OpenVPN over AT&T/Sprint Connection Manager
Posted: Mon May 17, 2010 3:00 pm
This is the easiest way I saw on Windows XP to have one-click connect-to-3G-and-VPN-simutaneously, and hide the VPN window. If anyone has any better ideas (ie. "why didn't you do xxx"), I'm all ears... Previously, we did without the AT&T Connection Manager and just used a configured Dial-Up Networking connection, and I would love to be able to go back to that config. Also, it seemed weird that I could not find a way to easily hide the OpenVPN window without a helper app. I also could not get the xxx_down.bat to execute if the disconnect was due to the inactive setting in the config file.
Comments? I'd certainly like a less complicated setup to make this work.
Client config is as follows:
-------------------------
Here's what you do:
First -
Download and install hstart.exe to C:\Windows.
You can get hstart here: http://www.ntwind.com/software/utilities/hstart.html
It has 32-bit and 64-bit versions. This will allow you to properly and easily hide the command-line window launched by OpenVPN.
Second -
Edit the user's OVPN config file to contain the following lines:
It should not end the VPN connection if it is simply idling inactive because it is sending a ping every 7 seconds, maintaining activity!
Third -
Edit the default connection profile
1. In Sprint or AT&T Connection Manager, go to Connections, then Edit Connection Profiles.
2. Select default connection profile (ie. AT&T Mobile) and click Edit.
3. Go to General tab of profile and check "Auto Launch" under VPN.
4. Click OK, then close.
Fourth -
In Sprint or AT&T Connection Manager, go to Tools, then Settings:
- On Application tab, make sure "Automatically run this application on Windows startup" is disabled
- On Application tab, make sure "Use this as my default Wi-Fi management utility" is disabled
- On Application tab, make sure "Always start application minimized" is disabled
- On Hardware tab, make sure you change "Other Devices" to "Manual" (drop-down) and un-check TAP-Win32 Adapter V9 - Packet Scheduler Miniport (this will hide TAP-Win32 from the main application interface)
- On Hardware tab, change Simultaneous Connections to "Allow Simultaneous Connections"
- On VPN tab, select "Use third party VPN client."
- Enter the command line to application as "C:\Windows\hstart.exe"
- Enter the parameters as /NOCONSOLE ""C:\Program Files\OpenVPN\bin\openvpn.exe" --config "C:\Program Files\OpenVPN\config\gsember_vpn.ovpn"" (for example - and yes those quotes are correct)
I've tested this, it works fine - and in succession too! There may be an easier way, but this is working for me...
Other things we're nervous about is if it will remain connected with these ovpn settings, if the tunnel remains active if there's no application using it and the only thing going across is the pings. (Also could current server settings override the ping and ping-exit OpenVPN settings?)
Comments? I'd certainly like a less complicated setup to make this work.
Client config is as follows:
Code: Select all
cd gsember
client
dev tap
;dev tun
;dev-node vpn
proto udp
remote 192.168.0.1 1194
;remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert gsember.crt
key gsember.key
ns-cert-type server
tls-auth ta.key 1
comp-lzo
verb 3
mute 20Here's what you do:
First -
Download and install hstart.exe to C:\Windows.
You can get hstart here: http://www.ntwind.com/software/utilities/hstart.html
It has 32-bit and 64-bit versions. This will allow you to properly and easily hide the command-line window launched by OpenVPN.
Second -
Edit the user's OVPN config file to contain the following lines:
Code: Select all
ping 7
ping-exit 20
inactive 30Third -
Edit the default connection profile
1. In Sprint or AT&T Connection Manager, go to Connections, then Edit Connection Profiles.
2. Select default connection profile (ie. AT&T Mobile) and click Edit.
3. Go to General tab of profile and check "Auto Launch" under VPN.
4. Click OK, then close.
Fourth -
In Sprint or AT&T Connection Manager, go to Tools, then Settings:
- On Application tab, make sure "Automatically run this application on Windows startup" is disabled
- On Application tab, make sure "Use this as my default Wi-Fi management utility" is disabled
- On Application tab, make sure "Always start application minimized" is disabled
- On Hardware tab, make sure you change "Other Devices" to "Manual" (drop-down) and un-check TAP-Win32 Adapter V9 - Packet Scheduler Miniport (this will hide TAP-Win32 from the main application interface)
- On Hardware tab, change Simultaneous Connections to "Allow Simultaneous Connections"
- On VPN tab, select "Use third party VPN client."
- Enter the command line to application as "C:\Windows\hstart.exe"
- Enter the parameters as /NOCONSOLE ""C:\Program Files\OpenVPN\bin\openvpn.exe" --config "C:\Program Files\OpenVPN\config\gsember_vpn.ovpn"" (for example - and yes those quotes are correct)
I've tested this, it works fine - and in succession too! There may be an easier way, but this is working for me...
Other things we're nervous about is if it will remain connected with these ovpn settings, if the tunnel remains active if there's no application using it and the only thing going across is the pings. (Also could current server settings override the ping and ping-exit OpenVPN settings?)