: CMD 'kill CaIW1stqA5aYSHIQ/ZSi7fyXoLeQ0bMyEp4GJs4I5BE=' Apr 09 11:02:37 openvpn1 openvpn[465]: MANAGEMENT: Client disconnected Apr 09 11:02:37 openvpn1 openvpn[464]: MANAGEMENT: Client disconnected ``` I managed to get the client logs by editing the config file directly, but I don't see anything useful there. I attached a sanitized version (replaced server hostname, my username and computer name). I didn't know how to force the usage of wireguard for testing in the client, it seems it only tries openvpn. Also it would probably be useful to get openvpn client logs, but I don't know how to get those.
Collaborator
Copy link

Thank you for reporting this. Will investigate...

Thank you for reporting this. Will investigate...
Collaborator
Copy link

I did research on this issue. It happens on every ARM64 Windows. The call path is: eduVPN Client >> openvpnserv.exe >> openvpn.exe >> OpenSSL initialization >> Access Violation 0xc0000005.

I've upgraded OpenSSL from 3.4.1 to 3.5, but the problem remains.

There is already a GitHub issue about it here: https://github.com/openssl/openssl/issues/26239.

Disabling optimizations for OpenSSL library did help to get it past initialization, but the crypto is still not working, OpenVPN can't do the key exchange with the server.

I'm afraid, best we can do is wait for the OpenSSL team to fix this. eduVPN Client for Windows ARM64 remains broken for OpenVPN connections. Maybe you can offer WireGuard tunnels on your VPN server too?

Downgrading OpenSSL to the last version that worked is security-wise not acceptable.

Should OpenSSL team not fix this in reasonable time, I may attempt to compile OpenVPN to use MbedTLS on ARM64? Thou would like to keep the same crypto library on all platforms for convenience.

I did research on this issue. It happens on every ARM64 Windows. The call path is: eduVPN Client >> openvpnserv.exe >> openvpn.exe >> OpenSSL initialization >> Access Violation 0xc0000005. I've upgraded OpenSSL from 3.4.1 to 3.5, but the problem remains. There is already a GitHub issue about it here: https://github.com/openssl/openssl/issues/26239. Disabling optimizations for OpenSSL library did help to get it past initialization, but the crypto is still not working, OpenVPN can't do the key exchange with the server. I'm afraid, best we can do is wait for the OpenSSL team to fix this. eduVPN Client for Windows ARM64 remains broken for OpenVPN connections. Maybe you can offer WireGuard tunnels on your VPN server too? Downgrading OpenSSL to the last version that worked is security-wise not acceptable. Should OpenSSL team not fix this in reasonable time, I may attempt to compile OpenVPN to use MbedTLS on ARM64? Thou would like to keep the same crypto library on all platforms for convenience.
Collaborator
Copy link

I have compiled OpenSSL and OpenVPN using Visual Studio 2019 which is not affected by this bug. On my test ARM64 device eduVPN client works now.

You can download the release here: https://codeberg.org/eduVPN/windows/releases/tag/4.3.2

Thank you for your patience.

I have compiled OpenSSL and OpenVPN using Visual Studio 2019 which is not affected by this bug. On my test ARM64 device eduVPN client works now. You can download the release here: https://codeberg.org/eduVPN/windows/releases/tag/4.3.2 Thank you for your patience.
Author
Copy link

I can confirm it works, thank you!

I can confirm it works, thank you!
Collaborator
Copy link

The latest release 4.4-pre was compiled using Visual Studio 2022 17.14.0 which was supposed to fix this issue, but the OpenVPN still does not work on ARM64 (while on x64 and x86 it does).

The latest release [4.4-pre](https://codeberg.org/eduVPN/windows/releases/tag/4.3.99.0) was compiled using Visual Studio 2022 17.14.0 which was supposed to fix this issue, but the OpenVPN still does not work on ARM64 (while on x64 and x86 it does).
Collaborator
Copy link

Appears that some Visual Studio 2022 updates later, the OpenSSL on ARM64 issue is finally resolved. I've built a fresh client release and OpenVPN+OpenSSL on ARM64 works normally now.

Appears that some Visual Studio 2022 updates later, the OpenSSL on ARM64 issue is finally resolved. I've built a fresh client release and OpenVPN+OpenSSL on ARM64 works normally now.
Sign in to join this conversation.
No Branch/Tag specified
master
study/no-token-import
ver/3.x
govVPN
ver/3.3.0.x
ver/2.x
ver/1.x
4.6
4.5.99.8
4.5.99.7
4.5.99.6
4.5.99.5
4.5.99.4
4.5.99.3
4.5.99.2
4.5.99.1
4.5.99.0
4.5
4.4.99.4
4.4.99.3
4.4.99.2
4.4.99.1
4.4.99.0
4.4
4.3.99.1
4.3.99.0
4.3.2
4.3.1
4.3
4.2.8
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2
4.1.7
4.1.6
4.1.5
4.1.4
4.1.3
4.1.2
4.1.1
4.1
4.0
3.255.23
3.255.22
3.255.21
3.255.20
3.255.19
3.7
3.6.2
3.6.1
3.255.18
3.255.17
3.255.16
3.255.15
3.6
3.255.14
3.5
3.255.13
3.4.3
3.255.12
3.255.11
3.255.10
3.255.9
3.255.8
3.255.7
3.255.6
3.255.5
3.255.4
3.255.3
3.255.2
3.4.2
3.4.1
3.255.1
3.255
3.4
3.3.8
3.3.7
3.3.6
3.3.5
3.3.4
3.3.0.1
3.3.3
3.3.2
3.3.1
3.3
3.2.2
3.2.1
3.2
3.1.8
3.1.7
3.1.6
3.1.5
3.1.4
3.1.3
3.1.2
3.1.1
3.1
3.0.5
3.0.4
3.0.3
3.0.2
3.0.1
3.0
2.255.6
2.255.5
2.255.4
2.255.3
2.255.2
2.255.1
2.1.4
2.255.0
2.1.3
2.1.2
2.1.1
2.1
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0
1.255.11
1.255.10
1.255.9
1.0.39
1.255.8
1.255.7
1.255.6
1.255.5
1.0.38
1.255.4
1.0.37
1.255.3
1.255.2
1.255.1
1.255.0
1.0.36
1.0.34
1.0.35
1.0.33
1.0.32
1.0.31
1.0.30
1.0.29
1.0.28
1.0.27
1.0.26
1.0.25
1.0.24
1.0.23
1.0.22
1.0.21
1.0.20
1.0.19
1.0.18
1.0.17
1.0.16
audit/2017-12
1.0.15
1.0.14
1.0.13
1.0.12
1.0.11
1.0-alpha8
1.0-alpha6
1.0-alpha5
1.0-alpha4a
1.0-alpha3
1.0-alpha2a
1.0-alpha1
1.0-alpha
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
eduVPN/windows#261
Reference in a new issue
eduVPN/windows
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?