Skip to content

How to fix OpenVPN randomly disconnecting on Windows 10

After the anniversary update of Windows 10, many OpenVPN users saw their clients randomly disconnecting.

The issue is that the anniversary release of Windows 10 conflicts with the TAP driver used by OpenVPN.  You’d think with the size and technical ability of Microsoft they would fix this issue with OpenVPN.



Step 1 – Change Adapter Settings

Network & sharing centre > Change Adapter Settings

openvpn fix 1

Step 2 – Select the Tap Adapter (used by OpenVPN)

Right click on the Tap Adapter > Properties

openvpn fix 2

Step 3 – Internet Protocol V4

Properties Button

openvpn fix 3

Step 4 – Advanced Button

openvpn fix 4

Step 5 – Turn off Automatic

Windows 10 defaults to “Automatic Metric”.   You do not want automatic.

You may need to calculate the correct MTU (or pack size).

openvpn mtu

Here’s the MTU set to 1420

openvpn 1420


Your OpenVPN interface/connection should now become stable.

Fix 2 – if the above fix fails then reinstall the TAP driver.


Always trust OpenVPN > Installopenvpn fix always trust


Phase 2 – is your DNS not stable?

The anniversary coding for Windows 10 is utter rubbish.  If the steps above fail to correct a DNS issue when using OpenVPN – here is phase 2 fix of the DNS.

The fix for this is found at:

Windows 10 OpenVPN DNS Issues

There is a “bug” in Windows 10 where its DNS resolution uses the interface metrics assigned to it, and OpenVPN’s network interface has too high of a metric to be used for DNS.

To fix it we’ll lower the metric of the OpenVPN interface so it takes priority when you are connected to the VPN.

Identify The OpenVPN Interface Name

First open your Windows 10 Settings menu via the start menu -> Settings.  Then click the “Network & Internet” tile:

From there go to the “Ethernet” tab on the left, then click “Change adapter options” under “Related Settings”.  This will open a window with all of your network adapters, similar to the below:

The next step is to locate which out of these interfaces is the OpenVPN adapter, it will be the one with the words “TAP-Windows Adapter” on the 3rd line (selected above).  Make a note of the name of this adapter.  In the above example it is “Local Area Connection 5”, and we’ll use that moving forward but substitute your own interface’s name instead in the commands below as it is likely different.

Open An Admin Command Prompt

Press   (windows key + x) and pick “Command Prompt (Admin)”:

In the command window type in “netsh int ip show interfaces” which should present a list of all the interfaces:

The value we’re looking for is “Met” (short for “Metric”).  You can see our OpenVPN connection (“Local Area Connection 5”) has a higher or same metric as other network connections.  We need to set this metric value to a lower number than all the other interfaces.

In this case a value of 4 will be lower than all the other interfaces, so we’ll use that.  In the command window run the command “netsh int ip set interface “Local Area Connection 5″ metric=25”, substituting the OpenVPN interface you identified in the first step:

Lastly run the “netsh int ip show interfaces” command again and confirm that the OpenVPN interface is the lowest “Met” value:

Reconnect to the VPN

Attempt to reconnect to the VPN and see if DNS resolution works


My honest advice is that if you’re within the 10 days roll back period of this anniversary update – GET RID OF IT FOR HEAVENS SAKE!!

Vault 7: Infect Apple MAC firmware – Embedded even if Operating system is reinstalled

Today, March 23rd 2017, WikiLeaks releases Vault 7 “Dark Matter”, which contains documentation for several CIA projects that infect Apple Mac firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA’s Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

Among others, these documents reveal the “Sonic Screwdriver” project which, as explained by the CIA, is a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting” allowing an attacker to boot its attack software for example from a USB stick “even when a firmware password is enabled”. The CIA’s “Sonic Screwdriver” infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

“DarkSeaSkies” is “an implant that persists in the EFI firmware of an Apple MacBook Air computer” and consists of “DarkMatter”, “SeaPea” and “NightSkies”, respectively EFI, kernel-space and user-space implants.

