Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn config

This forum is for general conversation and user-user networking.
woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn config

Post by woodrock » Sun Jun 04, 2017 2:18 am

***********************************************************
Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn config files.
Please improve so that everyone benefits.
***********************************************************
USE MODEL SUMMARY:
When I want to do any task, I simply right-click on any number of selected ovpn files and hit "open" which connects me to the first working VPN free public VPN server in the selected set. When I'm done, I simply click the [x] box to close the one working VPN connection.

This use model has advantages over the typical OpenVPN GUI method when hundreds of sometimes unreliable openvpn configuration files are the norm.

USE MODEL DETAILS:
a. Select any number of *.ovpn config files and right-click to Open them all, en masse & you're "on VPN".
b. Only one will work (and some will close their window if they work after the first worked)
c. Click the [x] box on the rest that didn't work to close them
When you're done with the one VPN connection, simply close the window [x] and you're "off VPN."

EXPLANATION:
On Windows XP, for years, I've been using the OpenVPN client with hundreds of freely available off-the-net openvpn *.ovpn configuration text files, many of which are unreliable over time. I take batches of about a hundred at a time (although this use model works with any number of config files) and put them into various directories:
A. Task A has a batch of available openvpn config files in directory A
B. Task B has a different batch of available openvpn config files in directory B
C. Task C has yet another batch of available openvpn config files in directory C
etc.

When I want to do any task, I simply right-click on any number of selected ovpn files and hit "open" which connects me to the first working VPN free public VPN server in the selected set.

This worked fine, for years, on Windows XP but I recently moved to Windows 10, where four different hacks had to be employed to continue this very efficient use model for finding the one good openvpn configuration file in hundreds.

TUTORIAL:
HACK 1: Clicking on *.ovpn files opens them in the OpenVPN Daemon.
HACK 2: Turn off the nag screen that pops up every time an *ovpn is opened.
HACK 3: Set OpenVPN Daemon running-log files to open up in the same spot.
HACK 4: Add a 32-bit registry DWORD to open more than 15 files at a time.

1. Set the Windows 10 file association for *.ovpn
Right click on any *.ovpn text configuration file in Windows 10
Select "Open with" and then "Choose another app".
Also click the [x] checkbox for "Always use this app to open *.ovpn files".
- Change from: *.ovpn starts with the OpenVPN GUI
- Change to: *.ovpn starts with the OpenVPN Daemon

2. Set the executable permissions for OpenVPN/bin/*.exe
- Right click on each of the *exe files in .\openvpn\bin\*.exe
- Set to: Run as administrator
- NOTE: You may only need to do this for one *exe in the bin directory
(but I wasn't sure which one because the OpenVPN Daemon (openvpn.exe)
also runs the OpenVPN Service (openvpnserv.exe) but there are other
executables in that bin directory (openssl.exe, openvpn-gui.exe,
& openvpnserv2.exe)

3. Set OpenVPN Daemon running logs to open up in the same spot!
- Doubleclick on an *.ovpn file to open up the OpenVPN Daemon log
- Right click in the top bar of that running log file
- Select "Properties" & go to the "Layout" tab
- Position the window as you want all of the windows to appear
- Uncheck the checkbox for "[ ]Let system position window"
- Press OK

4. Add a 32-bit DWORD to open more than 15 files at a time.
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
- Name : MultipleInvokePromptMinimum
- Type : DWORD
- Default : 15 (decimal)
- Change to: 200 (decimal)

The use model is to simply select any number of freely available OpenVPN
*.ovpn text files downloaded off the net, right click on the selected set,
and hit "Open" from the pop-up menu, where only one will work. That puts
you on VPN. Any files that work after the first will just die, and any
files that fail will remain in a hung window. Close the hung windows by
clicking on the [x] box, all of which are lined up. (Don't close the one
window that is working, of course. Just move it to the side when you
encounter it in the stack.)
***********************************************************
Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn config files.
Please improve so that everyone benefits.
***********************************************************

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by woodrock » Tue Jun 06, 2017 5:24 am

There was a critical improvement suggested by TinCanTech over here:
- What causes "route addition failed" errors on Windows 10 only & what is the fix for Windows 10?
TinCanTech wrote:You did not close openvpn gracefully, instead you killed it mid session. To close openvpn from a command window press F4. (As it says in the Window Title bar)
Closing the OpenVPN session using the [X] box doesn't seem to cause any errors on Windows XP, but it causes "route addition failed" warnings on Windows 10.

While there is no warning in Windows XP when closing with the [X] box, it's still probably far better to close with the "F4" command, although I can find zero documentation that explains what the difference is.

While I can't find a single document that explains the difference between [F4] and [X], I can find indications that we should use F4 instead of [X].
Image

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3208
Joined: Fri Jun 03, 2016 1:17 pm

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by TinCanTech » Tue Jun 06, 2017 4:10 pm

woodrock wrote:While there is no warning in Windows XP when closing with the [X] box, it's still probably far better to close with the "F4" command, although I can find zero documentation that explains what the difference is.
This is why we ask for complete logs and configs etc .. otherwise we can only guess!

However,
  • Windows XP can only use upto version 2.3.x (currently 2.3.16)
  • Windows 10 can use versions 2.3.x and 2.4.x
As I presume you are using 2.4.x on Windows 10 you have some other differences to consider.

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by woodrock » Tue Jun 06, 2017 5:57 pm

TinCanTech wrote:
  • Windows XP can only use upto version 2.3.x (currently 2.3.16)
  • Windows 10 can use versions 2.3.x and 2.4.x
As I presume you are using 2.4.x on Windows 10 you have some other differences to consider.
Thank you for pointing out that even though I used the same openvpn config files on both the WinXP and Win10 machine, that there were other differences that can account for the fact that on WinXP there is no explicit "failed" message when closing using the [X] box versus the F4 hotkey.

Here are the relevant version lines from the Windows XP log file: (Are "code" tags what you prefer?)

Code: Select all

Tue Jun 06 04:56:13 2017 OpenVPN 2.3.11 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Tue Jun 06 04:56:13 2017 Windows version 5.1 (Windows XP) 32bit
Tue Jun 06 04:56:13 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.0
While here are the relevant version lines from the Windows 10 log file:

Code: Select all

Tue Jun 06 04:59:24 2017 OpenVPN 2.4.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on May 11 2017
Tue Jun 06 10:59:24 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Jun 06 10:59:24 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.10
TinCanTech wrote:This is why we ask for complete logs and configs etc .. otherwise we can only guess!
Thank you for making that point that logs are required (and sometimes config files), which I agree with you.

I ran a few tests on Windows XP of the SAME openvpn config files that I run on Windows 10, which prove there is no "failed" message, but, which shows some anomalies.

Here's the WinXP test sequence, which never once elicited these new Win10-only "route addition failed" errors (but which did exhibit some anomalies).

I booted the WinXP machine to have a fresh start.
1a) I first doubleclicked on VPN config file 1 on WinXP (where you'll note there are no route addition failed errors).

