OpenVPN Client für Windows Verbindungsscript erstellen

OpenVPN Connection Script

()

Running Scripts on OpenVPN Connect and Disconnect

OpenVPN Client for Windows using script file allows you to mapping network drives to servers shares when starting VPN connections. There are other options, such as running login scripts, printer redirects, or automated updating. This tutorial shows the installation and the usage of OpenVPN connection scripts.

How to do it

The OpenVPN GUI for Windows can be downloaded from the community website here. The OpenVPN client can also be deployed using winget ran in the command prompt.

C:\> winget install --id OpenVPNTechnologies.OpenVPN

Upon during installation, the OpenVPN directory is created under %USERPROFILE%, including the folder config, which contains the configuration files (.ovpn) that are stored from the OpenVPN GUI with File Import.

OpenVPN in Tasklbar click Import file

Right-clicking above the OpenVPN icon icon in the taskbar opens the context menu with file import, which is saved at: %USERPROFILE%\OpenVPN\config

openvpn-config

The batch files must be in the same config directory and have the same name as the file name of the configuration (.ovpn), whereby _up must be added, as here the file name starts with VPNConfig and appended _up, VPNConfig_up.bat.

OpenVPN Connection Script

The contents of the connection-building batch file may look like this so that a network drive is mapped to the server after connecting OpenVPN.

Edit OpenVPN_up.bat in Notepad
Edit OpenVPN Connection Script VPNConfig_up.bat in Notepad

It is mapped with VPNConfig_up.bat the network drive I: to the server tower, here in this example being login against domain city.local as username max using password pass123. If you do not want to have a visible password in the batch, you can remove it so the password prompt will by called.

Edit OpenVPN_down.bat in Notepad
Edit OpenVPN Connection Script VPNConfig_down.bat in Notepad

After disconnecting the OpenVPN connection, the batch VPNConfig_down.bat does disconnects the network drives.

explorer-openvpn-config

The batch files must be in the same directory, here in the user profile under OpenVPN along with the ovpn file in the config directory.

  If you rename the configuration file before importing it, here the VPNConfig.ovpn i.e. CityOffice.ovpn, then this name appears in the context menu when connecting to destination in the OpenVPN GUI. The batch files must have the same names before _up and _down.

  In order for the server name to be resolved at “net use”, the entry “dhcp-option DNS” has to modify in the file VPNConfig.ovpn:
dhcp-option DNS 192.168.3.110

In this example, the DNS 192.168.3.110 is on the remote network to which we connect to OpenVPN. If there is no DNS on the network, the IP address must be specified instead of the host name.

OpenVPN Settings

In the OpenVPN Settings you will find the possibility to determine the location of the configuration files and log files, here the path to the files can be changed, also there is the possibility to determine the extension .ovpn. Adjusting the paths can be useful, for example, when using roaming profiles, creating the folder for the OpenVPN connections under %APPDATA%, or when using offline folders, this can be set individually.

OpenVPN Settings Advanced

In the OpenVPN Settings Advanced, the values for script files can be changed if necessary, in the Script Timeout area for Preconnect script timeout, in this case the batch file VPNConfig_up.bat, and VPNConfig_down.bat for timeout for Disconnect script.

Example of a Netlogon Connection Script (xxxxxxxx_up.bat):
@echo off
timeout 5
REM mapping network printer
rundll32 printui.dll,PrintUIEntry /in /n \\tower\laserjet_office
REM mapping network drive
net use I: \\tower\office /persistent:no /user:city\max pass123
REM wait along two pings
ping localhost -n 2 > null
REM pop-up greeting message
echo msgbox("Welcome %USERNAME% on %USERDOMAIN%."),vbInformation , "Message"> %temp%\msg.vbs 
%temp%\msg.vbs
REM delete message
erase %temp%\msg.vbs

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

8 thoughts on “OpenVPN Connection Script”

  1. Hi! Thanks for the fast reply!
    Yes, in my OpenVPN configuration this path is set:
    C:\Users\\OpenVPN\config

    I have created these files:
    VPNConfig.ovpn
    VPNConfig_up.bat

    The content of VPNConfig.bat is:
    net use Z: \\\Files /persistent:no /user:domain\user “password”

    If I run the bat ater connecting to the VPN, it maps the network drive.
    But using OpenVPN it always returns exitcode 2

