OpenVPN 2.6 automatic start on custom instance

Post by SkyBeam » Fri Mar 24, 2023 10:51 am

My use-case:
OpenVPN running as custom instance on on Windows.
  • HKLM\Software\OpenVPNmyinstance created and config_dir, config_ext, exe_path, log_dir and log_append defined
  • Service created running "openvpnserv.exe -instance automatic myinstance"
Automatic start of connection does not work in OpenVPN 2.6 any more. It was working fine in version 2.5.
In version 2.5 this workied just fine and auto-running the VPN configuration placed in config_dir.
In version 2.6 the service does not even start as it seems the "automatic" option got completely removed. The help of openvpnserv looks kind of strange now as "-instance" only taking a fixed "interactive" option now - so why specifying the option if it actually needs to be hard-coded to "interactive"?

The issue is I cannot get OpenVPN 2.6 to automatically start a connection on service run with a custom service as the "automatic" option seems to have been removed and therefore the functionality is broken and compatibility to existing tooling as well.

What I tried as well:
Running "openvpnserv.exe -instance interactive myinstance" and adding autostart_config_dir to HKLM\Software\OpenVPNmyinstance.
It seems that custom instance information is completely ignored here too. Even when placing the configuration to the default config-auto folder the service will not start it. So it looks like the instance is hard-wired to only interactive use.

Does anyone know how I could configure a dedicated instance which will auto-start any connectivity?

Unfortunately I can't launch the connection directly as I need to use a service due to the fact wintun (which I like to use) requires the connection to be launched by a SYSTEM service. So I am stuck as I cannot run a custom service to auto-start a connection. Only option I would have is to launch the default service and place its configuration into config-auto. But the default service might contain other connection configurations already which I don't want to run. This is the reason to create a custom service in first place.

Do I miss something or is the custom service auto-connect functionality completely broken in version 2.6?

Re: OpenVPN 2.6 automatic start on custom instance

Post by SkyBeam » Sat Mar 25, 2023 12:19 am

I spent a bit more time on this topic and found some answers but not a solution:
  • OpenVPN 2.6 seems to split the functionality into two services
    • openvpnserv.exe: This service is used only to communicate with the GUI allowing users to interactively start/stop connections from the config/ folder.
    • openvpnserv2.exe: This service is new and is used only to auto-start connections from config-auto/ folder.
Unfortunately it looks like openvpnserv2.exe is missing the functionality to specify a custom instance name which would make it read the paths from HKLM\SOFTWARE\OpenVPN<instance>. IN fact it does not seem to accept any parameters. So it is not possible to create a custom service which is handling the auto-start connections from a dedicated folder.

In regards to wintun I have started to move to the new ovpn-dco driver.
Although also this seems to lack some implementation parts. For example I was unable to find a way to bind a connection to a specific interface. While wintun offering to use "dev-node interface-name" and "windows-driver wintun" in *.ovpn configuration this seems not to be supported for "windows-driver ovpn-dco" and it just randomly selects an interface.

