OpenVPN Support Forum

Greetings,

I'm playing around with using the OpenVPN-GUI/Service to connect to a server however I'm getting no output when running the commands from powershell, via a Scheduled Task.

I am 100% certain the scheduled task executes, debug from the powershell script goes into EventViewer, however, when it comes time to doing the OpenVpn-GUI --connect <profile>, it doesn't give me any output.

I've assumed this was due to a lack of administrator privilages.

So I uninstalled and reinstalled and selected to install the service this time.

I've since tried to run openvpn --config <profile> and an assortment of other commands, none of actually worked within the context of the MSA running from a scheduled task.

I've read and re-read https://openvpn.net/community-resources ... n-process/ and apparently missed something obviously very simply.

Any help would be appreciated.

Hi MrA,

The only thing I can suggest is that you check your profile for a "daemon" line and comment that. This would force openvpn to run in the foreground, and from there you might see what's happening (or not happening, as the case may be.)

regards, rob0

Unfortunately as it's running as an MSA, we can't actually see the GUI at all. Even forcing logging to a specific directory produces no results.

Are we supposed to use openvpn.exe instead of the gui when connecting programmatically?

I've also tried this; https://openvpn.net/community-resources ... le-window/

Without success.

Seems to be a relatively straight forward exercise;

Have scheduled task
Connect to vpn
...
Profit?

Hi MrA,

Are you not able to read or edit your profile? Then no, this will not be simple.

Yes, of course it makes more sense to use a command line tool for automated tasks. I've never done that on Windows. Are you not able to connect in to a PowerShell? I was thinking you could read and edit your profile, but if you can't, ugh.

regards, rob0

Technically, we can use PSExec to execute a powershell script as the MSA account, however, it executes using Administrator privileges within the security context. Which bypasses the problem and isn't usable via Scheduled Task.

I can't grant the MSA Administrator access as it would mean anyone with access to the server would theoretically be able to rewrite the script to grant themselves admin privs.

We can modify environment and user variables within the context of the MSA though.

I've found that the OpenVPN Service does execute the AutoConfig after a server reboot.

Which is extremely odd but it works!

Excellent it seems you have found the solution.

MrAutomation wrote: ↑

Fri Mar 25, 2022 12:48 am

I've found that the OpenVPN Service does execute the AutoConfig after a server reboot.

Which is extremely odd but it works!

A service restart would do the same.