    This is the content of my ovpn file:
    # Sample client-side OpenVPN 2.0 config file #
    # for connecting to multi-client server. #
    # #
    # This configuration can be used by multiple #
    # clients, however each client should have #
    # its own cert and key files. #
    # #
    # On Windows, you might want to rename this #
    # file so it has a .ovpn extension #
    ##############################################

    # Specify that we are a client and that we
    # will be pulling certain config file directives
    # from the server.
    client

    # Use the same setting as you are using on
    # the server.
    # On most systems, the VPN will not function
    # unless you partially or fully disable
    # the firewall for the TUN/TAP interface.
    dev tap
    ;dev tun

    # Windows needs the TAP-Win32 adapter name
    # from the Network Connections panel
    # if you have more than one. On XP SP2,
    # you may need to disable the firewall
    # for the TAP adapter.
    ;dev-node MyTap

    # Are we connecting to a TCP or
    # UDP server? Use the same setting as
    # on the server.
    ;proto tcp
    proto udp

    # The hostname/IP and port of the server.
    # You can have multiple remote entries
    # to load balance between the servers.
    #remote 187.102.135.46 1194
    remote server 1194

    # Choose a random host from the remote
    # list for load-balancing. Otherwise
    # try hosts in the order specified.
    ;remote-random

    # Keep trying indefinitely to resolve the
    # host name of the OpenVPN server. Very useful
    # on machines which are not permanently connected
    # to the internet such as laptops.
    resolv-retry infinite

    # Most clients don’t need to bind to
    # a specific local port number.
    nobind

    # notify
    –explicit-exit-notify 3

    # Downgrade privileges after initialization (non-Windows only)
    ;user nobody
    ;group nogroup

    # Try to preserve some state across restarts.
    persist-key
    persist-tun

    # If you are connecting through an
    # HTTP proxy to reach the actual OpenVPN
    # server, put the proxy server/IP and
    # port number here. See the man page
    # if your proxy server requires
    # authentication.
    ;http-proxy-retry # retry on connection failures
    ;http-proxy [proxy server] [proxy port #]

    # Wireless networks often produce a lot
    # of duplicate packets. Set this flag
    # to silence duplicate packet warnings.
    ;mute-replay-warnings

    # SSL/TLS parms.
    # See the server config file for more
    # description. It’s best to use
    # a separate .crt/.key file pair
    # for each client. A single ca
    # file can be used for all clients.
    #ca ca.old.crt
    #cert template.old.crt
    #key template.old.key

    # Verify server certificate by checking
    # that the certicate has the nsCertType
    # field set to “server”. This is an
    # important precaution to protect against
    # a potential attack discussed here:
    # http://openvpn.net/howto.html#mitm
    #
    # To use this feature, you will need to generate
    # your server certificates with the nsCertType
    # field set to “server”. The build-key-server
    # script in the easy-rsa folder will do this.
    remote-cert-tls server

    # If a tls-auth key is used on the server
    # then every client must also have the key.
    ;tls-auth ta.key 1

    # Select a cryptographic cipher.
    # If the cipher option is used on the server
    # then you must also specify it here.
    cipher AES-256-CBC

    # Enable compression on the VPN link.
    # Don’t enable this unless it is also
    # enabled in the server config file.
    ;comp-lzo

    # Set log file verbosity.
    verb 1

    # Silence repeating messages
    ;mute 20
    auth-nocache

    1. There was an error when typing the paths:
      C:\Users\my_user\OpenVPN\config
      \\server_ip_address\Files

      1. Funny, I receive mail saying about your replies but the website isn’t showing them.
        Have tried on different browsers…
        But ok, answering you:

        – Log doesn’t show nothing about the up script, I have changed verbose to 4 and still nothing about it. It appears a message box saying about the script error and “exitcode=2”.
        – Yes, I put the VPN VPNConfig_up.bat in the same path of the ovpn file (C:\Users\Vandrey\OpenVPN\config)
        – I will have to ask to my colleague, who installed the OpenVPN service to try the DEV TUN option…
        I don’t know why he’s using DEV TAP.
        It will have an impact on other OS? Like Android?

    1. did you correctly entered the path to the configuration files ? see settings – advanced.
      when I wrote this post I was using openvpn 2.4.7, now i got upgrade to 2.5.1 and it still works.

Leave a Reply

Your email address will not be published. Required fields are marked *