OpenVPN-GUI registry entries on Windows 7 Pro

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
djm
OpenVpn Newbie
Posts: 6
Joined: Fri Aug 13, 2010 11:02 pm

OpenVPN-GUI registry entries on Windows 7 Pro

Post by djm » Fri Aug 13, 2010 11:26 pm

I maintain more than 50 computers that I have set up OpenVPN networks on. 3 OpenVPN servers and many clients.

The clients are a range of OSs: Win XP, Vista Win 7 and Linux.

Almost all of the users use logins that are not administrators. With XP adding them to the "Network Configuration Group" might be necessary for all to connect correctly.

With vista I had to use the allow_service approach by changing the

Code: Select all

HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN-GUI
registry settings.

Same for all the Win 7 computers that I have set up so far. But the most recent didn't have the HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN-GUI registry keys after install. Instead there seemed to be user based OpenVPN-GUI registry keys. And although changing the settings of these does change the OpenVPN-GUI menu (from the task bar icon), connecting fails on the route add part.

This particular Win 7 is Win 7 Pro. I think that the others were all home Premium.

How can I get the user to be able to connect without having to give them the administrator password (I haven't as yet been able to try adding them to the "Network Config" group - maybe that will be sufficient)?

Or is there some way that I can get the OpenVPN-GUI registry keys back to HKEY_LOCAL_MACHINE\SOFTWARE?

Any help would be appreciated as at the moment this user cannot connect remotely.

User avatar
krzee
Forum Team
Posts: 728
Joined: Fri Aug 29, 2008 5:42 pm

Re: OpenVPN-GUI registry entries on Windows 7 Pro

Post by krzee » Mon Aug 16, 2010 10:21 pm

Just to be sure, these 50 computers are not from the same lan, right?
There only needs to be 1 vpn node per lan.

Should the VPN always be connected? if so you can just enable the service.

Try this,
  • Right Click the GUI - Properties - Compatibility
    Run this program in compatibility mode for:
    Windows Vista

    Privilege Level:
    Run this program as an administrator

    Then Click Ok
Hope that helps,
-krzee

djm
OpenVpn Newbie
Posts: 6
Joined: Fri Aug 13, 2010 11:02 pm

Re: OpenVPN-GUI registry entries on Windows 7 Pro

Post by djm » Mon Aug 16, 2010 10:42 pm

We have 5 different LANs (2 don't need to be connected remotely). The user only occasionally needs to connect remotely. And they often work at the office connecting directly to the LAN. If I set them up with the service running then they are unable to connect to anything but the VPN server when in the office. They need to see printers etc.

I have tried following the instructions for making the rest of a LAN visible when connecting remotely but with no success.

So I need them to be able to manually connect/disconnect.

djm
OpenVpn Newbie
Posts: 6
Joined: Fri Aug 13, 2010 11:02 pm

Re: OpenVPN-GUI registry entries on Windows 7 Pro

Post by djm » Tue Aug 17, 2010 5:24 am

Although what you suggest works (the "run as administrator) we don't want to give the staff the administrator password. Selecting "Run as administrator" asks the user for the administrator password when they attempt to run OpenVPN-GUI.

We need a method of either starting up the GUI as administrator that doesn't require the user to know and enter the administrator password, or a way of starting the service (which changing allow_service is meant to) without requiring the user to know and enter the administrator password.

User avatar
krzee
Forum Team
Posts: 728
Joined: Fri Aug 29, 2008 5:42 pm

Re: OpenVPN-GUI registry entries on Windows 7 Pro

Post by krzee » Mon Aug 23, 2010 8:58 am

djm wrote:or a way of starting the service (which changing allow_service is meant to) without requiring the user to know and enter the administrator password.
In the services properties, go to the log on tab, then set the user for the service to run as (administrator). Then set it to be started manually.

Post Reply