Documents on the “Triton” MacOSX malware, its infector “Dark Mallet” and its EFI-persistent version “DerStarke” are also included in this release. While the DerStarke1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

Also included in this release is the manual for the CIA’s “NightSkies 1.2” a “beacon/loader/implant tool” for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization’s supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.


The internet of things: how your TV, car and toys could spy on you – Guardian

Smart as a joke has been relabeled as “Surveillance marketed as revolutionary technology”.  There is nothing smart about having a TV that records every conversation in your home, and stores the audio files.

In fact there is an argument to call the buyer “dumb” if they buy a Smart TV, that records their child in the bedroom.  You know that right?


Can your smart TV spy on you? Absolutely, says the US director of national intelligence. The ever-widening array of “smart” web-enabled devices pundits have dubbed the internet of things [IoT] is a welcome gift to intelligence officials and law enforcement, according to director James Clapper.

“In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials,” Clapper told the Senate in public testimony on Tuesday.

As a category, the internet of things is useful to eavesdroppers both official and unofficial for a variety of reasons, the main one being the leakiness of the data. “[O]ne helpful feature for surveillance is that private sector IoT generally blabs a lot, routinely into some server, somewhere,” said Lee Tien, a senior staff attorney at the Electronic Frontier Foundation. “That data blabbing can be insecure in the air, or obtained from storage.”

There are a wide variety of devices that can be used to listen in, and some compound devices (like cars) that have enough hardware to form a very effective surveillance suite all by themselves. There are, of course, legitimate and tightly warranted reasons for law enforcement surveillance, and there are also companies that take hard lines against turning their users over to the government. But hardware manufacturers often default to crummy security, or don’t offer a choice, and consumers often make themselves more vulnerable than they should.

“One of my technologists has a phrase: ‘internet of other people’s things,’” Tien said. “[E]ven if you bought it, it’s not necessarily truly yours – it may need to talk to the vendor’s machines to work, handing over data about you or those around you (if it has sensors); it may have features you don’t know about or don’t know how to control or can’t control.”

Intelligence officials are not the only ones interested in cracking our hi-tech homes. Knowing when you are in and out, what you have and where you keep it is invaluable information for thieves. And just think what tales your devices could tell divorce lawyers.

Dan Kaminsky, security researcher and chief scientist of White Ops, said despite the worries the internet of things is here to stay. “There’s a lot of work to do building the secure and maintainable platforms of the future, but I think it’ll happen,” he said. “We know this technology isn’t perfect but we know the tremendous human potential it unlocks.”

What’s watching you in today’s houses:

Password Rules Are Bullshit – CodingHorror

Have you seen the classic XKCD about passwords?

To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize.

We can certainly debate whether “correct horse battery staple” is a viable password strategy or not, but the argument here is mostly that length matters.


That's What She Said

No, seriously, it does. I’ll go so far as to say your password is too damn short. These days, given the state of cloud computing and GPU password hash cracking, any password of 8 characters or less is perilously close to no password at all.

So then perhaps we have one rule, that passwords must not be short. A long password is much more likely to be secure than a short one … right?

And what of those nice, long passwords? Are they always secure?


Of course not, because have you met any users lately?

I changed all my passwords to

They consistently ruin every piece of software I’ve ever written. Yes, yes, I know you, Mr. or Ms. über-geek, know all about the concept of entropy. But expressing your love of entropy as terrible, idiosyncratic password rules …

  • must contain uppercase
  • must contain lowercase
  • must contain a number
  • must contain a special character

… is a spectacular failure of imagination in a world of Unicode and Emoji.

I also advocated checking passwords against the 100,000 most common passwords. If you look at 10 million passwords from data breaches in 2016, you’ll find the top 25 most used passwords are:


Even this data betrays some ASCII-centrism. The numbers are the same in any culture I suppose, but I find it hard to believe the average Chinese person will ever choose the passwords “password”, “quertyuiop”, or “mynoob”. So this list has to be customizable, localizable.

If you examine the data, this also turns into an argument in favor of password length. Note that only 5 of the top 25 passwords are 10 characters, so if we require 10 character passwords, we’ve already reduced our exposure to the most common passwords by 80%. I saw this originally when I gathered millions and millions of leaked passwords for Discourse research, then filtered the list down to just those passwords reflecting our new minimum requirement of 10 characters or more.

