[Solved]OpenVPN 2.5.0 - Bat problem

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
User avatar
vandreytrindade
OpenVpn Newbie
Posts: 18
Joined: Sun Jul 26, 2015 1:14 pm

[Solved]OpenVPN 2.5.0 - Bat problem

Post by vandreytrindade » Mon Nov 16, 2020 11:48 am

Hi!
I'm trying to use a bat file to run when the user connects to the VPN.
I've been testing on my own ovpn file.
Added this two lines to it:

Code: Select all

script-security 2
up "C:\\Temp\\OpenVPN.bat"
Then the bat file has this content:

Code: Select all

net use * /delete /y
net use P: \\srvad\folder1
net use S: \\srvad\folder2
net use T: \\srvad\folder3
net use V: \\srvad\folder4
net use Z: \\srvad\folder5
And it isn't running, if I test with only one line, the connection even start, it says that there is a problem on the bat file.
I've used that commands without configuring the bat file and after the connection, it works fine.
My friend tried the same bat file on version 2.4.9 and it works as expected.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN 2.5.0 - Bat problem

Post by TinCanTech » Mon Nov 16, 2020 3:14 pm

OpenVPN does not allow scripts executed by openvpn to pass data over the VPN.

User avatar
vandreytrindade
OpenVpn Newbie
Posts: 18
Joined: Sun Jul 26, 2015 1:14 pm

Re: OpenVPN 2.5.0 - Bat problem

Post by vandreytrindade » Thu Nov 19, 2020 5:09 pm

Hi TinCanTech,

It is a new thing then?
On version 2.4.9 it works.
Or maybe I'm trying to do it using a bad method.
Since my domain computers aren't authenticatin as users logon, I need to be able to map some network shared folders on their computers.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN 2.5.0 - Bat problem

Post by TinCanTech » Thu Nov 19, 2020 7:10 pm

vandreytrindade wrote:
Thu Nov 19, 2020 5:09 pm
It is a new thing then?
On version 2.4.9 it works.
It is not new and was also the same in 2.4.9

User avatar
vandreytrindade
OpenVpn Newbie
Posts: 18
Joined: Sun Jul 26, 2015 1:14 pm

Re: OpenVPN 2.5.0 - Bat problem

Post by vandreytrindade » Fri Apr 02, 2021 3:47 pm

Hi,
What I'm trying to do is exactly this:
https://think.unblog.ch/en/openvpn-connection-script/
Last edited by vandreytrindade on Fri Apr 02, 2021 7:10 pm, edited 2 times in total.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN 2.5.0 - Bat problem

Post by TinCanTech » Fri Apr 02, 2021 4:22 pm

vandreytrindade wrote:
Fri Apr 02, 2021 3:47 pm
Hi,
On this blog they said that it worked (date:24/12/2020):
https://think.unblog.ch/en/openvpn-connection-script/
They are incorrect.
vandreytrindade wrote:
Fri Apr 02, 2021 3:47 pm
So... it changed or it was fixed to not work like that anymore?
OpenVPN has never allowed openvpn-scripts (eg. --up) to pass data over the VPN.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN 2.5.0 - Bat problem

Post by TinCanTech » Fri Apr 02, 2021 7:09 pm

It turns out that I am actually wrong.

Using the Windows-GUI allows a considerably weaker "security policy" (and I use that term with disgust),
and so, your script should be able to complete successfully but only if you use the Windows GUI.

I had to test it myself before I would believe it .... :shock:

But this only works if you use the method described in your blog post above.
Last edited by TinCanTech on Fri Apr 02, 2021 7:16 pm, edited 1 time in total.

User avatar
vandreytrindade
OpenVpn Newbie
Posts: 18
Joined: Sun Jul 26, 2015 1:14 pm

Re: OpenVPN 2.5.0 - Bat problem

Post by vandreytrindade » Fri Apr 02, 2021 7:12 pm

Hi TinCanTech,

No problem!
Correct, we are using the Windows GUI.
I'm talking to the person of that blog and the only difference in our scenarios is that he uses dev TUN.
Our OpenVPN server is configured to use dev TAP.
Maybe that's the problem?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN 2.5.0 - Bat problem

Post by TinCanTech » Fri Apr 02, 2021 7:17 pm

No, you must use the method they describe. You cannot put the --up script into the config file itself.

User avatar
vandreytrindade
OpenVpn Newbie
Posts: 18
Joined: Sun Jul 26, 2015 1:14 pm

Re: OpenVPN 2.5.0 - Bat problem

Post by vandreytrindade » Fri Apr 02, 2021 10:01 pm

Yup, I have followed the same steps as he did.
No modifcation of the ovpn file.

My files on C:\Users\Vandrey\OpenVPN\config are:
VPNConfig.ovpn
VPNConfig_up.bat

My bat file runs if I use the message box like he did, or simple things like: echo "a" > C:\Temp\1.txt
But never "net use"...
Is there any log to see why it isn't working?
Have tried to set log verbose to 4 and still no log to show why net use isn't working for me.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN 2.5.0 - Bat problem

Post by TinCanTech » Fri Apr 02, 2021 10:31 pm

You may be able to find some useful debugging examples here:
https://github.com/TinCanTech/easy-tls

See the batch files.

User avatar
vandreytrindade
OpenVpn Newbie
Posts: 18
Joined: Sun Jul 26, 2015 1:14 pm

Re: OpenVPN 2.5.0 - Bat problem

Post by vandreytrindade » Sat Apr 03, 2021 10:55 am

Hi TinCanTech,

Thanks a lot for your time and attention.
I have found the problem.
My network password is between %, so when I pass the credentials on the bat file it's returning an error because it removes the % characters from the password.
I have tested on a domain joined machine where I don't need to pass credentials and it worked as expected.

i solved by using double % to escape them.

Thanks once again!!! :D

PS: I haven't found a way to edit this post as solved...

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN 2.5.0 - Bat problem

Post by TinCanTech » Sat Apr 03, 2021 1:21 pm

Thanks to your persistence, I found out about the GUI functioning differently to a config. 8-)

Thanks for your star on github, I hope you find Easy-TLS as useful as I do.

Yeah, you can't edit posts after a certain amount of time. A mod may do that for you.

Cheers!

Post Reply