Code: Select all

Tue Jun 06 05:53:24 2017 OpenVPN 2.3.11 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Tue Jun 06 05:53:24 2017 Windows version 5.1 (Windows XP) 32bit
Tue Jun 06 05:53:24 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.09
Tue Jun 06 05:53:24 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Jun 06 05:53:25 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jun 06 05:53:25 2017 UDPv4 link local: [undef]
Tue Jun 06 05:53:25 2017 UDPv4 link remote: [AF_INET]60.239.246.247:1751
Tue Jun 06 05:53:25 2017 TLS: Initial packet from [AF_INET]60.239.246.247:1751, sid=43af8923 2a5aacd8
Tue Jun 06 05:53:25 2017 VERIFY OK: depth=2, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Tue Jun 06 05:53:25 2017 VERIFY OK: depth=1, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA 
Tue Jun 06 05:53:25 2017 VERIFY OK: depth=0, OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.opengw.net
Tue Jun 06 05:53:26 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Jun 06 05:53:26 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 06 05:53:26 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Jun 06 05:53:26 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 06 05:53:26 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Jun 06 05:53:26 2017 [*.opengw.net] Peer Connection Initiated with [AF_INET]60.239.246.247:1751
Tue Jun 06 05:53:28 2017 SENT CONTROL [*.opengw.net]: 'PUSH_REQUEST' (status=1)
Tue Jun 06 05:53:29 2017 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.9 10.211.1.10,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.10,redirect-gateway def1'
Tue Jun 06 05:53:29 2017 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 06 05:53:29 2017 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 06 05:53:29 2017 OPTIONS IMPORT: route options modified
Tue Jun 06 05:53:29 2017 OPTIONS IMPORT: route-related options modified
Tue Jun 06 05:53:29 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jun 06 05:53:29 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=2 HWADDR=01:a1:03:bf:83:23
Tue Jun 06 05:53:29 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 06 05:53:29 2017 open_tun, tt->ipv6=0
Tue Jun 06 05:53:29 2017 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{01A16D23-7693-2A2A-6DF2-854A343FF459}.tap
Tue Jun 06 05:53:29 2017 TAP-Windows Driver Version 9.9
Tue Jun 06 05:53:29 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.9/255.255.255.252 on interface {01A16D23-7693-2A2A-6DF2-854A343FF459} [DHCP-serv: 10.211.1.10, lease-time: 315 36000] 
Tue Jun 06 05:53:29 2017 Successful ARP Flush on interface [3] {01A16D23-7693-2A2A-6DF2-854A343FF459}
Tue Jun 06 05:53:34 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Tue Jun 06 05:53:34 2017 C:\WINDOWS\system32\route.exe ADD 60.239.246.247 MASK 255.255.255.255 192.168.1.1
Tue Jun 06 05:53:34 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 06 05:53:34 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.211.1.10
Tue Jun 06 05:53:34 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 06 05:53:34 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.211.1.10
Tue Jun 06 05:53:34 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 06 05:53:34 2017 Initialization Sequence Completed
1b) I then killed that VPN session using the [X] box.
2a) After killing the VPN session above with the [x] box, I doubleclicked on VPN config file 2 on WinXP:

Code: Select all

Tue Jun 06 05:59:17 2017 OpenVPN 2.3.11 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Tue Jun 06 05:59:17 2017 Windows version 5.1 (Windows XP) 32bit
Tue Jun 06 05:59:17 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.09
Tue Jun 06 05:59:17 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Jun 06 05:59:17 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jun 06 05:59:17 2017 UDPv4 link local: [undef]
Tue Jun 06 05:59:17 2017 UDPv4 link remote: [AF_INET]115.79.233.14:1787
Tue Jun 06 05:59:17 2017 TLS: Initial packet from [AF_INET]115.79.233.14:1787, sid=e520d1f3 bf15b14c
Tue Jun 06 05:59:18 2017 VERIFY OK: depth=2, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Tue Jun 06 05:59:18 2017 VERIFY OK: depth=1, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA 
Tue Jun 06 05:59:18 2017 VERIFY OK: depth=0, OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.opengw.net
Tue Jun 06 05:59:18 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Jun 06 05:59:18 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 06 05:59:18 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Jun 06 05:59:18 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 06 05:59:18 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Jun 06 05:59:18 2017 [*.opengw.net] Peer Connection Initiated with [AF_INET]115.79.233.14:1787
Tue Jun 06 05:59:20 2017 SENT CONTROL [*.opengw.net]: 'PUSH_REQUEST' (status=1)
Tue Jun 06 05:59:21 2017 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.21 10.211.1.22,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.22,redirect-gateway def1'
Tue Jun 06 05:59:21 2017 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 06 05:59:21 2017 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 06 05:59:21 2017 OPTIONS IMPORT: route options modified
Tue Jun 06 05:59:21 2017 OPTIONS IMPORT: route-related options modified
Tue Jun 06 05:59:21 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jun 06 05:59:21 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=2 HWADDR=01:a1:03:bf:83:23
Tue Jun 06 05:59:21 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 06 05:59:21 2017 open_tun, tt->ipv6=0
Tue Jun 06 05:59:21 2017 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{01A16D23-7693-2A2A-6DF2-854A343FF459}.tap
Tue Jun 06 05:59:21 2017 TAP-Windows Driver Version 9.9
Tue Jun 06 05:59:21 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.21/255.255.255.252 on interface {01A16D23-7693-2A2A-6DF2-854A343FF459} [DHCP-serv: 10.211.1.22, lease-time: 31 536000]
Tue Jun 06 05:59:21 2017 Successful ARP Flush on interface [3] {01A16D23-7693-2A2A-6DF2-854A343FF459}
Tue Jun 06 05:59:26 2017 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Jun 06 05:59:26 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jun 06 05:59:27 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Tue Jun 06 05:59:27 2017 C:\WINDOWS\system32\route.exe ADD 115.79.233.14 MASK 255.255.255.255 192.168.1.1
Tue Jun 06 05:59:27 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 06 05:59:27 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.211.1.22
Tue Jun 06 05:59:27 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 06 05:59:27 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.211.1.22
Tue Jun 06 05:59:27 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 06 05:59:27 2017 Initialization Sequence Completed
2b) Then I killed VPN 2 using the [X] box.
3a) A bit later, I repeated step #1a above.

Code: Select all

Tue Jun 05 06:06:39 2017 OpenVPN 2.3.11 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Tue Jun 05 06:06:39 2017 Windows version 5.1 (Windows XP) 32bit
Tue Jun 05 06:06:39 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.09
Tue Jun 05 06:06:39 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Jun 05 06:06:40 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jun 05 06:06:40 2017 UDPv4 link local: [undef]
Tue Jun 05 06:06:40 2017 UDPv4 link remote: [AF_INET]60.239.246.247:1751
Tue Jun 05 06:06:40 2017 TLS: Initial packet from [AF_INET]60.239.246.247:1751, sid=d0636cd5 bb841fda
Tue Jun 05 06:06:40 2017 VERIFY OK: depth=2, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Tue Jun 05 06:06:40 2017 VERIFY OK: depth=1, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA 
Tue Jun 05 06:06:40 2017 VERIFY OK: depth=0, OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.opengw.net
Tue Jun 05 06:06:41 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Jun 05 06:06:41 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 05 06:06:41 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Jun 05 06:06:41 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 05 06:06:43 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Jun 05 06:06:43 2017 [*.opengw.net] Peer Connection Initiated with [AF_INET]60.239.246.247:1751
Tue Jun 05 06:06:45 2017 SENT CONTROL [*.opengw.net]: 'PUSH_REQUEST' (status=1)
Tue Jun 05 06:06:46 2017 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.9 10.211.1.10,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.10,redirect-gateway def1'
Tue Jun 05 06:06:46 2017 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 05 06:06:46 2017 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 05 06:06:46 2017 OPTIONS IMPORT: route options modified
Tue Jun 05 06:06:46 2017 OPTIONS IMPORT: route-related options modified
Tue Jun 05 06:06:46 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jun 05 06:06:46 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=2 HWADDR=01:a1:03:bf:83:23
Tue Jun 05 06:06:46 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 05 06:06:46 2017 open_tun, tt->ipv6=0
Tue Jun 05 06:06:46 2017 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{01A16D23-7693-2A2A-6DF2-854A343FF459}.tap
Tue Jun 05 06:06:46 2017 TAP-Windows Driver Version 9.9
Tue Jun 05 06:06:46 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.9/255.255.255.252 on interface {01A16D23-7693-2A2A-6DF2-854A343FF459} [DHCP-serv: 10.211.1.10, lease-time: 31536000]
Tue Jun 05 06:06:46 2017 Successful ARP Flush on interface [3] {01A16D23-7693-2A2A-6DF2-854A343FF459}
Tue Jun 05 06:06:51 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Tue Jun 05 06:06:51 2017 C:\WINDOWS\system32\route.exe ADD 60.239.246.247 MASK 255.255.255.255 192.168.1.1
Tue Jun 05 06:06:51 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 05 06:06:51 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.211.1.10
Tue Jun 05 06:06:51 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 05 06:06:51 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.211.1.10
Tue Jun 05 06:06:51 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 05 06:06:51 2017 Initialization Sequence Completed
3b) This time, I killed VPN 1 using the more graceful [F4] key.

