Connect OpenVPN on Windows startup.

From munkjensen.net/wiki
Revision as of 17:31, 6 May 2018 by Admin (talk | contribs)

This is a copy of the answer given here.


The best way is to install OpenVPN service when you install the client. Then run the following command to show the services management console: services.msc There, search for OpenVPN Service, right-click->Properties and set startup type to "automatic". The OpenVPN service will look into the config directory and connect to every VPN profile that is stored here. IMPORTANT: In linux, config files must have .conf extension. I'm not sure if this is required in Windows or if it uses .ovpn with the serice If using services is not an option, you can add the following parameters to the executable so it will automatically connect to myprofile.ovpn: --connect "myprofile.ovpn" It will connect to .\config\myprofile.ovpn automatically on startup, and show the classic GUI icon. You can then place this shortcut in the classic startup folder. The All Users Startup Folder is located at the following path: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp The Current User Startup Folder is located here: C:\Users\[Username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup I dont know how to avoid the user to connect to the Internet before the VPN is set. The only way I can figure out if through Windows Firewall, and I'm not an expert on that subject. If you want to avoid a poweruser to be able to get to the Internet you need a firewall in your gateway to avoid so, or strong group policies to avoid privilege scalation.

For a normal user, you can configure the Windows client machine without a default gateway. Set a persistent static route to the VPN server on Windows clients using the following command (-P makes it persistent):

route -P add <target> mask <netmask> <gateway IP> metric <metric cost> if <interface>

Roues in Windows are stored under the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes

At this point a disconnected client only has access to the VPN server. Then you can add the following lines in the VPN server configuration file to add routes on clients when they connect:

To configure the VPN server as the default gateway:

push "redirect-gateway def1 bypass-dhcp"

To add an specific route through the VPN Server:

push "route 192.168.1.0 255.255.255.0"

Sometimes route pushing doesnt work on Windows. When this happens to me, I completly uninstall OpenVPN and it's interfaces from Windows, restart system and install the latest version of the software. Then, before stablishing the first connection, I restart Windows. This has allways solved the issues, however, Windows 10 Anniversary update (1607) is buggy with OpenVPN. There's a link to a deeper discussion in OpenVPN forums:

Connection problems with Windows 10 anniversary update

Keep that in mind when you setup your Windows 10 OpenVPN clients.

Retrieved from "https://munkjensen.net/wiki/index.php?title=Connect_OpenVPN_on_Windows_startup.&oldid=779"