{"id":622,"date":"2013-05-21T21:11:00","date_gmt":"2013-05-21T19:11:00","guid":{"rendered":"http:\/\/michlstechblog.info\/blog\/?p=622"},"modified":"2013-06-02T23:15:20","modified_gmt":"2013-06-02T21:15:20","slug":"openvpn-generate-a-random-mac-address-for-tap-interfaces-in-windows","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/openvpn-generate-a-random-mac-address-for-tap-interfaces-in-windows\/","title":{"rendered":"OpenVPN: Generate a random MAC Address for TAP Interfaces on Windows"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_622 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_622')){$('.twoclick_social_bookmarks_post_622').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"OpenVPN%3A%20Generate%20a%20random%20MAC%20Address%20for%20TAP%20Interfaces%20on%20Windows\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Aif%20you%20use%20some%20image%20based%20technology%20to%20deploy%20your%20Windows%20installation%2C%20for%20example%20SCCM%2C%20MDT%2C%20Acronis%20and%2For%20sysprep%20based%2C%20and%20OpenVPM%20is%20already%20included%2C%20the%20MAC%20Address%20of%20the%20TAP%20LAN%20interface%20isn%27t%20changed%20by%20that%20way.%20But%20a%20unique%20MAC%20Address%20is%20requiered%20if%20the%20clients%20conntects%20to%20the%20same%20OpenVPN%20server.%20If%20multiple%20clients%20have%20the%20same%20MAC%20Address%20ping%20from%20VPN%20Clients%20%20...\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/openvpn-generate-a-random-mac-address-for-tap-interfaces-in-windows\\\/\",\"post_id\":622,\"post_title_referrer_track\":\"OpenVPN%3A+Generate+a+random+MAC+Address+for+TAP+Interfaces+on+Windows\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>if you use some image based technology to deploy your Windows installation, for example SCCM, MDT, Acronis and\/or sysprep based, and OpenVPM is already included, the MAC Address of the TAP LAN interface isn&#8217;t changed by that way. But a unique MAC Address is requiered if the clients conntects to the same OpenVPN server. If multiple clients have the same MAC Address ping from VPN Clients sometimes fails with error &#8220;TTL expired in transit&#8221; and the VPN connection is unstable.<\/p>\n<p>This powershellscript sets a MAC Address for each OpenVPN TAP adapter. In detail:<\/p>\n<ul>\n<li>Creating a Eventlog TAPsetMAC<\/li>\n<li>Get all instances for TAP Adapters by reading HKLM\\SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\MatchingDeviceID == &#8220;tap0901&#8221;<\/li>\n<li>Generate a random MAC Address. Starting with Prefix defined in $sMACPrefix.<\/li>\n<li>Writing the MAC to each Adapter<\/li>\n<li>Log the result to the EventLog<\/li>\n<\/ul>\n<pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\r\n########################################################\r\n# Generate a random MAC for all OpenVPN tap LAN interfaces\r\n#  Michael Albert\r\n#  05.04.2013\r\n# License: GPLv2\r\n########################################################\r\n# HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}\r\n# MatchingDeviceID tap0901\r\n# REG_SZ MAC=00-FF-8F-E3-A1-AE\r\n$oRandom=New-Object System.random\r\nfunction fGetRandomMAC(&#x5B;string]$sMACStart){\r\n     if($sMACStart.length -ge 0 -and $sMACStart.length -le 11){\r\n          for($iLoop=$sMACStart.length; $iLoop -le 11; $iLoop++){\r\n               $iChar=$oRandom.Next(16)\r\n               $sMACStart+=&#x5B;String]::Format(&quot;{0:x}&quot;, $iChar).ToUpper()\r\n          }\r\n          return($sMACStart)\r\n     }\r\n     else{\r\n          return $false\r\n     }\r\n}\r\nfunction fConvert2MAC16(&#x5B;string]$sMAC12){\r\n     &#x5B;string]$sMAC16=&quot;&quot;\r\n     if($sMAC12.length -eq 12){\r\n          for($iLoop=0;$iLoop -le 11;$iLoop++){\r\n               $sMAC16+=$sMAC12.SubString($iLoop,1)\r\n               if((($iLoop+1) % 2) -eq 0 -and ($iLoop+1) -lt 12){\r\n                    $sMAC16+=&quot;-&quot;\r\n               }\r\n          }\r\n          return $sMAC16\r\n     }\r\n     else{\r\n          return $false\r\n     }\r\n}\r\n###############################################################################\r\n# Currently not used but defined :-)\r\nfunction fValidMAC(&#x5B;system.string]$sMAC){\r\n          $RegExIP=new-object System.Text.RegularExpressions.Regex(&quot;^(&#x5B;0-9a-fA-F]{2}\\-){5}(&#x5B;0-9a-fA-F]{2})$&quot;)\r\n          return($RegExIP.IsMatch($sMAC))\r\n}\r\n###############################################################################\r\n## MAIN\r\n###############################################################################\r\n$sMACPrefix=&quot;00FF8F&quot;\r\nif(! &#x5B;System.Diagnostics.EventLog]::SourceExists(&quot;TAPsetMAC&quot;)){\r\n     New-EventLog -Source TAPsetMAC -Log Application\r\n}\r\n$aTAPAdapter=Get-ChildItem &quot;registry::HKLM\\SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}&quot; -ErrorAction SilentlyContinue |where-object{$_.GetValue(&quot;MatchingDeviceID&quot;) -eq &quot;tap0901&quot;}\r\nforeach($rTAPAdapter in $aTAPAdapter){\r\n     # Get-ItemProperty -Path &quot;registry::HKLM\\SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}&quot;\r\n     if(! ($rTAPAdapter.GetValue(&quot;MAC&quot;))){\r\n          #$rTAPAdapter\r\n          #$rTAPAdapter.Name\r\n          # Get-ItemProperty -Path (&quot;registry::&quot;+$rTAPAdapter.Name)\r\n          $sMAC=fGetRandomMAC $sMACPrefix\r\n          if($sMAC16=fConvert2MAC16 $sMAC){\r\n               Write-Host -NoNewline  &quot;Set MAC of TAP Adaper to&quot; $sMAC16 &quot;...&quot;\r\n               $Error.Clear()\r\n               New-ItemProperty -Path (&quot;registry::&quot;+$rTAPAdapter.Name) -Force -Name MAC -PropertyType String -Value $sMAC16|Out-Null\r\n               if(! $Error){\r\n                    Write-Host &quot;ok&quot;\r\n                    Write-EventLog -LogName Application -Source TAPsetMAC -EntryType Information -EventID 666 -Message (&quot;TAP LAN Adapter: Altered MAC Address to &quot;+$sMAC16)\r\n               }\r\n               else{\r\n                    Write-EventLog -LogName Application -Source TAPsetMAC -EntryType Warning -EventID 666 -Message (&quot;TAP LAN Adapter: Failed to altered MAC Address to &quot;+$sMAC16)\r\n               }\r\n          }\r\n     }\r\n}\r\n<\/pre>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, if you use some image based technology to deploy your Windows installation, for example SCCM, MDT, Acronis and\/or sysprep based, and OpenVPM is already included, the MAC Address of the TAP LAN interface isn&#8217;t changed by that way. But a unique MAC Address is requiered if the clients conntects to the same OpenVPN server. &hellip; <a href=\"https:\/\/michlstechblog.info\/blog\/openvpn-generate-a-random-mac-address-for-tap-interfaces-in-windows\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">OpenVPN: Generate a random MAC Address for TAP Interfaces on Windows<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,4],"tags":[164,166,163,857,133,162,161,168,167,165,20],"class_list":["post-622","post","type-post","status-publish","format-standard","hentry","category-openvpn","category-windowsscripts","tag-address","tag-expired","tag-mac","tag-openvpn","tag-powershell","tag-random","tag-tap","tag-tap0901","tag-transit","tag-ttl","tag-windows-2"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/622","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=622"}],"version-history":[{"count":14,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/622\/revisions"}],"predecessor-version":[{"id":3487,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/622\/revisions\/3487"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=622"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=622"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=622"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}