Recommended Posts

Hi guys. I got a quick question for anyone that has more experience with openvpn. I'm trying to have the damn thing run at startup and I used the "scheduled task" method to do it. It runs fine, but my problem is that there's no tray icon. Without it, if something is wrong with the network connection, there's no way to reconnect the vpn, unless the user ends the task/process and open the gui manually. And that is another problem, because the logged in user does not have admin privileges. 

 

I've set a delay of 2 minutes in the Triggers section of the task, to let everything else load first, but the tray icon still doesn't show. 

 

Is there anything else I can do?

 

Thank you!

Link to comment
https://www.neowin.net/forum/topic/1288614-openvpn-gui-issue-at-startup/
Share on other sites

why not just put it in the startup folder instead of running it as a scheduled task?  This way when the user logs on it will run and it will be interactive with the user.   You can even do it in the all users section so that it applies to anyone who logs in, not just the individual user.

  On 11/02/2016 at 21:32, sc302 said:

why not just put it in the startup folder instead of running it as a scheduled task?  This way when the user logs on it will run and it will be interactive with the user.   You can even do it in the all users section so that it applies to anyone who logs in, not just the individual user.

Expand  

I already tried that, it does run BUT it asks for the admin password and I don't want that, since the user doesn't have the rights.

  On 11/02/2016 at 22:27, BudMan said:

do your users have admin rights?? 

 

If not is this the way you set it up?

https://community.openvpn.net/openvpn/wiki/Nonprivileged

 

This starts the gui for the user..

Expand  

As I said, the user doesn't have admin rights. I used the method here: https://help.my-private-network.co.uk/support/solutions/articles/8464-windows-openvpn-auto-start

  On 11/02/2016 at 21:20, John Teacake said:

Why are you trying to run it as a Scheduled Task? Presumably there would be no icon as its not running as the logged in user. 

Expand  

Because there's no other way other than the openvpn windows service set to automatic, but that method still doesn't show the tray icon...

That method is missing quite a bit... Take a look at the article I posted..

 

Also you can give the vpn service start stop permissions to normal user...  Been a coons age since I have done anything like this but I know you can grant non users rights to start and stop service with
 subinacl, there use to be a way to change the gui via a reg key so that it started and stopped the service..

 

Google is your friend, found the old article

http://openvpn.se/files/howto/openvpn-howto_run_openvpn_as_nonadmin.html

 

That goes over the way to change the service and the reg keys... Have not had to do this in years.. But might still work, if I get a chance latter I will test it..  Also int he article I linked to it links to 2 other gui options that can be used without admin rights.  Maybe either of those would suit your needs??  So you don't have to use the scheduled task method at all.

  On 11/02/2016 at 22:50, BudMan said:

That method is missing quite a bit... Take a look at the article I posted..

 

Also you can give the vpn service start stop permissions to normal user...  Been a coons age since I have done anything like this but I know you can grant non users rights to start and stop service with
 subinacl, there use to be a way to change the gui via a reg key so that it started and stopped the service..

 

Google is your friend, found the old article

http://openvpn.se/files/howto/openvpn-howto_run_openvpn_as_nonadmin.html

 

That goes over the way to change the service and the reg keys... Have not had to do this in years.. But might still work, if I get a chance latter I will test it..  Also int he article I linked to it links to 2 other gui options that can be used without admin rights.  Maybe either of those would suit your needs??  So you don't have to use the scheduled task method at all.

Expand  

I think you're missing the point (but please correct me if I'm wrong). The issue is NOT that a normal user cannot run openvpn, it's the tray icon that's missing. The connection runs fine as a scheduled task, with admin rights (the .exe is in the processes list in task manager), but my concern is that if the internet connection drops the vpn will not reconnect automatically. So the user needs to have a manual way of reconnecting, via the tray icon, since re-opening the main exe file requires admin password.

 

That script + scheduled task method you posted basically does the same thing, the app runs but there's no icon. Maybe I should add an explorer restart, so that the tray icon gets registered properly?

If you read the article I Linked too it gives them the gui so they can restart the connection.  Or the other guis in the article do not have to have admin rights and they can restart the connection.  They have a GUI!!

 

That is your whole point right - if the connection dies the users can't restart it... That is what I am showing you how to do - the article gives you the gui to see if the connection is up down, restart it, etc..  Same goes with the replacement guis that do not require admin.

 

"the app runs but there's no icon"

There is a icon!!! 

