blog.plee.me About software, technology and random things

13Oct/090

OpenVPN on Windows Vista / 7 – Ping says: TTL expired in transit

Hi there!

When I set up my VPN with OpenVPN yesterday, I found out about a little difficulty under Windows Vista and 7. Thankfully it was not that much of a hurdle as the UAC was the reason for this bug just like for a series of other bugs with different software I experimented with over the last few weeks. Nevertheless I hope that this piece of information helps you get rid of the following problem.

If you have set up your VPN and got it running without any major problems, and everything seems to be running just fine (connecting works), but you still can't establish connections to the other machines, you might find that pinging returns the error message "TTL expired in transit". This is due to the fact that Vista (or Windows 7) needs administrator privileges to adjust your computer's settings properly in order to function when you've connected to the VPN successfully. I think it's about the route.exe process, but I'm not 100% sure.

Windows Vista and 7 have the equally famous as infamous UAC (User Account Control) that prevents even administrator privileged accounts from executing programs with administrator rights by default. In order to enable these rights you have to right-click the program (or program shortcut) and click on "Run as administrator" next to the yellow-blue shield if it does not run with administrator rights exclusively anyway (in which case you'd see the yellow-blue shield in the bottom right corner of the program icon itself and would be asked for administrator privileges automatically when you launch it as any other program).

Please note that the following steps are for on-demand OpenVPN connections. For automatic connections, read further below.

OpenVPN on-demand connection

So what you need to do is launch the connection with UAC. But how do you do that if you usually launch OpenVPN connections with a right-click and "Start OpenVPN on this config file"? Even creating a shortcut to the .ovpn file doesn't give you the "Run as administrator" option.

A simple solution is to create a batch file that simply changes to the work directory and executes .ovpn with the openvpn.exe.

Example file "ovpn_connection1.bat":

@echo off
D:
cd \Programs\OpenVPN\config-ondemand\
D:\Programs\OpenVPN\bin\openvpn.exe D:\Programs\OpenVPN\config-ondemand\connection1.ovpn

This batch file has the following parameters/assumptions:

  • Your OpenVPN dir is on the D: partition (otherwise change the drive letter in the respective paths and leave the "D:" line out altogether).
  • The path to your OpenVPN dir is D:\Programs\OpenVPN.
  • Your connection configuration file is located in the config-ondemand subdirectory.

Basically, you just switch to the work directory and execute OpenVPN's openvpn.exe located in its bin dir on the configuration. In a way, this works as a shortcut, but just as an executable batch.

The @echo off part is just so that you won't see the other commands displayed in the window each time you start the connection.

Now you either make a shortcut to this batch file or use it itself.

Whenever you want to start the connection, right-click on it and select "Run as administrator".

Done! Test your ping and it should be fine.

OpenVPN automatic connection

All you need to do is to move the .ovpn configuration file and all the other required files into the config subdirectory of your OpenVPN installation.

When the OpenVPN service (Start => Run => services.msc) is started, it will look for .ovpn files in its config subdirectory and execute them all - with SYSTEM privileges. No UAC circumvention needed.

So just set your OpenVPN service to "Automatic" and you're good to go!

OpenVPN on-demand connection with OpenVPN service

Just do what is described under the "OpenVPN automatic connection" paragraph except for setting the service to "Manual".

Now each time you want to launch the connection, you just need to type "net start OpenVPNService". To stop it, type "net stop OpenVPNService".

Note on using connections with the OpenVPN service

As the OpenVPN service feature executes *all* .ovpn configuration in the config subdirectory, there is no way to manually interfere with one particular connection of that directory and let's say disable it shortly. All config-connections are handled as a group with the OpenVPN service.

So if you need manual independency, look at the on-demand section.

I hope this wasn't all too fuzzy with the wordings and such.

Please comment or contact me if you have any questions on this matter.

Thanks for reading!

13Aug/0910

Disabling Windows Vista / 7 / 8 / 10 Explorer’s Automatic Folder Type Discovery

Hey!

Update from 2015-09-06: I just used this for Windows 10 and it still works!

I very recently installed Windows 7 on my desktop computer and I'm loving it so far.

One of the major things that bugged me though was the new Explorer behavior. The automatic folder type discovery just goes ahead and tries to determine a folder type just by looking at how many (or if there are) files of a certain type (pictures, videos, songs, ...) are in the current folder, and then it adjusts the viewing settings accordingly. For example, if you open a folder that contains mainly video files, it would show those with big icons instead of my default, a detailed list. Pictures are displayed as thumbnails.

Disabling this behavior proved to be interestingly difficult. As with most things that have been declared a default setting by Microsoft, it luckily can be done - but only via registry.

First we need to delete our current folder type settings.

  • Close all open Explorer windows.
  • Open the registry editor with Start => Run => regedit and browse to HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell.
  • Delete and confirm the deletion of the keys BagMRU and Bags.
  • Now create a Key (right-click on the current key in the left pane and select New => Key) called Bags.
  • Create a subkey for Bags called AllFolders.
  • Create a subkey for AllFolders called Shell.
  • Create a String value (right-click in the right pane and select New => String Value) called FolderType and set the value to NotSpecified.
  • That's it for Windows 7. Please read the note for Windows Vista x64 below. Otherwise, just reboot and your new settings should be applied.

That's it for Windows 7. If you're using Windows Vista x64, it might be possible that there is a copy of (or a similar) the Local Settings\Software\Microsoft\Windows\Shell key in HKEY_CURRENT_USER\Software\Classes\Wow6432Node. I could not confirm this for Windows 7, though I am using the 64 bit version (it just had a CLSID subkey, nothing more). In that case, delete the Shell\Bags and Shell\BagMRU folders like I told you above before finishing your modifications with a reboot.

Warning: as always, playing around with the Windows registry can be dangerous when done incorrectly. If you do not feel safe about it, make sure to back up the keys you're about to modify via File => Export, or leave it altogether. I do not take any responsibility for any damage, nor do I give any guarantee that the steps I provided here will work for you. At least they worked for me.

Hopefully that was of help to you ๐Ÿ™‚

I discovered the initial instructions on mydigitallife.info. Thank's so much ๐Ÿ™‚ Had a hard time finding a guide for that.

   
%d bloggers like this: