OpenVPN on Windows Vista / 7 – Ping says: TTL expired in transit
Hi there!
When I set up my VPN with OpenVPN yesterday, I found out about a little difficulty under Windows Vista and 7. Thankfully it was not that much of a hurdle as the UAC was the reason for this bug just like for a series of other bugs with different software I experimented with over the last few weeks. Nevertheless I hope that this piece of information helps you get rid of the following problem.
If you have set up your VPN and got it running without any major problems, and everything seems to be running just fine (connecting works), but you still can't establish connections to the other machines, you might find that pinging returns the error message "TTL expired in transit". This is due to the fact that Vista (or Windows 7) needs administrator privileges to adjust your computer's settings properly in order to function when you've connected to the VPN successfully. I think it's about the route.exe process, but I'm not 100% sure.
Windows Vista and 7 have the equally famous as infamous UAC (User Account Control) that prevents even administrator privileged accounts from executing programs with administrator rights by default. In order to enable these rights you have to right-click the program (or program shortcut) and click on "Run as administrator" next to the yellow-blue shield if it does not run with administrator rights exclusively anyway (in which case you'd see the yellow-blue shield in the bottom right corner of the program icon itself and would be asked for administrator privileges automatically when you launch it as any other program).
Please note that the following steps are for on-demand OpenVPN connections. For automatic connections, read further below.
OpenVPN on-demand connection
So what you need to do is launch the connection with UAC. But how do you do that if you usually launch OpenVPN connections with a right-click and "Start OpenVPN on this config file"? Even creating a shortcut to the .ovpn file doesn't give you the "Run as administrator" option.
A simple solution is to create a batch file that simply changes to the work directory and executes .ovpn with the openvpn.exe.
Example file "ovpn_connection1.bat":
@echo off D: cd \Programs\OpenVPN\config-ondemand\ D:\Programs\OpenVPN\bin\openvpn.exe D:\Programs\OpenVPN\config-ondemand\connection1.ovpn
This batch file has the following parameters/assumptions:
- Your OpenVPN dir is on the D: partition (otherwise change the drive letter in the respective paths and leave the "D:" line out altogether).
- The path to your OpenVPN dir is D:\Programs\OpenVPN.
- Your connection configuration file is located in the config-ondemand subdirectory.
Basically, you just switch to the work directory and execute OpenVPN's openvpn.exe located in its bin dir on the configuration. In a way, this works as a shortcut, but just as an executable batch.
The @echo off part is just so that you won't see the other commands displayed in the window each time you start the connection.
Now you either make a shortcut to this batch file or use it itself.
Whenever you want to start the connection, right-click on it and select "Run as administrator".
Done! Test your ping and it should be fine.
OpenVPN automatic connection
All you need to do is to move the .ovpn configuration file and all the other required files into the config subdirectory of your OpenVPN installation.
When the OpenVPN service (Start => Run => services.msc) is started, it will look for .ovpn files in its config subdirectory and execute them all - with SYSTEM privileges. No UAC circumvention needed.
So just set your OpenVPN service to "Automatic" and you're good to go!
OpenVPN on-demand connection with OpenVPN service
Just do what is described under the "OpenVPN automatic connection" paragraph except for setting the service to "Manual".
Now each time you want to launch the connection, you just need to type "net start OpenVPNService". To stop it, type "net stop OpenVPNService".
Note on using connections with the OpenVPN service
As the OpenVPN service feature executes *all* .ovpn configuration in the config subdirectory, there is no way to manually interfere with one particular connection of that directory and let's say disable it shortly. All config-connections are handled as a group with the OpenVPN service.
So if you need manual independency, look at the on-demand section.
I hope this wasn't all too fuzzy with the wordings and such.
Please comment or contact me if you have any questions on this matter.
Thanks for reading!
How To: Migrate an Existing Windows System to Another Hard Drive Using Acronis TrueImage
Hi!
Because of a new hard drive I bought a week ago I decided to transfer my existing system, running on a 250 GB hard drive, to my new 1 TB one. I was lucky enough to at least have made some experiences with migrating an existing system to a Virtual Machine in conjunction with Acronis TrueImage Home 2009 before, so that's what came in handy for me.
What you need
- Backup software like Acronis TrueImage Home 2009
- BartPE with Acronis TrueImage Plug-In / bootable version of your backup software
- Windows installation disc (preferably the same Windows version as your current system)
- New system hard drive which is either empty or ready to be re-formatted (backup your important data on it!)
Procedure
- Start Acronis TrueImage Home 2009 and make a backup of your system partition.
- Save the backup to a partition / hard drive that you will have access to later on while using the bootable backup restorer. This means: No (TrueCrypt-)encrypted partition. Ideally it would fit on a disc or USB stick (which my didn't with a size of 7 GB). Just make sure you will be able to access it later on. I know BartPE is able to access all hard drives (without encryption at least) and should give you access to a USB drive as well, as long as you have it connected while it's booting up. If you don't want to move it over to a USB drive or DVD or anything else, there is also a nice little trick at the end of this howto: (*).