4a) Moment later I repeated step #3 above.

Code: Select all

Tue Jun 05 06:08:25 2017 OpenVPN 2.3.11 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Tue Jun 05 06:08:25 2017 Windows version 5.1 (Windows XP) 32bit
Tue Jun 05 06:08:25 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.09
Tue Jun 05 06:08:25 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Jun 05 06:08:25 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jun 05 06:08:26 2017 UDPv4 link local: [undef]
Tue Jun 05 06:08:26 2017 UDPv4 link remote: [AF_INET]115.79.233.14:1787
Tue Jun 05 06:08:27 2017 TLS: Initial packet from [AF_INET]115.79.233.14:1787, sid=79c3baa6 322d46b5
Tue Jun 05 06:08:27 2017 VERIFY OK: depth=2, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Tue Jun 05 06:08:27 2017 VERIFY OK: depth=1, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA 
Tue Jun 05 06:08:27 2017 VERIFY OK: depth=0, OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.opengw.net
Tue Jun 05 06:08:28 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Jun 05 06:08:28 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 05 06:08:28 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Jun 05 06:08:28 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 05 06:08:29 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Jun 05 06:08:29 2017 [*.opengw.net] Peer Connection Initiated with [AF_INET]115.79.233.14:1787
Tue Jun 05 06:08:31 2017 SENT CONTROL [*.opengw.net]: 'PUSH_REQUEST' (status=1)
Tue Jun 05 06:08:31 2017 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.21 10.211.1.22,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.22,redirect-gateway def1' 
Tue Jun 05 06:08:31 2017 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 05 06:08:31 2017 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 05 06:08:31 2017 OPTIONS IMPORT: route options modified
Tue Jun 05 06:08:31 2017 OPTIONS IMPORT: route-related options modified
Tue Jun 05 06:08:31 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jun 05 06:08:31 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=2 HWADDR=01:a1:03:bf:83:23
Tue Jun 05 06:08:31 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 05 06:08:31 2017 open_tun, tt->ipv6=0
Tue Jun 05 06:08:31 2017 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{01A16D23-7693-2A2A-6DF2-854A343FF459}.tap
Tue Jun 05 06:08:31 2017 TAP-Windows Driver Version 9.9
Tue Jun 05 06:08:31 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.21/255.255.255.252 on interface {01A16D23-7693-2A2A-6DF2-854A343FF459} [DHCP-serv: 10.211.1.22, lease-time: 31536000]
Tue Jun 05 06:08:31 2017 Successful ARP Flush on interface [3] {01A16D23-7693-2A2A-6DF2-854A343FF459}
Tue Jun 05 06:08:36 2017 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Jun 05 06:08:36 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jun 05 06:08:37 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Tue Jun 05 06:08:37 2017 C:\WINDOWS\system32\route.exe ADD 115.79.233.14 MASK 255.255.255.255 192.168.1.1
Tue Jun 05 06:08:37 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 05 06:08:37 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.211.1.22
Tue Jun 05 06:08:37 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 05 06:08:37 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.211.1.22
Tue Jun 05 06:08:37 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 05 06:08:37 2017 Initialization Sequence Completed
4b) Again, I killed VPN 2 using the more graceful [F4] key.
5a) Moments later I repeated step #1a above

Code: Select all

Tue Jun 05 06:09:42 2017 OpenVPN 2.3.11 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Tue Jun 05 06:09:42 2017 Windows version 5.1 (Windows XP) 32bit
Tue Jun 05 06:09:42 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.09
Tue Jun 05 06:09:42 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Jun 05 06:09:42 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jun 05 06:09:42 2017 UDPv4 link local: [undef]
Tue Jun 05 06:09:42 2017 UDPv4 link remote: [AF_INET]60.239.246.247:1751
Tue Jun 05 06:09:42 2017 TLS: Initial packet from [AF_INET]60.239.246.247:1751, sid=3f62aff7 b66080f7
Tue Jun 05 06:09:42 2017 VERIFY OK: depth=2, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Tue Jun 05 06:09:42 2017 VERIFY OK: depth=1, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA 
Tue Jun 05 06:09:42 2017 VERIFY OK: depth=0, OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.opengw.net
Tue Jun 05 06:09:43 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Jun 05 06:09:43 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 05 06:09:43 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Jun 05 06:09:43 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 05 06:09:43 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Jun 05 06:09:43 2017 [*.opengw.net] Peer Connection Initiated with [AF_INET]60.239.246.247:1751
Tue Jun 05 06:09:45 2017 SENT CONTROL [*.opengw.net]: 'PUSH_REQUEST' (status=1)
Tue Jun 05 06:09:45 2017 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.9 10.211.1.10,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.10,redirect-gateway def1'
Tue Jun 05 06:09:45 2017 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 05 06:09:45 2017 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 05 06:09:45 2017 OPTIONS IMPORT: route options modified
Tue Jun 05 06:09:45 2017 OPTIONS IMPORT: route-related options modified
Tue Jun 05 06:09:45 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jun 05 06:09:45 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=2 HWADDR=01:a1:03:bf:83:23
Tue Jun 05 06:09:45 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 05 06:09:45 2017 open_tun, tt->ipv6=0
Tue Jun 05 06:09:45 2017 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{01A16D23-7693-2A2A-6DF2-854A343FF459}.tap
Tue Jun 05 06:09:45 2017 TAP-Windows Driver Version 9.9
Tue Jun 05 06:09:45 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.9/255.255.255.252 on interface {01A16D23-7693-2A2A-6DF2-854A343FF459} [DHCP-serv: 10.211.1.10, lease-time: 31536000]
Tue Jun 05 06:09:45 2017 Successful ARP Flush on interface [3] {01A16D23-7693-2A2A-6DF2-854A343FF459}
Tue Jun 05 06:09:50 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Tue Jun 05 06:09:50 2017 C:\WINDOWS\system32\route.exe ADD 60.239.246.247 MASK 255.255.255.255 192.168.1.1
Tue Jun 05 06:09:50 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 05 06:09:50 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.211.1.10
Tue Jun 05 06:09:50 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 05 06:09:50 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.211.1.10
Tue Jun 05 06:09:51 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 05 06:09:51 2017 Initialization Sequence Completed
5b) I then killed VPN 1 using the more graceful [F4] key.

