"Waiting for the management interface to come up"

[Samg381]

This issue is completely undocumented and has plagued every installation of OpenVPN GUI I've ever made. It is enormously frustrating to me and has cost me dozens of hours of troubleshooting.

My goal is for OpenVPN to connect to a profile before the user logs in. Should be simple, right?

So, I place my .ovpn configuration file in the C:\Program Files\OpenVPN\config-auto directory per the OpenVPN instructions.

When I restart the computer, or try to launch the persistent profile manually, I am greeted with the following error:

"Could not parse --management option..."

To resolve this, I add management 127.0.0.1 41000 mysecret.txt to my .ovpn configuration file, along with mysecret.txt containing a dummy password. I also set port offset in the OpenVPN settings page to 41000 as well. I asked how to do this a year ago (#656) and was told by @cron2 this was the correct procedure (@selvanair also upvoted his solution)

Despite adding this line, I receive the following, different, error:

"Waiting for the management interface to come up"

---

My .ovpn config is as follows (address/certificate redacted):

client
dev tun
proto tcp
remote url.removed.for.security 1194
resolv-retry infinite
nobind
management 127.0.0.1 41000 mysecret.txt


# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup

persist-key
persist-tun

auth-user-pass
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3

auth SHA1
key-direction 1

reneg-sec 0

redirect-gateway def1

<ca>
-----BEGIN CERTIFICATE-----

---

I have already enabled the OpenVPN Pre-login auth provider feature when installing OpenVPN:

How do I fix this issue? I have read through this thread, which is the only other mention of this issue, and did not find any meaningful solution despite the many thousands of words posted.

Any help would be appreciated.

[selvanair]

Did you restart OpenVPNservice after editing the config file? Else GUI is trying to connect to the old instance which is not listening on any management interface as it has no idea that you have edited the config file.

Prelogon provider is unrelated to this unless you also want to start the connection from the login screen.

Anyway, instructions for this are in the README file: https://github.com/OpenVPN/openvpn-gui?tab=readme-ov-file#persistent-or-pre-started-connections

It doesn't mention the need for restarting the service after editing config file -- instead it says "It requires that such connections be started with --management 127.0.0.1 port [pw-file] option in their config file". Here "should be started with.." is the keyword.

In retrospect, I guess we should just say reboot after doing all that as that is the usual "Windows way" that users seem to understand.

[Samg381]

Did you restart OpenVPNservice after editing the config file?

Hi, yes I did. I also tried restarting the computer between edits to be extra certain. I even tried killing the daemon as well as the service after making an edit.

Based on what little I know about the management interface, it appears my installation is not properly building / starting it. I have tried uninstalling it / reinstalling it several times, and have used different release versions. I have also replicated the issue on three different computers. I am at wit's end.

Please let me know if there is anything else I can try.

[selvanair]

Check the log file -- you will find it in Program Files\OpenVPN\log\ named after the config filename with extension ".log" It may have something useful.

[selvanair]

I just noticed that you have auth-user-pass in the config. That wont work for a process started at boot as there is no way to supply the password.
If you want the connection to wait for the GUI to come up so that it can then prompt for password, you need to instruct that in the config. Carefully read the instructions in the README -- see link posted earlier.

Alternatively, connections started at boot are normally setup with no username password or with credentials in a file. There is not much point in starting a connection at boot if it cant complete until the user logs in and starts the GUI. Unless the real goal is implementing connect start before logon.

[Samg381]

Interesting, thank you very much for the detail. So it seems auth-user-pass is the culprit.. That is a rather bizarre limitation, but somewhat understandable given the system-wide nature of the connection (I suppose they don't want one person's user/pass being used prior to login on a multi-user computer). It would be nice if this could be overridden in some way, especially for home connections that I just want to start when I login. That said, I think the error handling should be enhanced here, as well as the documentation to more clearly articulate this limitation.

[selvanair]

Interesting, thank you very much for the detail. So it seems auth-user-pass is the culprit.. That is a rather bizarre limitation

This is not a limitation. Read the instructions in the README I linked to and you will know how to use auth-user-pass in this case. If you refuse to read instructions, please stop wasting our time.

[Samg381]

I'm not refusing anything. I read the documentation after you linked it, understood it, and thanked you. The error message and phone book of documentation is user hostile, period. Your nasty comment is unappreciated, as I have been unfailingly polite, and am also a contributor here. Have a good one.

[schwabe]

But you also did not ask follow up question on the documentation or pointing out what you are missing in that documentation. So to me it makes the impression if you are not willing to put in the effort and read the documentation and understand it. So I understand Selva's reaction here.