Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN problems

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gordc
      last edited by

      I have been researching this for two days now and I don't think I am much closer than I was when I started.

      I am trying to setup so that when a client connects the windows logon script for that user runs and sets up their shares.

      These are the problems that I am running in to.

      1. The client that is exported using the client export utility has to be run as administrator in order to work.  Not everyone has admin privileges.
      2. When I try to connect the one of the commands in the logon script is net use \server%username%$  - instead of using the login name it wants to use the admin account that the client is run under.
      3. I tried using the OpenVpn Manager which eliminates the need to run the program as an administrator but when I run this it does not run the XXXX_up.bat script.

      I am using LDAP to authenticate the users.

      There has to be an easy way to have a non-admin user connect and automatically have their network drives setup for them.  As I indicated I have been looking for two days.

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        First, unless you've exported both a domain and a dns server, "net use \server%username%$" is not going to work over a routed tunnel (assuming "server" is referring to the "server name").  It will need to be:

        • "net use \IP%username%$"

        • or "net use \FQDN%username%$" if you only export the DNS.

        I found a few posts online with the same request.  Here are two different perspectives on a solution:

        • There are two ways.

          1. Use the openvpn –route-up option, but be aware that OpenVPN does not process any packets while the script is running, so to run a command like "net use", you need to execute a second script, and immediately return control to OpenVPN.

          2. Use my GUI to start the connection. You can then put a script called XXX_up.bat in the config folder, where XXX is the same name as your OpenVPN config file. This batch file is then executed after a successful connection has been made. The batch file should return 0 if it was successful, otherwise the GUI will report that a problem has occurred.

          After the above suggestion, the OP followed up this post by saying he solved his issue with the following script:

          ' –-------- up.vbs ---------------------------------
          Option Explicit
          ' Declare variables
          dim WshShell
          ' Initialise variables
          Set WshShell = WScript.CreateObject("WScript.Shell")
          ' Run up.bat, invisible, don't wait till finished
          call WshShell.Run ("up.bat", 0, false)
          ' ---------------------------------------------------

        • Why not just change the script? Ditch the idea of having the script run when the VPN connects, make a script that is scheduled to run every 5 seconds, checks for the existence of the mapped drive, if it's there.. bail out. If it's not, try to ping the mapping target, if it's there, setup the map, if not bail out.

          Then just stuff that bad boy in the machine's scheduled tasks, and when the VPN comes up it'll run in a few seconds and setup the map.

        1 Reply Last reply Reply Quote 0
        • G
          gordc
          last edited by

          Thanks for the reply.  I appreciate the help but it does not solve my problem.

          I tried using the XXX_up.bat and it does work except for the wrong user name.
          The OpenVPN Gui requires to run as admin, which in itself is a problem, and there for when you run the command net use \IP%username%$ it tries to use the admin username instead of the logged in user.  Giving the user local admin rights is definitely not an option.

          I haven't tried using the command line option yet since I need something very simple.  Unfortunately we have some users that if it takes more than just clicking on an icon and entering a username and password they have a hard time.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            You can clearly setup openvpn for the user, the user does not need to be admin to start a connection.

            Did you google?  There are many a guide on skinning that cat
            http://www.digitalllama.net/2014/12/allow-non-admin-users-to-connect-with.html
            http://www.informit.com/articles/article.aspx?p=387173&seqNum=9
            etc..

            The current openvpn can use a managment port on the local machine and it can be used to tell it to create connections, here is a gui to help the user with that
            http://openvpn-mi-gui.inside-security.de/

            Once you have a tunnel open create a batch file with your connect commands put it as an icon on the desktop and away you go.  Or just map the drive once and have it reconnect at login yes it will fail and give them a red x when not connected, they can right click on it after on the vpn and say connect..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • G
              gordc
              last edited by

              Thanks again for the help.  I was able to get this working using the following.

              Download the client including the gui manager.
              Once installed I was able to go in to services and set the openvpn service to start automatically
              I then downloaded the openvpn-mi-gui program and when I run it I don't have the problem with the admin and it runs the batch files in the config directory as the logged in user.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.