|
|
| Line 1: |
Line 1: |
| This is a copy of the answer given [https://superuser.com/a/1166051 here].
| | Adding the following parameter to the executable will make it automatically connect to ''myprofile.ovpn'' on startup, and show the classic GUI icon.: |
| | --connect "myprofile.ovpn" |
|
| |
|
| | Place this shortcut in the All Users Startup Folder |
| | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp |
| | if you wish all users should use VPN. If only a certain user shall auto connect then place the shortcut in |
| | C:\Users\[Username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup |
|
| |
|
| | | '''NOTE:''' the ''myprofile.ovpn'' file must be available in the folder |
| ''The best way is to install OpenVPN service when you install the client. | | C:\Users\[Username]\OpenVPN\config\ |
| Then run the following command to show the services management console:
| |
| <code>services.msc</code>
| |
| There, search for OpenVPN Service, right-click->Properties and set startup type to "automatic".
| |
| The OpenVPN service will look into the config directory and connect to every VPN profile that is stored here.
| |
| IMPORTANT: In linux, config files must have .conf extension. I'm not sure if this is required in Windows or if it uses .ovpn with the serice
| |
| If using services is not an option, you can add the following parameters to the executable so it will automatically connect to myprofile.ovpn:
| |
| <code>--connect "myprofile.ovpn"</code>
| |
| It will connect to .\config\myprofile.ovpn automatically on startup, and show the classic GUI icon.
| |
| You can then place this shortcut in the classic startup folder.
| |
| The All Users Startup Folder is located at the following path:
| |
| <code>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp</code>
| |
| The Current User Startup Folder is located here:
| |
| <code>C:\Users\[Username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup</code>
| |
| I dont know how to avoid the user to connect to the Internet before the VPN is set. The only way I can figure out if through Windows Firewall, and I'm not an expert on that subject. If you want to avoid a poweruser to be able to get to the Internet you need a firewall in your gateway to avoid so, or strong group policies to avoid privilege scalation.
| |
| | |
| For a normal user, you can configure the Windows client machine without a default gateway. Set a persistent static route to the VPN server on Windows clients using the following command (-P makes it persistent):
| |
| | |
| <code>route -P add <target> mask <netmask> <gateway IP> metric <metric cost> if <interface></code>
| |
| | |
| Roues in Windows are stored under the following registry key:
| |
| | |
| <code>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes</code>
| |
| | |
| At this point a disconnected client only has access to the VPN server. Then you can add the following lines in the VPN server configuration file to add routes on clients when they connect:
| |
| | |
| To configure the VPN server as the default gateway:
| |
| | |
| <code>push "redirect-gateway def1 bypass-dhcp"</code>
| |
| | |
| To add an specific route through the VPN Server:
| |
| | |
| <code>push "route 192.168.1.0 255.255.255.0"</code>
| |
| | |
| Sometimes route pushing doesnt work on Windows. When this happens to me, I completly uninstall OpenVPN and it's interfaces from Windows, restart system and install the latest version of the software. Then, before stablishing the first connection, I restart Windows. This has allways solved the issues, however, Windows 10 Anniversary update (1607) is buggy with OpenVPN. There's a link to a deeper discussion in OpenVPN forums:
| |
| | |
| [https://forums.openvpn.net/viewtopic.php?t=22253 Connection problems with Windows 10 anniversary update]
| |
| | |
| Keep that in mind when you setup your Windows 10 OpenVPN clients.''
| |
|
| |
|
| [[Category:Windows]] | | [[Category:Windows]] |
Adding the following parameter to the executable will make it automatically connect to myprofile.ovpn on startup, and show the classic GUI icon.:
--connect "myprofile.ovpn"
Place this shortcut in the All Users Startup Folder
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
if you wish all users should use VPN. If only a certain user shall auto connect then place the shortcut in
C:\Users\[Username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
NOTE: the myprofile.ovpn file must be available in the folder
C:\Users\[Username]\OpenVPN\config\
