Can´t connect to OneDrive with VPN enabled

CrypticWalnut · January 17, 2025, 3:19pm

Hello.

So, I was trying to set up backups to OneDrive V2, I have NordVPN on my Windows 11 PC installed.
With VPN completely disabled, everything works normal. But when I enable VPN, Duplicati does not connect to OneDrive, when I click on “Test connection” it gives me an error.

I tried adding all the .exe from the root of Duplicati 2 folder to the split tunneling without success.

Would really appreciate any recommendations to make it work. Is there a specific file that I need to add to the split tunneling to make Duplicati bypass VPN?

ts678 · January 17, 2025, 4:48pm

Welcome to the forum @CrypticWalnut

If not yet on current Beta (2.1.0.2), the 2.0 Duplicati can have updates elsewhere.

Please check About → System info. Is BaseVersionName = ServerVersionName?
If not, Downgrading / reverting to a lower version original post has some locations.

Task Manager, Details, right-click header, and select Image path name works too.
Older versions used the Program Files programs as launcher for the latest version.

CrypticWalnut · January 17, 2025, 5:14pm

I do have the latest beta, but it does not have BaseVersionName field

System properties

APIVersion : 1
PasswordPlaceholder : **********
ServerVersion : 2.1.0.2
ServerVersionName : - 2.1.0.2_beta_2024-11-29
ServerVersionType : beta
RemoteControlRegistrationUrl : https://api.duplicati.com/remotecontrol/register
StartedBy : Tray icon
DefaultUpdateChannel : Beta
DefaultUsageReportLevel : Information
ServerTime : 2025-01-17T11:07:05.0889121-06:00
OSType : Windows
OSVersion : Microsoft Windows [Version 10.0.22631.4751]
DirectorySeparator : \
PathSeparator : ;
CaseSensitiveFilesystem : false
MachineName : DESKTOP
PackageTypeId : win-x64-gui.msi

ts678 · January 17, 2025, 5:20pm

That’s because the 2.0 updater scheme is gone in 2.1.

What error?

You might be able to obtain a better report with Verify files while doing About → Show log → Live → Warning, but first check About → Show log → Stored. Click on any likely suspect lines.

CrypticWalnut · January 17, 2025, 5:31pm

In the stored and live log, I didn’t find anything related.
After clicking on Test connection, it returns the following error:

Failed to connect: error-id:OAuthLoginError, user-information:Failed to authorize using the OAuth service: The requested address is not valid in its context. (duplicati-oauth-handler.appspot.com:443). If the problem persists, try generating a new authid token from: Duplicati OAuth Handler

ts678 · January 17, 2025, 6:24pm

Do you recall how long you’ve had this problem? The OAuth server was changed on Jan 13.
I can’t find your message in reports currently, but it might be new. Or it might just be too rare.

Maybe devs and admins can comment, but failure here means it’s not going to try OneDrive.

ts678 · January 17, 2025, 6:29pm

If you wish to try things, have you tried restarting Duplicati after already turning on VPN use?

CrypticWalnut · January 17, 2025, 7:23pm

Since yesterday, that’s when I tried to set up OneDrive for the first time.

Yes.

Well, thanks for the help, for now will have to back up to One Drive manually after disabling VPN.

kenkendk · January 21, 2025, 9:03pm

It looks like your VPN is preventing access to Google Cloud?
I would suggest contacting them to see if there is a workaround or perhaps they can fix it.

ts678 · January 22, 2025, 1:43am

It’s OneDrive, but an interesting check, e.g. does browser access work and File Explorer work?

For Duplicati, how would it solve what looks like error getting AccessToken from OAuth server?

I’m not even sure that was a remote error. Might it be an inability somehow to get to the server?

This can be tested, e.g. by Test connection then look using netstat (and maybe nslookup IP).

CrypticWalnut · January 22, 2025, 4:39pm

Yes, both of them work normally with VPN enabled. Also, enabling VPN in the middle of the transmission to OneDrive also blocks the connection.
Local ftp work normally.

Probably Duplicati tries to connect to the old network?

CrypticWalnut · January 22, 2025, 4:54pm

Also, tested it with Google Drive and the results are the same.
Apparently, Duplicati can’t connect to them at all with VPN enabled.

ts678 · January 22, 2025, 5:14pm

AFAIK (but I didn’t write this), once Duplicati starts uploading (you will see speed on status bar), OneDrive destination address stays the same, as Duplicati doesn’t know you’ve put the VPN in. Application software doesn’t deal with network routing. That’s between Windows and VPN code.