 

This automatically created task will put the user in the group "Network Configuration Operators" and then start OpenVPN GUI automatically at the next logon of this (non privileged) user (with highest privileges).

 

"win7x64_user1_openvpn will then execute openvpn-gui.exe in the users context but with highest privileges."

 

Since the user task win7x64_user1_openvpn was present at logon, it get's executed and starts openvpn-gui.exe. So after the user logged in, he/she has the OpenVPN-GUI running in the system tray and is ready to establish connections without administrative privileges"

 

Clearly you did NOT read it???

 

 

  On 11/02/2016 at 22:31, TDT said:

I already tried that, it does run BUT it asks for the admin password and I don't want that, since the user doesn't have the rights.

Expand  

then use proc mon to find out what is being called and give the user admin rights over those areas either in the registry or the file location.  If the file location is in program files move the folder or install it to the root of c or a folder outside of one of the restricted folders (windows, program files, or programdata).  This is how I have made programs that normally need admin access accessible to end users without admin access.  I could remote in with teamviewer and help you with a test box if you would like me to show you what to do...I will probably need a break at some point today while watching airwatch videos (blech). 

 

https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx

 

  On 12/02/2016 at 09:47, BudMan said:

If you read the article I Linked too it gives them the gui so they can restart the connection.  Or the other guis in the article do not have to have admin rights and they can restart the connection.  They have a GUI!!

 

That is your whole point right - if the connection dies the users can't restart it... That is what I am showing you how to do - the article gives you the gui to see if the connection is up down, restart it, etc..  Same goes with the replacement guis that do not require admin.

 

"the app runs but there's no icon"

There is a icon!!! 

 

This automatically created task will put the user in the group "Network Configuration Operators" and then start OpenVPN GUI automatically at the next logon of this (non privileged) user (with highest privileges).

 

"win7x64_user1_openvpn will then execute openvpn-gui.exe in the users context but with highest privileges."

 

Since the user task win7x64_user1_openvpn was present at logon, it get's executed and starts openvpn-gui.exe. So after the user logged in, he/she has the OpenVPN-GUI running in the system tray and is ready to establish connections without administrative privileges"

 

Clearly you did NOT read it???

 

 

Expand  

I did read it and tried, but it didn't work then, I think I missed a step or something. I tried again today and it does indeed work as expected, but there's still a minor issue (I really don't care about it, just mentioning): the tray icon is always green, even if the vpn gets disconnected. 

Anyway, thanks! This is a much better solution than the others that I found so far. :)

  • 5 months later...
  On 12/02/2016 at 09:47, BudMan said:

If you read the article I Linked too it gives them the gui so they can restart the connection.  Or the other guis in the article do not have to have admin rights and they can restart the connection.  They have a GUI!!

 

That is your whole point right - if the connection dies the users can't restart it... That is what I am showing you how to do - the article gives you the gui to see if the connection is up down, restart it, etc..  Same goes with the replacement guis that do not require admin.

 

"the app runs but there's no icon"

There is a icon!!! 

 

This automatically created task will put the user in the group "Network Configuration Operators" and then start OpenVPN GUI automatically at the next logon of this (non privileged) user (with highest privileges).

 

"win7x64_user1_openvpn will then execute openvpn-gui.exe in the users context but with highest privileges."

 

Since the user task win7x64_user1_openvpn was present at logon, it get's executed and starts openvpn-gui.exe. So after the user logged in, he/she has the OpenVPN-GUI running in the system tray and is ready to establish connections without administrative privileges"

 

Clearly you did NOT read it???

 

 

Expand  

thanks for the tip this might be just what im looking for, one question, in the article it mentions accessing a "hidden" menu. I fixed the value in the registry but I don’t know where to look for it, nothing has SEEMED to change. If you have any advice it would be much appreciated

 

- I'm running Windows 10 and am also having trouble with the system tray icon showing up

  On 20/07/2016 at 11:21, BudMan said:

I have not tested this with windows 10. 

Expand  

Thanks for fast reply. I have Win 7 computers as well and i wanted to see this. I changed the value but I am unsure where the extra menu pops up. i.e. do I right click the GUI or maybe the system tray icon? Thanks.

 

"If you are running as administrator, and just want a convenient way to control the OpenVPN Service, you can enable a hidden menu for this."

 

You enable this by setting the following registry value to "1":  HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN-GUI\allow_service

 

I changed the value but I am unsure where the extra menu pops up. i.e. do I right click the GUI or maybe the system tray icon? Thanks.