I'm not sure what to make of the anomalies, but, they certainly don't use the word "failed" which is what Windows 10 logs had.
Anyway, while I can't find documentation on what is actually DIFFERENT about an [X] and the [F4], I can easily modify the tutorial to be correct.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3208
Joined: Fri Jun 03, 2016 1:17 pm

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by TinCanTech » Tue Jun 06, 2017 7:22 pm

woodrock wrote:I'm not sure what to make of the anomalies, but, they certainly don't use the word "failed" which is what Windows 10 logs had.
Can you point out the anomalies ? Also, OpenVPN 2.3.x appears to shutdown gracefully on [X] as well as F4 (At least my testing shows it does. If you watch your screen as you press [X] there are a couple of following commands which are issued)
woodrock wrote:Anyway, while I can't find documentation on what is actually DIFFERENT about an [X] and the [F4]
Yeah, I guess nobody has had time to fully work it out and document it .. OpenVPN Community Edition is Powered by Volunteers 8-)

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by woodrock » Wed Jun 07, 2017 4:01 am

TinCanTech wrote:Can you point out the anomalies
The anomalies of closing with the [X] in WinXP are very subtle and shown in blue below.
I do NOT know what to make of them though as it seems the ARP flush is what's different between WinXP and Win10.

1a) I first doubleclicked on VPN config file 1 on WinXP (where you'll note there are no route addition failed errors).
[1] Tue Jun 06 05:53:29 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.9/255.255.255.252 on interface {01A16D23-7693-2A2A-6DF2-854A343FF459} [DHCP-serv: 10.211.1.10, lease-time: 31536000]
[2] Tue Jun 06 05:53:29 2017 Successful ARP Flush on interface [3] {01A16D23-7693-2A2A-6DF2-854A343FF459}
[3] Tue Jun 06 05:53:34 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up

1b) I then killed that VPN session using the [X] box.
2a) After killing the VPN session above with the [x] box, I doubleclicked on VPN config file 2 on WinXP:

[1] Tue Jun 06 05:59:21 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.21/255.255.255.252 on interface {01A16D23-7693-2A2A-6DF2-854A343FF459} [DHCP-serv: 10.211.1.22, lease-time: 31536000]
[2] Tue Jun 06 05:59:21 2017 Successful ARP Flush on interface [3] {01A16D23-7693-2A2A-6DF2-854A343FF459}
Tue Jun 06 05:59:26 2017 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
[3] Tue Jun 06 05:59:26 2017 Route: Waiting for TUN/TAP interface to come up...

[4] Tue Jun 06 05:59:27 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up

2b) Then I killed VPN 2 using the [X] box.
3a) A bit later, I repeated step #1a above.

[1] Tue Jun 05 06:06:46 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.9/255.255.255.252 on interface {01A16D23-7693-2A2A-6DF2-854A343FF459} [DHCP-serv: 10.211.1.10, lease-time: 31536000]
[2] Tue Jun 05 06:06:46 2017 Successful ARP Flush on interface [3] {01A16D23-7693-2A2A-6DF2-854A343FF459}
[3] Tue Jun 05 06:06:51 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up

3b) This time, I killed VPN 1 using the more graceful [F4] key.
4a) Moment later I repeated step #3 above.

[1] Tue Jun 05 06:08:31 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.21/255.255.255.252 on interface {01A16D23-7693-2A2A-6DF2-854A343FF459} [DHCP-serv: 10.211.1.22, lease-time: 31536000]
[2] Tue Jun 05 06:08:31 2017 Successful ARP Flush on interface [3] {01A16D23-7693-2A2A-6DF2-854A343FF459}
Tue Jun 05 06:08:36 2017 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
[3] Tue Jun 05 06:08:36 2017 Route: Waiting for TUN/TAP interface to come up...

[4] Tue Jun 05 06:08:37 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up

4b) Again, I killed VPN 2 using the more graceful [F4] key.
5a) Moments later I repeated step #1a above

[1] Tue Jun 05 06:09:45 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.9/255.255.255.252 on interface {01A16D23-7693-2A2A-6DF2-854A343FF459} [DHCP-serv: 10.211.1.10, lease-time: 31536000]
[2] Tue Jun 05 06:09:45 2017 Successful ARP Flush on interface [3] {01A16D23-7693-2A2A-6DF2-854A343FF459}
[3] Tue Jun 05 06:09:50 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
TinCanTech wrote:Also, OpenVPN 2.3.x appears to shutdown gracefully on [X] as well as F4 (At least my testing shows it does. If you watch your screen as you press [X] there are a couple of following commands which are issued)
I tried desperately to catch the commands that follow the shutdown, but it happens in a flash, and I haven't been able to screen capture them yet.
TinCanTech wrote:Yeah, I guess nobody has had time to fully work it out and document it .. OpenVPN Community Edition is Powered by Volunteers
I understand. OpenVPN is great stuff already, where documenting what the F4 command does is not high on the list of priorirites.
If I can figure out a way to screenshot what the commands are that flash before my eyes when I press [x] on WinXP or F4 on Win10, I'll post them.
Thanks for all your kind help!

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by woodrock » Wed Jun 07, 2017 4:34 am

TinCanTech wrote: If you watch your screen as you press [X] there are a couple of following commands which are issued)
I set up Irfanview on Windows 10 to capture a screenshot every tenth of a second where the commands after [F4] were captured in a single tenth-of-a-second screenshot and then were gone, so there's no way a human will be able to see them with the naked eye!
Image

Tue Jun 06 21:10:11 2017 Initialization Sequence Completed
[F4]
Tue Jun 06 21:10:32 2017 C:\WINDOWS\system32\route.exe DELETE 116.91.242.12 MASK 255.255.255.255 192.168.1.1
Tue Jun 06 21:10:32 2017 Route deletion via IPAPI succeeded [adaptive]
Tue Jun 06 21:10:32 2017 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.211.1.42
Tue Jun 06 21:10:32 2017 Route deletion via IPAPI succeeded [adaptive]
Tue Jun 06 21:10:32 2017 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.211.1.42
Tue Jun 06 21:10:32 2017 Route deletion via IPAPI succeeded [adaptive]
Tue Jun 06 21:10:32 2017 Closing TUN/TAP interface
Tue Jun 06 21:10:32 2017 TAP: DHCP address released
Tue Jun 06 21:10:32 2017 SIGTERM[hard,] received, process exiting

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3208
Joined: Fri Jun 03, 2016 1:17 pm

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by TinCanTech » Wed Jun 07, 2017 10:00 am

woodrock wrote:
TinCanTech wrote:Can you point out the anomalies
The anomalies of closing with the [X] in WinXP are very subtle and shown in blue below.
I do NOT know what to make of them though as it seems the ARP flush is what's different between WinXP and Win10.

..

1b) I then killed that VPN session using the [X] box.
2a) After killing the VPN session above with the [x] box, I doubleclicked on VPN config file 2 on WinXP:

[1] Tue Jun 06 05:59:21 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.21/255.255.255.252 on interface {01A16D23-7693-2A2A-6DF2-854A343FF459} [DHCP-serv: 10.211.1.22, lease-time: 31536000]
[2] Tue Jun 06 05:59:21 2017 Successful ARP Flush on interface [3] {01A16D23-7693-2A2A-6DF2-854A343FF459}
Tue Jun 06 05:59:26 2017 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
[3] Tue Jun 06 05:59:26 2017 Route: Waiting for TUN/TAP interface to come up...