It suddenly became a tiny list. (If you’ve done similar common password research, please do share your results in the comments.)

I’d like to offer the following common sense advice to my fellow developers:

1. Password rules are bullshit

  • They don’t work.
  • They heavily penalize your ideal audience, people that use real random password generators. Hey guess what, that password randomly didn’t have a number or symbol in it. I just double checked my math textbook, and yep, it’s possible. I’m pretty sure.
  • They frustrate average users, who then become uncooperative and use “creative” workarounds that make their passwords less secure.
  • They are often wrong, in the sense that the rules chosen are grossly incomplete and/or insane, per the many shaming links I’ve shared above.
  • Seriously, for the love of God, stop with this arbitrary password rule nonsense already. If you won’t take my word for it, read this 2016 NIST password rules recommendation. It’s right there, “no composition rules”. However, I do see one error, it should have said “no bullshit composition rules”.


Encryption Works – Analysis of CIA wikileaks – we need more encryption – NY Times

Encryption works.


Vault 7: CIA Hacking Tools Revealed – Wikileaks

CIA malware targets iPhone, Android, smart TVs


CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA’s DDI (Directorate for Digital Innovation). The DDI is one of the five major directorates of the CIA (see this organizational chart of the CIA for more details).

The EDG is responsible for the development, testing and operational support of all backdoors, exploits, malicious payloads, trojans, viruses and any other kind of malware used by the CIA in its covert operations world-wide.

The increasing sophistication of surveillance techniques has drawn comparisons with George Orwell’s 1984, but “Weeping Angel”, developed by the CIA’s Embedded Devices Branch (EDB), which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization.

The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS. After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.

As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.

The CIA’s Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone.

Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includesnumerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.

A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. “Year Zero” shows that as of 2016 the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.


CIA malware targets Windows, OSx, Linux, routers

The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware. This includes multiple local and remote weaponized “zero days”, air gap jumping viruses such as “Hammer Drill” which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas ( “Brutal Kangaroo”) and to keep its malware infestations going.

Many of these infection efforts are pulled together by the CIA’s Automated Implant Branch (AIB), which has developed several attack systems for automated infestation and control of CIA malware, such as “Assassin” and “Medusa”.

Attacks against Internet infrastructure and webservers are developed by the CIA’s Network Devices Branch (NDB).

The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB’s “HIVE” and the related “Cutthroat” and “Swindle” tools, which are described in the examples section below.



Blue light affects sleep – so use FREE f.lux – sleep research

Did you know that the blue light of laptops affects our sleeping patterns, in a negative manner?  The solution is quite easy – install f.lux.

F.lux will alter the blue tones of your screen, according to the time.  So that at night time your monitor will have a pinkish soothing tone, that promotes sleep.

When you consider that the number of children and adults with sleep related issues has increased ten fold, clearly something is the villian of the peace.  Try f.lux and see how you get on.

Linux: How to run BASH shell on Windows 10 – The Visual Guide

We all love the linux BASH interface, but were you aware that Windows 10 could offer BASH?


Step 1 – Windows 10 Anniversary Build 14393.

Check that you’re running the Anniversary Build 14393.

Search for “about your pc”- look for build version 14393

Home > Windows Settings


Step 2 – Settings > Update & Security

Turn on Developer options > RESTART


Step 3 – Turn Windows Features On

Search “Windows Features” > look for Windows Subsystem for Linux (Beta) > tick this option


Wait a long time…..

RESTART (2nd time)


Step 4 – Run BASH

Open a cmd prompt

Type “BASH” and “Y” (for yes)

Wait a long time….

The first time you run Bash you will be asked for a totally separate login id – so I used Root.

Note this ID will appear in your BASH screen, so if anyone will see it – please keep it polite.


Step 5 – Linux Commands to monitor system performance





Multiformats LogoMultiformats / Multihash – from MIT

Multihash is a protocol for differentiating outputs from various well-established hash functions, addressing size + encoding considerations. It is useful to write applications that future-proof their use of hashes, and allow multiple hash functions to coexist.