 

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • As such, about 30,000 government sector computers would be switching by 2027 or so. I have been there and done it though probably not with as many as 30,000 computers. i worked on a Bank of America conversion project and it was a mess, a complete mess. Computer system conversions are never as easy as they sound in the media or even the Corporate Boardroom or Government high-up offfices. One may ask, what MIcrosoft hardware and sofware the government of Denmark is using in addition to desktop computers and Office?. One thing for sure. We know that they aren't using Windows 10 Mobile.
    • WTF? I can't believe you are surprised it's not an option or it should be. 
    • Yes, if the PCs aren’t upgraded, they’ll lack features like TPM and remain vulnerable to driver and hardware-level exploits. That includes CPU flaws, RAM vulnerabilities, boot and BIOS attacks, and so on. Realistically, there should have been a steady programme of hardware refreshes rather than allowing systems to age well past their practical and secure lifespan. Are we seriously entertaining the idea of running Linux on machines that are over a decade old as a long-term solution instead of upgrading? Would you entrust your financial data or medical records to a box from the early 2000s, with Windows XP removed and Linux installed in its place? Performance degradation is not just an inconvenience. It affects productivity. Slow machines cost time, and time costs money. Security flaws do too. Hardware and software upgrades should be part of a rolling, responsible IT strategy. They should not be treated as an afterthought. This kind of complacency is precisely the issue we’ve seen before. Just look at how that played out in the UK. We readily replace construction tools such as drills, saws, and other equipment on a regular basis, and many of those cost more than a standard desktop PC. Yet when it comes to computers, we’re still stuck in the mindset of "if it isn’t broken, don’t fix it." Just because something powers on doesn’t mean it is fit for purpose. The horse and cart did the job at one point too, but that didn’t mean it was wise to stick with it when something better came along.
    • Freshly released Samsung Galaxy Tab S10 FE is already discounted by Fiza Ali The Samsung Galaxy Tab S10 FE is already available at a discount, just two months after its debut, so you may want to check it out. The device is powered by the Samsung Exynos 1580 processor and equipped with 12GB of RAM and 256GB of internal storage, which can be expanded by up to 1TB via microSD. It features a 10.9‑inch LCD display with a resolution of 2,304 x 1,440 pixels and a 90 Hz refresh rate. Photography and video calls are handled by a 13MP rear camera and a 12MP ultra‑wide front‑facing camera. The device further includes dual AKG‑tuned speakers for immersive audio. The Galaxy Tab S10 FE offers Sub‑6 5G, dual‑band Wi‑Fi 6 with Wi‑Fi Direct support, and Bluetooth 5.3 for low‑latency wireless connections. Moreover, it incorporates S Pen functionality with handwriting assist, a Circle to Search feature for instant Google look‑ups, and Math Solver for converting handwritten equations into editable text and step‑by‑step solutions. The tablet comes pre‑loaded with a suite of creative and productivity apps, including LumaFusion, GoodNotes, Clip Studio Paint, Noteshelf, Sketchbook and PicsArt. The Galaxy Tab S10 FE is water‑resistant, safeguarding against spills, splashes, and brief immersion, and includes a dedicated AI hot‑key on its keyboard for quick access to on‑device artificial intelligence tools. Finally, the tablet houses an 8,000 mAh lithium‑ion battery (29.95Wh) that is said to deliver up to 20 hours of continuous use and supports Super Fast Charging. Samsung Galaxy Tab S10 FE: $519.99 (Amazon US) 9% off This Amazon deal is US-specific and not available in other regions unless specified. If you don't like it or want to look at more options, check out the Amazon US deals page here. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. As an Amazon Associate, we earn from qualifying purchases.
    • Agree - and to that end, I’m not questioning a mods decision, as they didn’t perform an act of moderation on my posts - rather they seem to wish to keep creating drama where it doesn’t exist. However, point taken and will just use the Report functionality as you would any other user
  • Recent Achievements

    • Explorer
      Case_f went up a rank
      Explorer
    • Conversation Starter
      Jamie Smith earned a badge
      Conversation Starter
    • First Post
      NeoToad777 earned a badge
      First Post
    • Week One Done
      JoeV earned a badge
      Week One Done
    • One Month Later
      VAT Services in UAE earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      548
    2. 2
      ATLien_0
      241
    3. 3
      +Edouard
      160
    4. 4
      +FloatingFatMan
      147
    5. 5
      Michael Scrip
      112
  • Tell a friend

    Love Neowin? Tell a friend!