Openvpn automatic login before use logs on vista



  • Hi Team,

    I have pfsense 2.1 and set up openvpn.

    Is it possible to n a workstation that has the client install to get that client to connect automatically before the use logs on that computer?

    Cheers,

    Raj


  • Rebel Alliance Developer Netgate

    I believe that is possible if you setup OpenVPN to run as a service, either manually or by using the "OpenVPNManager" interface option in the export settings.



  • Cheers for that.

    Does anyone has the instruction on how to configure it on windows please?

    Cheers,

    raj



  • Ok I have tried 2 setup instances of Open VPN servers, one that authenticate with remote access ssl/tls+user auth and the second just with remote access ssl/tls  certs.

    On the client export selected the management interface checkbox.

    Then set the service in windows to start automatically.

    Unfortunately whatever i do the client does not automatically connect.

    I have to log into windows then click on connect in the gui.

    Is there anything I have missed?

    Can anyone please advise?

    I am looking to get the client/ connection to connect before the user logs into the windows environment.

    Cheers,

    Raj



  • +1 from me. I have been meaning to look into this for a while. I would like various laptops to be in the domain, and when they boot up when the user is traveling, they auto-connect to the OpenVPN and thus find AD domain controller, policy… Might be able to have a play with it Sunday or Monday night.
    If anyone has good instructions before then, please post!



  • I would not mind opening a bounty for it if anyone could help pls?



  • I had a try just now. I am on Windows7. I don't have any other systems where I am, so it is difficult to know if everything connected before I logged in or not. Anyway, here is what I did:

    Make an OpenVPN Server with SSL/TLS only (thus no username password needed) on pfSense
    Export a client, with OpenVPN Manager
    Go to the guest house with WiFi (I am traveling)
    Install the client on my Windows7 laptop

    Login to an account with Admin privs
    Start OpenVPN-Manager and modify settings:
    Startup - start with Windows
    Remote control - Allow control via command line

    regedit
    go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    New, String Value
    Name: OpenVPN Connect
    Value: "C:\Program Files\OpenVPN\OpenVPNManager\OpenVPNManager.exe" -connect "my-rt-01-udp-1194-phil.davis.hp-pc-config (service)"
    (put the name of the .ovpn file that was generated, plus " (service)" after -connect. The string must be exactly as it shows when you right-click the OpenVPN Manager icon)

    Then you have to get the laptop to connect to the network before you login. Connect with a cable and that is OK. To make it connect to the wireless automatically, I tried:

    netsh wlan show profile
    Note the name of the WiFi you want to connect to at boot time.

    regedit
    go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    New, String Value
    Name: MyWiFi
    Value: %comspec% /c netsh wlan connect name="<profile name="">"

    I have not yet convinced myself that this works. But it might help you make progress.</profile>



  • ok removed all openvpn and tried again.

    The client connects after the user logs on, if ther user does not log in nothing happens.

    Now that pc is connected with a cable.

    Any ideas?

    Cheers,
    Raj



  • Ok maybe openvpn cant do the whole but this is how i was able to get around and get my solution.

    Make an OpenVPN Server with SSL/TLS only (thus no username password needed) on pfSense
    Export a client, with OpenVPN Manager
    Install openvpn manager on a workstation.Leave it with its default settings.

    Now I created a bat file and with the following line only :
    "C:\Program Files\OpenVPN\OpenVPNManager\OpenVPNManager.exe" -connect "xx-xxx-xxxx-xxxxx-config (service)"

    Named that file Openvpn start

    Now go to schedule tasks in windows and created a task to run as someone with administrator access, hidden,with highest privilages. Selected to run during startup and thats it.

    It might not be the best way to do it but it does work and i am able to authenticate with AD no problem.

    Hope this might help someone else.

    Thanks to phil.davis for his input but unfortunately that did not work for me even though I would love his way to work as that would have removed the bit of running that file with administrator access.

    If anyone else has any other way, let me know.

    I did not test this with wireless connection.  Might not work on wireless.

    Cheers,

    Raj


Log in to reply