Safer, easier cryptographic hash function upgrades

Multihash is particularly important in systems which depend on cryptographically secure hash functions. Attacks may break the cryptographic properties of secure hash functions. These cryptographic breaks are particularly painful in large tool ecosystems, where tools may have made assumptions about hash values, such as function and digest size. Upgrading becomes a nightmare, as all tools which make those assumptions would have to be upgraded to use the new hash function and new hash digest length. Tools may face serious interoperability problems or error-prone special casing.

How many programs out there assume a git hash is a sha1 hash?

How many scripts assume the hash value digest is exactly 160 bits?

How many tools will break when these values change?

How many programs will fail silently when these values change?

This is precisely where Multihash shines. It was designed for upgrading.

When using Multihash, a system warns the consumers of its hash values that these may have to be upgraded in case of a break. Even though the system may still only use a single hash function at a time, the use of multihash makes it clear to applications that hash values may use different hash functions or be longer in the future. Tooling, applications, and scripts can avoid making assumptions about the length, and read it from the multihash value instead. This way, the vast majority of tooling – which may not do any checking of hashes – would not have to be upgraded at all. This vastly simplifies the upgrade process, avoiding the waste of hundreds or thousands of software engineering hours, deep frustrations, and high blood pressure.

The Multihash Format

A multihash follows the TLV (type-length-value) pattern.

  • the type <hash-func-type> is an unsigned variable integer identifying the hash function. There is a default table, and it is configurable. The default table is the multihash table.
  • the length <digest-length> is an unsigned variable integer counting the length of the digest, in bytes
  • the value <digest-value> is the hash function digest, with a length of exactly <digest-length> bytes.
unsigned varint code of the hash function being used
unsigned varint digest length, in bytes
hash function output value, with length matching the prefixed length value

For example:

Hashing function: sha2-256 (code in hex: 0x12)
Length: 32 (in hex: 0x20)
Digest: 41dd7b6443542e75701aa98a0c235951a28a0d851b11564d20022ab11d2589a8


These implementations are available:


The following multihash examples are different hash function outputs of the same exact input:


The multihash examples are chosen to show different hash functions and different hash digest lengths at play.

sha1 – 160 bits

Hashing function: sha1 (code in hex: 0x11)
Length: 20 (in hex: 0x14)
Digest: 8a173fd3e32c0fa78b90fe42d305f202244e2739

sha2-256 – 256 bits (aka sha256)

Hashing function: sha2-256 (code in hex: 0x12)
Length: 32 (in hex: 0x20)
Digest: 41dd7b6443542e75701aa98a0c235951a28a0d851b11564d20022ab11d2589a8

sha2-512 – 256 bits

Hashing function: sha2-512 (code in hex: 0x13)
Length: 32 (in hex: 0x20)
Digest: 52eb4dd19f1ec522859e12d89706156570f8fbab1824870bc6f8c7d235eef5f4

sha2-512 – 512 bits (aka sha512)

Hashing function: sha2-512 (code in hex: 0x13)
Length: 64 (in hex: 0x40)
Digest: 52eb4dd19f1ec522859e12d89706156570f8fbab1824870bc6f8c7d235eef5f4c2cbbafd365f96fb12b1d98a0334870c2ce90355da25e6a1108a6e17c4aaebb0

blake2b-512 – 512 bits

Hashing function: blake2b-512 (code in hex: 0xb240)
Length: 64 (in hex: 0x40)
Digest: d91ae0cb0e48022053ab0f8f0dc78d28593d0f1c13ae39c9b169c136a779f21a0496337b6f776a73c1742805c1cc15e792ddb3c92ee1fe300389456ef3dc97e2

blake2b-256 – 256 bits

Hashing function: blake2b-256 (code in hex: 0xb220)
Length: 32 (in hex: 0x20)
Digest: 7d0a1371550f3306532ff44520b649f8be05b72674e46fc24468ff74323ab030

blake2s-256 – 256 bits

Hashing function: blake2s-256 (code in hex: 0xb260)
Length: 32 (in hex: 0x20)
Digest: a96953281f3fd944a3206219fad61a40b992611b7580f1fa091935db3f7ca13d

blake2s-128 – 128 bits

Hashing function: blake2s-128 (code in hex: 0xb250)
Length: 16 (in hex: 0x10)
Digest: 0a4ec6f1629e49262d7093e2f82a3278


Q: Why have digest length as a separate number?