If, on the other hand, you didn’t wait for transmission to start, it’s a completely different scenario. Another way to see when Duplicati is uploading is to watch About → Show log → Live → Retry

When you say “blocks the connection”, is that with usual message talking about OAuth handler?

How comfortable are you with networking tools and troubleshooting? There are things to look at.

CrypticWalnut · January 22, 2025, 5:51pm

Apparently, Duplicati is blocked from accessing internet with VPN enabled.
When I click on “Check for update now” with VPN enabled, it gives the following error.

System.Net.Http.HttpRequestException: The requested address is not valid in its context. (updates.duplicati.com:443)

 ---> System.Net.Sockets.SocketException (10049): The requested address is not valid in its context.

   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)

   at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|285_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)

   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)

   --- End of inner exception stack trace ---

   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)

   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)

   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)

   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(QueueItem queueItem)

   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)

   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)

   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)

   at Microsoft.Extensions.Http.Logging.LoggingHttpMessageHandler.<SendCoreAsync>g__Core|5_0(HttpRequestMessage request, Boolean useAsync, CancellationToken cancellationToken)

   at Microsoft.Extensions.Http.Logging.LoggingScopeHttpMessageHandler.<SendCoreAsync>g__Core|5_0(HttpRequestMessage request, Boolean useAsync, CancellationToken cancellationToken)

   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)

   at Duplicati.Library.Utility.HttpClientExtensions.DownloadFile(HttpClient client, HttpRequestMessage request, String filename, Action`1 progressReportingAction, CancellationToken cancellationToken)

   at Duplicati.Library.AutoUpdater.UpdaterManager.CheckForUpdate(ReleaseType channel)

With VPN disabled, works normally.

Yes, when I enable VPN in the middle of the upload, it just stops.

This is the error in that case:

System.AggregateException: One or more errors occurred. (The requested address is not valid in its context. (The requested address is not valid in its context.) (One or more errors occurred. (The requested address is not valid in its context.)))

 ---> System.AggregateException: The requested address is not valid in its context. (The requested address is not valid in its context.) (One or more errors occurred. (The requested address is not valid in its context.))

 ---> System.Net.Sockets.SocketException (10049): The requested address is not valid in its context.

   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)

   at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|285_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)

   at System.Net.HttpWebRequest.<>c__DisplayClass219_0.<<CreateHttpClient>b__1>d.MoveNext()

--- End of stack trace from previous location ---

   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)

   at Duplicati.Library.Main.Operation.Backup.BackendUploader.<Run>b__13_0(<>f__AnonymousType2`1 self)

   at Duplicati.Library.Main.Operation.Backup.BackendUploader.<Run>b__13_0(<>f__AnonymousType2`1 self)

   at CoCoL.AutomationExtensions.RunTask[T](T channels, Func`2 method, Boolean catchRetiredExceptions)

   at Duplicati.Library.Main.Operation.BackupHandler.FlushBackend(BackupResults result, IWriteChannel`1 uploadtarget, Task uploader)

   at Duplicati.Library.Main.Operation.BackupHandler.RunAsync(String[] sources, IFilter filter, CancellationToken token)

   --- End of inner exception stack trace ---

   at Duplicati.Library.Main.Operation.BackupHandler.RunAsync(String[] sources, IFilter filter, CancellationToken token)

 ---> (Inner Exception #1) System.AggregateException: One or more errors occurred. (The requested address is not valid in its context.)

 ---> System.Net.Sockets.SocketException (10049): The requested address is not valid in its context.

   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)

   at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|285_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)

   at System.Net.HttpWebRequest.<>c__DisplayClass219_0.<<CreateHttpClient>b__1>d.MoveNext()

--- End of stack trace from previous location ---

   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)

   at Duplicati.Library.Main.Operation.Backup.BackendUploader.<Run>b__13_0(<>f__AnonymousType2`1 self)

   at Duplicati.Library.Main.Operation.Backup.BackendUploader.<Run>b__13_0(<>f__AnonymousType2`1 self)

   at CoCoL.AutomationExtensions.RunTask[T](T channels, Func`2 method, Boolean catchRetiredExceptions)

   at Duplicati.Library.Main.Operation.BackupHandler.FlushBackend(BackupResults result, IWriteChannel`1 uploadtarget, Task uploader)

   at Duplicati.Library.Main.Operation.BackupHandler.RunAsync(String[] sources, IFilter filter, CancellationToken token)