[4] Tue Jun 06 05:59:27 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up

..

Thanks for all your kind help!
Tue Jun 06 05:59:26 2017 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
[3] Tue Jun 06 05:59:26 2017 Route: Waiting for TUN/TAP interface to come up...


This is normal for Windows .. See --route-delay in The Manual v24x

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by woodrock » Wed Jun 07, 2017 5:19 pm

TinCanTech wrote:This is normal for Windows .. See --route-delay in The Manual v24x
Thanks for explaining that there wasn't any anomaly on Windows XP, which means that the [X] works fine for Windows, but not for Windows 10, where the [F4] is far more graceful (but adds an additional mouse click to the KISS use model).

I checked the public VPN config files I'm using, and none have the "--route-delay" directive, so I'm using the OpenVPN default route delay settings, which seems to be 30 seconds, according to the documentation you referred me to, in order to give the TAP adapter time to come up before it adds the routes to the routing table.

Code: Select all

--route-delay [n] [w]
Delay n seconds (default=0) after connection establishment, before adding routes. If n is 0, routes will be added immediately upon connection establishment. If --route-delay is omitted, routes will be added immediately after TUN/TAP device open and --up script execution, before any --user or --group privilege downgrade (or --chroot execution.)
This option is designed to be useful in scenarios where DHCP is used to set tap adapter addresses. The delay will give the DHCP handshake time to complete before routes are added.

On Windows, --route-delay tries to be more intelligent by waiting w seconds (w=30 by default) for the TAP-Win32 adapter to come up before adding routes.
Image

Moving forward, I'll use the [F4] key to kill the OpenVPN session, although unfortunately that requires an additional mouse click (because you have to focus the cursor on the window, and then press the [F4] key, whereas in the old model, you just had to click on the [X] box).

In SUMMARY, the use model is intended to be:
a. KISS (keep it super simple)
b. Provide privacy from IP-address meta-data collectors (business or government)
c. Make use of hundreds of (sometimes unreliable) freely available OpenVPN config files on the net

In a nutshell, here's the KISS use model for meta-data (IP address) PRIVACY:
1. Create a directory for each task
(e.g., task 1=gmail, task2=yahoo mail, task3=openvpn forum, task4=Usenet, task5=chat, task6=facebook, etc.)

2. Populate each directory with at least one (unique-to-your-machine) freely available OpenVPN config file
(In practice, since the publicly available OpenVPN config files are flaky, you'll need to populate each directory with multiple config files.)

3. Select any number of VPN config files, right click to open them in the OpenVPN Daemon, and perform your task.
(When done with the task, you simply press [F4] on the one OpenVPN config file that actually worked - as only one will ever work at the same time.)

USE-MODEL HELP!: While it's fortunate that only one OpenVPN config file will work, there are usually a handful of stale config files whose OpenVPN Daemon windows need to be closed. This is unfortunate, so, if anyone knows of a way for the OpenVPN Daemon to just die after, say, 20 seconds, that would be WONDERFUL!

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by woodrock » Wed Jun 07, 2017 5:41 pm

woodrock wrote:USE-MODEL HELP!: While it's fortunate that only one OpenVPN config file will work, there are usually a handful of stale config files whose OpenVPN Daemon windows need to be closed. This is unfortunate, so, if anyone knows of a way for the OpenVPN Daemon to just die after, say, 20 seconds, that would be WONDERFUL!
Since the goal is a KISS use model using the least number of mouse clicks to run each task in its own set of VPN configuration files, it would be nice if the OpenVPN Daemon can be told to just close stale windows after {x} number of seconds.

Is is possible to have the OpenVPN Daemon close these stale windows automatically?

Code: Select all

Wed Jun 07 10:33:09 2017 OpenVPN 2.4.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on May 11 2017
Wed Jun 07 10:33:09 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Jun 07 10:33:09 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.10
Wed Jun 07 10:33:09 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jun 07 10:33:10 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]125.140.224.37:1195
Wed Jun 07 10:33:10 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jun 07 10:33:10 2017 UDP link local: (not bound)
Wed Jun 07 10:33:10 2017 UDP link remote: [AF_INET]125.140.224.37:1195
Image

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3208
Joined: Fri Jun 03, 2016 1:17 pm

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by TinCanTech » Wed Jun 07, 2017 5:44 pm

Try --connect-retry-max 1 (or maybe 2) .. adjust as you see fit.

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by woodrock » Wed Jun 07, 2017 5:55 pm

TinCanTech wrote:Try --connect-retry-max 1 (or maybe 2) .. adjust as you see fit.
Thank you for that test suggestion to improve the KISS use model so that "stale" OpenVPN Daemon log windows would just close down by themselves.
It didn't work, but I do appreciate the advice!

Here is the stale OpenVPN config file (from http://vpngate.net, which hosts config files for public VPN servers around the world).

Code: Select all

###############################################################################
# OpenVPN 2.0 Sample Configuration File
# for PacketiX VPN / SoftEther VPN Server
# 
# !!! AUTO-GENERATED BY SOFTETHER VPN SERVER MANAGEMENT TOOL !!!
# 
# !!! YOU HAVE TO REVIEW IT BEFORE USE AND MODIFY IT AS NECESSARY !!!
# 
# This configuration file is auto-generated. You might use this config file
# in order to connect to the PacketiX VPN / SoftEther VPN Server.
# However, before you try it, you should review the descriptions of the file
# to determine the necessity to modify to suitable for your real environment.
# If necessary, you have to modify a little adequately on the file.
# For example, the IP address or the hostname as a destination VPN Server
# should be confirmed.
# 
# Note that to use OpenVPN 2.0, you have to put the certification file of
# the destination VPN Server on the OpenVPN Client computer when you use this
# config file. Please refer the below descriptions carefully.

# woodrock added this next line to try to have the stale window die on its own.
--connect-retry-max 1
# woodrock tried these also but there was no visible effect from this command.
# --connect-retry-max 2
# --connect-retry-max 3
# --connect-retry-max 4
###############################################################################
# Specify the type of the layer of the VPN connection.
# 
# To connect to the VPN Server as a "Remote-Access VPN Client PC",
#  specify 'dev tun'. (Layer-3 IP Routing Mode)
#
# To connect to the VPN Server as a bridging equipment of "Site-to-Site VPN",
#  specify 'dev tap'. (Layer-2 Ethernet Bridgine Mode)

dev tun


###############################################################################
# Specify the underlying protocol beyond the Internet.
# Note that this setting must be correspond with the listening setting on
# the VPN Server.
# 
# Specify either 'proto tcp' or 'proto udp'.

proto udp


###############################################################################
# The destination hostname / IP address, and port number of
# the target VPN Server.
# 
# You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
# specify the IP address instead of the hostname.
# 
# Note that the auto-generated below hostname are a "auto-detected
# IP address" of the VPN Server. You have to confirm the correctness
# beforehand.
# 
# When you want to connect to the VPN Server by using TCP protocol,
# the port number of the destination TCP port should be same as one of
# the available TCP listeners on the VPN Server.
# 
# When you use UDP protocol, the port number must same as the configuration
# setting of "OpenVPN Server Compatible Function" on the VPN Server.

remote vpn751686485.opengw.net 1195


###############################################################################
# The HTTP/HTTPS proxy setting.
# 
# Only if you have to use the Internet via a proxy, uncomment the below
# two lines and specify the proxy address and the port number.
# In the case of using proxy-authentication, refer the OpenVPN manual.