Because combining hash function code and hash digest length ends up with a function code really meaning “function-and-digest-size-code”. Makes using custom digest sizes annoying, and much less flexible. We would need hundreds of codes for all the combinations people would want to use.

Q: Why varints (variable integers)?

So that we have no limitation on functions or lengths.

Q: What kind of varints?

A Most Significant Bit unsigned varint, as defined by the multiformats/unsigned-varint doc.

Q: Don’t we have to agree on a table of functions?

Yes, but we already have to agree on functions, so this is not hard. The table even leaves some room for custom function codes.

Q: Why not use "sha256:<digest>"?

For three reasons:

  • (1) Multihash and all other multiformats endeavor to make the values be “in-band” and to be treated as the original value. The construction <string-prefix>:<hex-digest>is human readable and tuned for some outputs. Hashes are stored compactly in their binary representation. Forcing applications to always convert is cumbersome (split on :, turn the right hand side into binary, remove the :, concat).
  • (2) Multihash and all other multiformats endeavor to be as compact as possible, which means a binary packed representation will help save a lot of space in systems that use millions or billions of hashes. For example, a 100 TB file in IPFS may have as many as 400 million subobjects, which would mean 400 million hashes.
    400,000,000 hashes * (7 - 2) bytes = 2 GB
  • (3) The length is extremely useful when hashes are truncated. This is a type of choice that should be expressed in-band. It is also useful when hashes are concatenated or kept in lists, and when scanning a stream quickly.

Q: Is Multihash only for cryptographic hashes?

What about non-cryptographic hashes like murmur3, cityhash, etc?

We decided to make Multihash work for all hash functions, not just cryptographic hash functions. The same kind of choices that people make around

We wanted to be able to include MD5 and SHA1, as they are widely used even now, despite no longer being secure. Ultimately, we could consider these cryptographic hash functions that have transitioned into non-cryptographic hash functions. Perhaps all of them eventually do.

Q: How do I add hash functions to the table?

Three options to add custom hash functions:

  • (1) If other applications would benefit from this hash function, propose it at the multihash repo
  • (2) If your function is only for your application, tou can add a hash function to the table in a range reserved specially for this purpose. See the table.
  • (3) If you need to use a completely custom table, most implementations support loading a separate hash function table.

Q. I want to upgrade a large system to use Multihash. Could you help me figure out how?

Sure, ask for help in IRC, github, or other fora. See the Multiformats Community listing.

Q. I wish Multihash would _______. I really hate _______.

Those are not questions. But please leave any and all feedback over in the Multihash repo. It will help us improve the project and make sure it addresses our users’ needs. Thanks!



There is a spec in progress, which we hope to submit to the IETF. It is being worked on at this pull-request.


The Multihash format was invented by @jbenet, and refined by the IPFS Team. It is now maintained by the Multiformats community. The Multihash implementations are written by a variety of authors, whose hard work has made future-proofing and upgrading hash functions much easier. Thank you!

Open Source

The Multihash format (this documentation and the specification) is Open Source software, licensed under the MIT License and patent-free. The multihash implementations listed here are also Open Source software. Please contribute to make them great! Your bug reports, new features, and documentation improvements will benefit everyone.

Part of the Multiformats Project

Multihash is part of the Multiformats Project, a collection of protocols which aim to future-proof systems, today. Check out the other multiformats. It is also maintained and sponsored by Protocol Labs.


Group Policy – How to map network drives using group policy windows server

Where you need to create a mapped drive for an AD group, we use Group Policy Preferences. The second video is more realistic for everyday use than the first video.

Group Policy Management > Preferences > AD Group  or default domain policy >

r/click > edit > user configuration > preferences > windows settings > drive mpas > r/click > new mapped drive > create/ paste in path to drive/label drive/reconnect/drive letter for drive/show this drive > ok

Last use gpupdate /force to force the gp update.

Gpupdate /force

%d bloggers like this: