OpenVPN Support Forum

Hi!
I'm trying to use a bat file to run when the user connects to the VPN.
I've been testing on my own ovpn file.
Added this two lines to it: Then the bat file has this content: And it isn't running, if I test with only one line, the connection even start, it says that there is a problem on the bat file.
I've used that commands without configuring the bat file and after the connection, it works fine.
My friend tried the same bat file on version 2.4.9 and it works as expected.

OpenVPN does not allow scripts executed by openvpn to pass data over the VPN.

Hi TinCanTech,

It is a new thing then?
On version 2.4.9 it works.
Or maybe I'm trying to do it using a bad method.
Since my domain computers aren't authenticatin as users logon, I need to be able to map some network shared folders on their computers.

vandreytrindade wrote: ↑

Thu Nov 19, 2020 5:09 pm

It is a new thing then?
On version 2.4.9 it works.

It is not new and was also the same in 2.4.9

Hi,
What I'm trying to do is exactly this:
https://think.unblog.ch/en/openvpn-connection-script/

vandreytrindade wrote: ↑

Fri Apr 02, 2021 3:47 pm

Hi,
On this blog they said that it worked (date:24/12/2020):
https://think.unblog.ch/en/openvpn-connection-script/

They are incorrect.

vandreytrindade wrote: ↑

Fri Apr 02, 2021 3:47 pm

So... it changed or it was fixed to not work like that anymore?

OpenVPN has never allowed openvpn-scripts (eg. --up) to pass data over the VPN.

It turns out that I am actually wrong.

Using the Windows-GUI allows a considerably weaker "security policy" (and I use that term with disgust),
and so, your script should be able to complete successfully but only if you use the Windows GUI.

I had to test it myself before I would believe it ....

But this only works if you use the method described in your blog post above.

Hi TinCanTech,

No problem!
Correct, we are using the Windows GUI.
I'm talking to the person of that blog and the only difference in our scenarios is that he uses dev TUN.
Our OpenVPN server is configured to use dev TAP.
Maybe that's the problem?

No, you must use the method they describe. You cannot put the --up script into the config file itself.

Yup, I have followed the same steps as he did.
No modifcation of the ovpn file.

My files on C:\Users\Vandrey\OpenVPN\config are:
VPNConfig.ovpn
VPNConfig_up.bat

My bat file runs if I use the message box like he did, or simple things like: echo "a" > C:\Temp\1.txt
But never "net use"...
Is there any log to see why it isn't working?
Have tried to set log verbose to 4 and still no log to show why net use isn't working for me.

You may be able to find some useful debugging examples here:
https://github.com/TinCanTech/easy-tls

See the batch files.

Hi TinCanTech,

Thanks a lot for your time and attention.
I have found the problem.
My network password is between %, so when I pass the credentials on the bat file it's returning an error because it removes the % characters from the password.
I have tested on a domain joined machine where I don't need to pass credentials and it worked as expected.

i solved by using double % to escape them.

Thanks once again!!!

PS: I haven't found a way to edit this post as solved...

Thanks to your persistence, I found out about the GUI functioning differently to a config.

Thanks for your star on github, I hope you find Easy-TLS as useful as I do.

Yeah, you can't edit posts after a certain amount of time. A mod may do that for you.

Cheers!