;http-proxy-retry
;http-proxy [proxy server] [proxy port]


###############################################################################
# The encryption and authentication algorithm.
# 
# Default setting is good. Modify it as you prefer.
# When you specify an unsupported algorithm, the error will occur.
# 
# The supported algorithms are as follows:
#  cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC
#          CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC
#          RC2-40-CBC RC2-64-CBC RC2-CBC
#  auth:   SHA SHA1 MD5 MD4 RMD160

cipher AES-128-CBC
auth SHA1


###############################################################################
# Other parameters necessary to connect to the VPN Server.
# 
# It is not recommended to modify it unless you have a particular need.

resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
#auth-user-pass


###############################################################################
# The certificate file of the destination VPN Server.
# 
# The CA certificate file is embedded in the inline format.
# You can replace this CA contents if necessary.
# Please note that if the server certificate is not a self-signed, you have to
# specify the signer's root certificate (CA) here.

<ca>
-----BEGIN CERTIFICATE-----
MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5
MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR
6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X
pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC
9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV
/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf
Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z
+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w
qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah
SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC
u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf
Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq
crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl
wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM
4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV
2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna
FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ
CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK
boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke
jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL
S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb
QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl
0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
NVOFBkpdn627G190
-----END CERTIFICATE-----

</ca>


###############################################################################
# The client certificate file (dummy).
# 
# In some implementations of OpenVPN Client software
# (for example: OpenVPN Client for iOS),
# a pair of client certificate and private key must be included on the
# configuration file due to the limitation of the client.
# So this sample configuration file has a dummy pair of client certificate
# and private key as follows.

<cert>
-----BEGIN CERTIFICATE-----
MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs
aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz
MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA
5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD
4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ
CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67
XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h
p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD
ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8
hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe
UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h
+mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT
Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/
6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk
-----END CERTIFICATE-----

</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R
wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc
zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci
55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN
/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA
mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK
k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY
fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou
QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3
lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho
zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS
oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt
KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z
4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby
dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq
5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY
DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr
LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7
TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds
Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs
H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n
KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g
va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB
wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA
M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg==
-----END RSA PRIVATE KEY-----

</key>


PS: That is a faithful paste of the actual config file above; I'm not sure what to redact, if anything, since these are publicly available config files.

NOTE: By stale, I mean that the config file used to work, but no longer does (which is by design at vpngate.net), so it just stays open when you select a dozen of these files. Only one VPN config file will work. If another VPN config file works, it just dies on its own. So we KNOW that the OpenVPN Daemon "can" kill a windows if it wants to. We just don't know how to kill stale windows yet.

If we could have OpenVPN Daemon automagically kill stale windows, that would eliminate almost all of the mouse clicks in this use model!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3208
Joined: Fri Jun 03, 2016 1:17 pm

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by TinCanTech » Wed Jun 07, 2017 6:40 pm

See --pause-exit in The Manual v24x

Then search your registry for it.

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by woodrock » Thu Jun 08, 2017 8:01 am

TinCanTech wrote:See --pause-exit in The Manual v24x
Then search your registry for it.
What I'm looking for is a command that says
--Kill-The-Window-If-There-Is-No-VPN-Connection-Established-Within-About-10-Seconds!


Thanks for the suggestion of Pause-Exit to test if it will close a stale OpenVPN Daemon window automagically.

Code: Select all

--pause-exit
Put up a "press any key to continue" message on the console prior to OpenVPN program exit. This option is automatically used by the Windows explorer when OpenVPN is run on a configuration file using the right-click explorer menu.
Image

I put the "--pause-exit" command in the bottom of both a good and a stale OpenVPN file.

Testing the good config file first, what happened was the following:
1. I doubleclicked on the good OpenVPN config file, which connected me to a free public VPN server.
2. I pressed the [F4] key to disconnect from the free public VPN server with the last line of the log file being:

Code: Select all

Wed Jun 07 12:42:30 2017 Initialization Sequence Completed
3. I pressed [F4] on the good OpenVPN log window which normally closes the window, but in this case, it spit the following to the log file:

Code: Select all

Wed Jun 07 12:42:49 2017 C:\WINDOWS\system32\route.exe DELETE 116.91.242.25 MASK 255.255.255.255 192.168.1.1 
Wed Jun 07 12:42:49 2017 Route deletion via IPAPI succeeded [adaptive]
Wed Jun 07 12:42:49 2017 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.211.1.26
Wed Jun 07 12:42:49 2017 Route deletion via IPAPI succeeded [adaptive]
Wed Jun 07 12:42:49 2017 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.211.1.26
Wed Jun 07 12:42:49 2017 Route deletion via IPAPI succeeded [adaptive]
Wed Jun 07 12:42:49 2017 Closing TUN/TAP interface
Wed Jun 07 12:42:49 2017 TAP: DHCP address released
Wed Jun 07 12:42:49 2017 SIGTERM[hard,] received, process exiting
Press any key to continue...
4. When I pressed any keyboard key, only then did the windows die.
Image

Testing the same sequence on a known-stale OpenVPN config file, what happened was the following:
1. I doubleclicked on the known-stale OpenVPN config file, which I knew would hang.

Code: Select all

Wed Jun 07 12:45:46 2017 OpenVPN 2.4.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on May 11 2017
Wed Jun 07 12:45:46 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Jun 07 12:45:46 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.10
Wed Jun 07 12:45:46 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jun 07 12:45:46 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]125.140.224.36:1195
Wed Jun 07 12:45:46 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jun 07 12:45:46 2017 UDP link local: (not bound)
Wed Jun 07 12:45:46 2017 UDP link remote: [AF_INET]125.140.224.36:1195
What I was HOPING would happen is that this hung window would just die on its own.
But I waited ten minutes, and nothing happened.
So the test was a fail.

May I ask whether the position of the "--pause-exit" command in the file matters?
(I'll test if the position matters.)

What would make this use model more efficient is a command sort of like this:
--Kill-The-Window-If-There-Is-No-VPN-Connection-Established-Within-About-10-Seconds!

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by woodrock » Thu Jun 08, 2017 8:15 am

woodrock wrote: What would make this use model more efficient is a command sort of like this:
--Kill-The-Window-If-There-Is-No-VPN-Connection-Established-Within-About-10-Seconds!
Looking at the reference documentation, I thought this command might close a stale window, but it didn't cause the stale window to close.
--connect-retry-max 1

Code: Select all

--connect-retry-max n
n specifies the number of times each --remote or <connection> entry is tried. 
Specifying n as one would try each entry exactly once. 
A successful connection resets the counter. (default=unlimited).
I then tried this command to get the window to die if no connection is established:
--resolv-retry 0

Code: Select all

--resolv-retry n
If hostname resolve fails for --remote, retry resolve for n seconds before failing.
Set n to "infinite" to retry indefinitely.
By default, --resolv-retry infinite is enabled. You can disable by setting n=0.
I also tried this command inside the OpenVPN config file but it too didn't make the stale window close.
--explicit-exit-notify

Code: Select all

--explicit-exit-notify [n]
In UDP client mode or point-to-point mode, send server/peer an exit notification if tunnel is restarted or OpenVPN process is exited. In client mode, on exit/restart, this option will tell the server to immediately close its client instance object rather than waiting for a timeout. The n parameter (default=1) controls the maximum number of attempts that the client will try to resend the exit notification message.
In UDP server mode, send RESTART control channel command to connected clients. The n parameter (default=1) controls client behavior. With n = 1 client will attempt to reconnect to the same server, with n = 2 client will advance to the next server.
OpenVPN will not send any exit notifications unless this option is enabled.
This command looks promising, but I'm going to have to test a bunch of ideas to get the syntax correct:
--service exit-event [0|1]

Code: Select all

--service exit-event [0|1]
Should be used when OpenVPN is being automatically executed by another program in such a context that no interaction with the user via display or keyboard is possible. In general, end-users should never need to explicitly use this option, as it is automatically added by the OpenVPN service wrapper when a given OpenVPN configuration is being run as a service.
exit-event is the name of a Windows global event object, and OpenVPN will continuously monitor the state of this event object and exit when it becomes signaled.

The second parameter indicates the initial state of exit-event and normally defaults to 0.

Multiple OpenVPN processes can be simultaneously executed with the same exit-event parameter. In any case, the controlling process can signal exit-event, causing all such OpenVPN processes to exit.

When executing an OpenVPN process using the --service directive, OpenVPN will probably not have a console window to output status/error messages, therefore it is useful to use --log or --log-append to write these messages to a file.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3208
Joined: Fri Jun 03, 2016 1:17 pm

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by TinCanTech » Thu Jun 08, 2017 8:47 am

Search your registry for "pause-exit" and remove it where you find it .. :geek:
And use --connect-retry-max 1 in your config.

Nothing else is required.

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by woodrock » Thu Jun 08, 2017 4:03 pm

TinCanTech wrote:Search your registry for "pause-exit" and remove it where you find it .. :geek:
And use --connect-retry-max 1 in your config.
Nothingelse is required.
Thanks TinCanTech for that clarifying suggestion.
I can only presume the OpenVPN installer added the "--pause-exit" command options into the Windows registry.

Faithfully following your lead, I searched the Windows registry:
Start > Run > regedit (control f) pause-exit

Which brings up this key:
HKCR\OpenVPNFile\shell\run\command
Default [Type=REG_SZ]
Data=["C:\apps\network\openvpn\bin\openvpn.exe" --pause-exit --config "%1"]

Image

Hitting the [F3] key to search for the next instance of "pause-exit", I get another hit at:
HKLM\SOFTWARE\Classes\OpenVPNFile\shell\run\command
Default [Type=REG_SZ]
Data=["C:\apps\network\openvpn\bin\openvpn.exe" --pause-exit --config "%1"]

Image

Hitting [F3] to search for a third instance... is taking quite some time (over 10 minutes to date) ... so I type this while I wait for it to finish...
Image

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by woodrock » Thu Jun 08, 2017 10:19 pm

TinCanTech wrote:Search your registry for "pause-exit" and remove it where you find it .. :geek:
And use --connect-retry-max 1 in your config.
Nothing else is required.
Woo hoo!
The stale.ovpn OpenVPN Daemon log window under test died in about a minute!
Thank you for your expert help & care.
We're getting MUCH closer to a universal solution!

Here's what I did:

Even after waiting a half hour, the registry search for "pause-exit" never completed (so there's something funky going on with Windows 10).
I even tried it for an hour, and that didn't complete either.
After the third try, I gave up on continuing that search.

So I have to assume that the desired registry key is only found in two places in the Windows 10 registry.

Here is the original stale OpenVPN config file from vpngate.net:

Code: Select all

###############################################################################
# OpenVPN 2.0 Sample Configuration File
# for PacketiX VPN / SoftEther VPN Server
# 
# !!! AUTO-GENERATED BY SOFTETHER VPN SERVER MANAGEMENT TOOL !!!
# 
# !!! YOU HAVE TO REVIEW IT BEFORE USE AND MODIFY IT AS NECESSARY !!!
# 
# This configuration file is auto-generated. You might use this config file
# in order to connect to the PacketiX VPN / SoftEther VPN Server.
# However, before you try it, you should review the descriptions of the file
# to determine the necessity to modify to suitable for your real environment.
# If necessary, you have to modify a little adequately on the file.
# For example, the IP address or the hostname as a destination VPN Server
# should be confirmed.
# 
# Note that to use OpenVPN 2.0, you have to put the certification file of
# the destination VPN Server on the OpenVPN Client computer when you use this
# config file. Please refer the below descriptions carefully.


###############################################################################
# Specify the type of the layer of the VPN connection.
# 
# To connect to the VPN Server as a "Remote-Access VPN Client PC",
#  specify 'dev tun'. (Layer-3 IP Routing Mode)
#
# To connect to the VPN Server as a bridging equipment of "Site-to-Site VPN",
#  specify 'dev tap'. (Layer-2 Ethernet Bridgine Mode)

dev tun


###############################################################################
# Specify the underlying protocol beyond the Internet.
# Note that this setting must be correspond with the listening setting on
# the VPN Server.
# 
# Specify either 'proto tcp' or 'proto udp'.

proto udp


###############################################################################
# The destination hostname / IP address, and port number of
# the target VPN Server.
# 
# You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
# specify the IP address instead of the hostname.
# 
# Note that the auto-generated below hostname are a "auto-detected
# IP address" of the VPN Server. You have to confirm the correctness
# beforehand.
# 
# When you want to connect to the VPN Server by using TCP protocol,
# the port number of the destination TCP port should be same as one of
# the available TCP listeners on the VPN Server.
# 
# When you use UDP protocol, the port number must same as the configuration
# setting of "OpenVPN Server Compatible Function" on the VPN Server.

remote vpn306195522.opengw.net 1504


###############################################################################
# The HTTP/HTTPS proxy setting.
# 
# Only if you have to use the Internet via a proxy, uncomment the below
# two lines and specify the proxy address and the port number.
# In the case of using proxy-authentication, refer the OpenVPN manual.

;http-proxy-retry
;http-proxy [proxy server] [proxy port]


###############################################################################
# The encryption and authentication algorithm.
# 
# Default setting is good. Modify it as you prefer.
# When you specify an unsupported algorithm, the error will occur.
# 
# The supported algorithms are as follows:
#  cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC
#          CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC
#          RC2-40-CBC RC2-64-CBC RC2-CBC
#  auth:   SHA SHA1 MD5 MD4 RMD160

cipher AES-128-CBC
auth SHA1


###############################################################################
# Other parameters necessary to connect to the VPN Server.
# 
# It is not recommended to modify it unless you have a particular need.

resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
#auth-user-pass


###############################################################################
# The certificate file of the destination VPN Server.
# 
# The CA certificate file is embedded in the inline format.
# You can replace this CA contents if necessary.
# Please note that if the server certificate is not a self-signed, you have to
# specify the signer's root certificate (CA) here.

<ca>
-----BEGIN CERTIFICATE-----
MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5
MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR
6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X
pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC
9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV
/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf
Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z
+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w
qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah
SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC
u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf
Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq
crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl
wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM
4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV
2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna
FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ
CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK
boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke
jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL
S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb
QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl
0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
NVOFBkpdn627G190
-----END CERTIFICATE-----

</ca>


###############################################################################
# The client certificate file (dummy).
# 
# In some implementations of OpenVPN Client software
# (for example: OpenVPN Client for iOS),
# a pair of client certificate and private key must be included on the
# configuration file due to the limitation of the client.
# So this sample configuration file has a dummy pair of client certificate
# and private key as follows.

<cert>
-----BEGIN CERTIFICATE-----
MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs
aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz
MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA
5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD
4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ
CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67
XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h
p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD
ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8
hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe
UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h
+mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT
Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/
6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk
-----END CERTIFICATE-----

</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R
wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc
zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci
55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN
/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA
mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK
k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY
fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou
QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3
lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho
zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS
oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt
KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z
4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby
dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq
5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY
DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr
LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7
TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds
Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs
H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n
KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g
va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB
wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA
M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg==
-----END RSA PRIVATE KEY-----

</key>


Here is the modified stale OpenVPN config file from vpngate.net.
Only one line has been added, which is "connect-retry-max 1".

Code: Select all

###############################################################################
# OpenVPN 2.0 Sample Configuration File
# for PacketiX VPN / SoftEther VPN Server
# 
# !!! AUTO-GENERATED BY SOFTETHER VPN SERVER MANAGEMENT TOOL !!!
# 
# !!! YOU HAVE TO REVIEW IT BEFORE USE AND MODIFY IT AS NECESSARY !!!
# 
# This configuration file is auto-generated. You might use this config file
# in order to connect to the PacketiX VPN / SoftEther VPN Server.
# However, before you try it, you should review the descriptions of the file
# to determine the necessity to modify to suitable for your real environment.
# If necessary, you have to modify a little adequately on the file.
# For example, the IP address or the hostname as a destination VPN Server
# should be confirmed.
# 
# Note that to use OpenVPN 2.0, you have to put the certification file of
# the destination VPN Server on the OpenVPN Client computer when you use this
# config file. Please refer the below descriptions carefully.


###############################################################################
# Specify the type of the layer of the VPN connection.
# 
# To connect to the VPN Server as a "Remote-Access VPN Client PC",
#  specify 'dev tun'. (Layer-3 IP Routing Mode)
#
# To connect to the VPN Server as a bridging equipment of "Site-to-Site VPN",
#  specify 'dev tap'. (Layer-2 Ethernet Bridgine Mode)

dev tun


###############################################################################
# Specify the underlying protocol beyond the Internet.
# Note that this setting must be correspond with the listening setting on
# the VPN Server.
# 
# Specify either 'proto tcp' or 'proto udp'.

proto udp


###############################################################################
# The destination hostname / IP address, and port number of
# the target VPN Server.
# 
# You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
# specify the IP address instead of the hostname.
# 
# Note that the auto-generated below hostname are a "auto-detected
# IP address" of the VPN Server. You have to confirm the correctness
# beforehand.
# 
# When you want to connect to the VPN Server by using TCP protocol,
# the port number of the destination TCP port should be same as one of
# the available TCP listeners on the VPN Server.
# 
# When you use UDP protocol, the port number must same as the configuration
# setting of "OpenVPN Server Compatible Function" on the VPN Server.

remote vpn306195522.opengw.net 1504


###############################################################################
# The HTTP/HTTPS proxy setting.
# 
# Only if you have to use the Internet via a proxy, uncomment the below
# two lines and specify the proxy address and the port number.
# In the case of using proxy-authentication, refer the OpenVPN manual.

;http-proxy-retry
;http-proxy [proxy server] [proxy port]


###############################################################################
# The encryption and authentication algorithm.
# 
# Default setting is good. Modify it as you prefer.
# When you specify an unsupported algorithm, the error will occur.
# 
# The supported algorithms are as follows:
#  cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC
#          CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC
#          RC2-40-CBC RC2-64-CBC RC2-CBC
#  auth:   SHA SHA1 MD5 MD4 RMD160

cipher AES-128-CBC
auth SHA1


###############################################################################
# Other parameters necessary to connect to the VPN Server.
# 
# It is not recommended to modify it unless you have a particular need.

resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
#auth-user-pass
connect-retry-max 1


###############################################################################
# The certificate file of the destination VPN Server.
# 
# The CA certificate file is embedded in the inline format.
# You can replace this CA contents if necessary.
# Please note that if the server certificate is not a self-signed, you have to
# specify the signer's root certificate (CA) here.

<ca>
-----BEGIN CERTIFICATE-----
MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5
MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR
6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X
pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC
9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV
/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf
Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z
+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w
qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah
SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC
u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf
Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq
crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl
wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM
4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV
2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna
FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ
CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK
boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke
jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL
S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb
QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl
0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
NVOFBkpdn627G190
-----END CERTIFICATE-----

</ca>


###############################################################################
# The client certificate file (dummy).
# 
# In some implementations of OpenVPN Client software
# (for example: OpenVPN Client for iOS),
# a pair of client certificate and private key must be included on the
# configuration file due to the limitation of the client.
# So this sample configuration file has a dummy pair of client certificate
# and private key as follows.

<cert>
-----BEGIN CERTIFICATE-----
MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs
aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz
MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA
5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD
4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ
CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67
XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h
p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD
ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8
hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe
UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h
+mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT
Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/
6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk
-----END CERTIFICATE-----

</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R
wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc
zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci
55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN
/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA
mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK
k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY
fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou
QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3
lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho
zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS
oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt
KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z
4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby
dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq
5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY
DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr
LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7
TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds
Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs
H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n
KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g
va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB
wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA
M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg==
-----END RSA PRIVATE KEY-----

</key>


I only had to change this one registry key:
HKCR\OpenVPNFile\shell\run\command
Default [Type=REG_SZ]
Data=["C:\apps\network\openvpn\bin\openvpn.exe" --config "%1"]
Image

Because that made this registry key change on its own:
HKLM\SOFTWARE\Classes\OpenVPNFile\shell\run\command
Default [Type=REG_SZ]
Data=["C:\apps\network\openvpn\bin\openvpn.exe" --config "%1"]
Image

Here is a screenshot of the stale.ovpn file with the command added:
Image

Here is a screenshot of what happens at time 0 when I doubleclick on that stale file (opening it up in the OpenVPN Daemon):
The stale.ovpn file was doubleclicked on at time 15:22:44
Image

The window eventually died at time 15:23:53
Image

I will now test on a larger set of test files!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3208
Joined: Fri Jun 03, 2016 1:17 pm

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by TinCanTech » Thu Jun 08, 2017 11:45 pm

Nice pics .. 8-)

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn co

Post by woodrock » Mon Jun 12, 2017 10:47 am

Thanks for your help in making the use model even MORE efficient than before, which I know you had to test in order to provide the help, so I appreciate that testing you did for the team.

I have been testing your suggested two steps above on HUNDREDS of files at a time, where it works great.
Even if I open a hundred OpenVPN config files at once, only the first working VPN connection log file remains open in the OpenVPN Daemon after about a minute!

Since the use model is to make use of potentially hundreds of constantly changing freely available OpenVPN config files, the effort to append the command to every file is the next improvement that needs to be added for this new use model to work efficiently.

To that end, I have a partial solution, which isn't elegant, but which works on Windows to append the necessary command to every ovpn file in the current directory:

Code: Select all

@echo off
for %%f in (*.ovpn) do (echo --connect-retry-max 1 >> %%f)
Or, if, instead, you want to run the command in the DOS command window, you remove one of the percent signs:

Code: Select all

for %f in (*.ovpn) do (echo --connect-retry-max 1 >> %f)
That one-line batch-file solution above works to append "--connect-retry-max 1" to every OpenVPN config file.

While that works, to be more elegant, what I need to try to figure out is how to determine, in a Windows batch file, whether the command already exists (which will probably require the Windows "if then else" command).

Post Reply