- Shut down your computer and make sure your new system drive is connected as the first device to avoid improper device numbering. This means using the first connector for SATA/IDE or whatever. If you are using both SATA and IDE, I don't know how that's handled. I'm just assuming you somehow have figured it out π
- Boot from your Windows installation disc.
- If you haven't done it previously under Windows, partition the new system drive properly. That means to have the partitions created in the correct order. If you haven't (or aren't sure any more), delete them and do it over again just to make it right. Maybe the order is not necessary, but I had a lot of trouble with that before, so I'm just playing safe.
- Install Windows as usual to the point when you've started up your brand new Windows installation for the first time and are watching the Start Menu in awe.
- Boot from your bootable backup software (or BartPE with the plugin) and fire it up.
- Restore the image. Don't select MBR / Track 0, however, because we just created a proper MBR (Master Boot Record) by installing Windows.
- That's it! You should be done. Now a reboot should provide you with your old system on a new hard drive. Congratulations π
I don't guarantee anything, and I admit to having tried several methods for half a day till I got it right π This should work fine though, because it basically is what I did the time when it finally worked.
If you have partitions with programs on it that would be started on bootup, make sure you copy it (file by file) before you start your system on the new hard drive.
While you could do that by connecting your old system drive and booting from that, then copying the files over, you could also do it beforehand by using the Windows Disk Management tool to erase all partitions and partition it properly before the Windows installation. This allows you to format the specific partitions and copy the files over to it while you're still on your old system. (*) Also, you can add the backup image onto that partition, so you don't have to burn a DVD or move the image over to a USB stick or ... (you get the point). However, if you create and format the partitions on your old system, make sure to
- (naturally) not touch them during the Windows installation progress or your data on them will be inaccessible
- rename your partitions properly after booting up your new system because your old Windows already assigned them (probably different) drive letters. You can do that in the Windows Disk Management tool as well.
I hope I didn't forget anything. If I did, I'll be sure to add it later on π
Thanks for reading and good luck!
How To Migrate Your Live Windows System To VirtualBox
Hey!
Ever regret that Sun didn't include something like a migration assistant for your live Windows system in VirtualBox?
My method concentrates on these basic steps:
- Create a backup of your whole system partition
- Create a new VirtualBox Hard Disk
- Install Windows onto the VirtualBox Hard Disk to create a function MBR (Master Boot Record)
- Apply the backup onto your VirtualBox Hard Disk
Done!
What you need:
- Sun VirtualBox
- Acronis TrueImage Home 2009 (or an equivalent backup program)
- File-to-ISO converter (like a CD/DVD burning program, e.g. Ahead Nero or Alcohol 120%)
- The Windows installation disc
Process:
- Start Acronis TrueImage and create a backup of your whole system partition. For version 2009 doesn't mean System State but My Computer => Disk 1 => C:. Leave Back up sector-by-sector unchecked. Adjust the other settings to your liking and start the backup process.
- Go to Tools => Create Bootable Rescue Media and create the image as an ISO file.
- Use your File-to-ISO converter or burning software to convert your .tbi backup file to an ISO that you will be able to mount it as a CD/DVD later on. (Reason being that I had problems selecting the right partition to be replaced by the backup when I had two partitions mounted to the virtual machine - the other one included the backup file. Also you won't be able to install the Guest Additions, so you can't mount folders over the VirtualBox shared folders.)
- Start VirtualBox and create a new Machine. Choose your current OS and name it as you like.
- During the process create a new Boot Hard Disk and give it the same size as your current system partition (maybe less if you know the size will be enough).
- Adjust the settings of your new machine and start it.
- Mount the Windows installation disc and install Windows. This is so that a proper MBR (Master Boot Record) is created because we will need one in order to boot from the final system.
- After the Windows installation (as soon as you see the Windows Start Menu and stuff), mount the Acronis Bootable Rescue Media ISO as a CD/DVD and boot from it.
- Select Acronis True Image Home (Full Version) and you'll see the TrueImage program like you did in Windows.
- Dismount the current CD/DVD image.
- Mount your the ISO with your backup file.
- Click on Manage and Restore => Browse for backup... and open the CD/DVD Drive which should have the backup image file right there. If it doesn't, try unmounting and remounting it again.
- Right-click on the backup in the list and select Restore.
- Select the hard disk (partition) you just created and continue. Make sure that the Restore MBR (Master Boot Recover) / Track 0 checkbox is unchecked.
- Let it run through.
- Now reboot your machine.
- Congratulations! You should have a working copy of your live system in VirtualBox!
I guess there are a couple of kinks here and there because I didn't actually do it like that (I installed Windows on the virtual machine before I attempted to restore via Acronis Bootable Rescue Media ... yeah, silly me π ) and it was about 3 days ago, so I'm writing off the top of my head.
Please give me feedback if it worked! (And also if it didn't!) π
In the case of Windows XP (and probably Vista and 7) because of the major change of hardware (actual drivers replaced by virtual drivers) you will be required to re-activate your Windows copy. XP gives you a maximum of 3 days for that.
Just thought I'd mention it for clarity's sake π
Good luck and have fun!