   --- End of inner exception stack trace ---<---



   --- End of inner exception stack trace ---

   at CoCoL.ChannelExtensions.WaitForTaskOrThrow(Task task)

   at Duplicati.Library.Main.Operation.BackupHandler.Run(String[] sources, IFilter filter, CancellationToken token)

   at Duplicati.Library.Main.Controller.<>c__DisplayClass17_0.<Backup>b__0(BackupResults result)

   at Duplicati.Library.Main.Controller.RunAction[T](T result, String[]& paths, IFilter& filter, Action`1 method)

   at Duplicati.Library.Main.Controller.Backup(String[] inputsources, IFilter filter)

   at Duplicati.Server.Runner.Run(IRunnerData data, Boolean fromQueue)

With instructions, probably can do most things.

ts678 · January 22, 2025, 6:34pm

I was going to have you test to see if OAuth Server was being spoken to at a network level.
With the new finding though, I wonder if split tunnel is just flat out blocking a lot of access…

The updater hosts are updates.duplicati.com and alt.updates.duplicati.com, and appear up.
Browsing to them with a regular browser just redirects you, as the hosts aren’t for browsing.

Adapting the test to the update server would be something like this. The TIME_WAIT status disappears by itself in minutes, but it suggests it used to be connected. Is it for test you did?

C:\>nslookup updates.duplicati.com
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    update-service-pugyu.ondigitalocean.app
Addresses:  2a06:98c1:58::60
          2606:4700:7::60
          162.159.140.98
          172.66.0.96
Aliases:  updates.duplicati.com


C:\>netstat -ano | findstr "162.159.140.98 172.66.0.96"
  TCP    192.168.86.81:65427    172.66.0.96:443        TIME_WAIT       0
  TCP    192.168.86.81:65479    162.159.140.98:443     TIME_WAIT       0

C:\>

You can run ipconfig to find system IP. Are there multiple? Does VPN on add an interface?
Does original one disappear? I’d think it would keep original interface to use to split tunnel.

EDIT:

Original test would have been similar but testing duplicati-oauth-handler.appspot.com
Running maybe a BackendTool list to the OneDrive URL from Export As Command-line.
Since that’s a fresh start, it would have to get to the OAuth handler to get info on OneDrive.

CrypticWalnut · January 22, 2025, 7:45pm

So, with VPN enabled and split tunneling disabled, everything works OK. Apparently NordVPN split tunneling messes something.
With split tunneling enabled, netstat does not return anything.

PS C:\Users\User> nslookup updates.duplicati.com
Server:  UnKnown
Address:  103.86.96.100

Non-authoritative answer:
Name:    update-service-pugyu.ondigitalocean.app
Addresses:  2a06:98c1:58::60
          2606:4700:7::60
          162.159.140.98
          172.66.0.96
Aliases:  updates.duplicati.com

PS C:\Users\User> netstat -ano | findstr "162.159.140.98 172.66.0.96"
PS C:\Users\User> netstat -ano | findstr "162.159.140.98 172.66.0.96"
  TCP    10.5.0.2:57375         162.159.140.98:443     ESTABLISHED     39028
PS C:\Users\User>

Yes, it adds “NordLynx” interface, and the original one does not disappear.

ts678 · January 22, 2025, 9:11pm

I suppose you could try split tunnel with something like this.
In example below, the first line shows it going out my Wi-Fi.

C:\>tracert 162.159.140.98

Tracing route to 162.159.140.98 over a maximum of 30 hops

  1     5 ms     4 ms     8 ms  192.168.86.1
^C
C:\>

I’m not sure how a VPN steers packets, so I hope this test shows interface used correctly.

Program is in C:\Windows\System32 but it’s probably too risky to split-tunnel whole folder.

Other network programs in the folder that could be tested with are PING, FTP, and CURL.

At some point (preferably after seeing issue in something else), maybe contact NordVPN?

CrypticWalnut · January 22, 2025, 9:30pm

Yeah, will try contacting NordVPN. Actually, the only other software I had a similar problem before was Gears 5.

kenkendk · January 24, 2025, 11:58am

If they have some feedback to us, I will see if we can adapt, but as it looks from my view, only NordVPN can fix the failed DNS lookups.

ts678 · January 24, 2025, 12:29pm

What’s the evidence of that as the cause here? I’m not sure “address” in error is sufficient.