OpenVPN GUI issue at startup

[TDT]

Hi guys. I got a quick question for anyone that has more experience with openvpn. I'm trying to have the damn thing run at startup and I used the "scheduled task" method to do it. It runs fine, but my problem is that there's no tray icon. Without it, if something is wrong with the network connection, there's no way to reconnect the vpn, unless the user ends the task/process and open the gui manually. And that is another problem, because the logged in user does not have admin privileges. 

 

I've set a delay of 2 minutes in the Triggers section of the task, to let everything else load first, but the tray icon still doesn't show. 

 

Is there anything else I can do?

 

Thank you!

[+John Teacake MVC]

Why are you trying to run it as a Scheduled Task? Presumably there would be no icon as its not running as the logged in user. 

[sc302 Veteran]

why not just put it in the startup folder instead of running it as a scheduled task?  This way when the user logs on it will run and it will be interactive with the user.   You can even do it in the all users section so that it applies to anyone who logs in, not just the individual user.

[+BudMan MVC]

do your users have admin rights?? 

 

If not is this the way you set it up?

https://community.openvpn.net/openvpn/wiki/Nonprivileged

 

This starts the gui for the user..

[TDT]

  On 11/02/2016 at 21:32, sc302 said:

why not just put it in the startup folder instead of running it as a scheduled task?  This way when the user logs on it will run and it will be interactive with the user.   You can even do it in the all users section so that it applies to anyone who logs in, not just the individual user.

Expand  

I already tried that, it does run BUT it asks for the admin password and I don't want that, since the user doesn't have the rights.

[TDT]

  On 11/02/2016 at 22:27, BudMan said:

do your users have admin rights?? 

 

If not is this the way you set it up?

https://community.openvpn.net/openvpn/wiki/Nonprivileged

 

This starts the gui for the user..

Expand  

As I said, the user doesn't have admin rights. I used the method here: https://help.my-private-network.co.uk/support/solutions/articles/8464-windows-openvpn-auto-start

[TDT]

  On 11/02/2016 at 21:20, John Teacake said:

Why are you trying to run it as a Scheduled Task? Presumably there would be no icon as its not running as the logged in user. 

Expand  

Because there's no other way other than the openvpn windows service set to automatic, but that method still doesn't show the tray icon...

[+BudMan MVC]

That method is missing quite a bit... Take a look at the article I posted..

 

Also you can give the vpn service start stop permissions to normal user...  Been a coons age since I have done anything like this but I know you can grant non users rights to start and stop service with
 subinacl, there use to be a way to change the gui via a reg key so that it started and stopped the service..

 

Google is your friend, found the old article

http://openvpn.se/files/howto/openvpn-howto_run_openvpn_as_nonadmin.html

 

That goes over the way to change the service and the reg keys... Have not had to do this in years.. But might still work, if I get a chance latter I will test it..  Also int he article I linked to it links to 2 other gui options that can be used without admin rights.  Maybe either of those would suit your needs??  So you don't have to use the scheduled task method at all.

[TDT]

  On 11/02/2016 at 22:50, BudMan said:

That method is missing quite a bit... Take a look at the article I posted..

 

Also you can give the vpn service start stop permissions to normal user...  Been a coons age since I have done anything like this but I know you can grant non users rights to start and stop service with
 subinacl, there use to be a way to change the gui via a reg key so that it started and stopped the service..

 

Google is your friend, found the old article

http://openvpn.se/files/howto/openvpn-howto_run_openvpn_as_nonadmin.html

 

That goes over the way to change the service and the reg keys... Have not had to do this in years.. But might still work, if I get a chance latter I will test it..  Also int he article I linked to it links to 2 other gui options that can be used without admin rights.  Maybe either of those would suit your needs??  So you don't have to use the scheduled task method at all.

Expand  

I think you're missing the point (but please correct me if I'm wrong). The issue is NOT that a normal user cannot run openvpn, it's the tray icon that's missing. The connection runs fine as a scheduled task, with admin rights (the .exe is in the processes list in task manager), but my concern is that if the internet connection drops the vpn will not reconnect automatically. So the user needs to have a manual way of reconnecting, via the tray icon, since re-opening the main exe file requires admin password.

 

That script + scheduled task method you posted basically does the same thing, the app runs but there's no icon. Maybe I should add an explorer restart, so that the tray icon gets registered properly?

[+BudMan MVC]

If you read the article I Linked too it gives them the gui so they can restart the connection.  Or the other guis in the article do not have to have admin rights and they can restart the connection.  They have a GUI!!

 

That is your whole point right - if the connection dies the users can't restart it... That is what I am showing you how to do - the article gives you the gui to see if the connection is up down, restart it, etc..  Same goes with the replacement guis that do not require admin.

 

"the app runs but there's no icon"

There is a icon!!! 

 

This automatically created task will put the user in the group "Network Configuration Operators" and then start OpenVPN GUI automatically at the next logon of this (non privileged) user (with highest privileges).

 

"win7x64_user1_openvpn will then execute openvpn-gui.exe in the users context but with highest privileges."

 

Since the user task win7x64_user1_openvpn was present at logon, it get's executed and starts openvpn-gui.exe. So after the user logged in, he/she has the OpenVPN-GUI running in the system tray and is ready to establish connections without administrative privileges"

 

Clearly you did NOT read it???

 

 

[sc302 Veteran]

  On 11/02/2016 at 22:31, TDT said:

I already tried that, it does run BUT it asks for the admin password and I don't want that, since the user doesn't have the rights.

Expand  

then use proc mon to find out what is being called and give the user admin rights over those areas either in the registry or the file location.  If the file location is in program files move the folder or install it to the root of c or a folder outside of one of the restricted folders (windows, program files, or programdata).  This is how I have made programs that normally need admin access accessible to end users without admin access.  I could remote in with teamviewer and help you with a test box if you would like me to show you what to do...I will probably need a break at some point today while watching airwatch videos (blech). 

 

https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx

 

[TDT]

  On 12/02/2016 at 09:47, BudMan said:

If you read the article I Linked too it gives them the gui so they can restart the connection.  Or the other guis in the article do not have to have admin rights and they can restart the connection.  They have a GUI!!

 

That is your whole point right - if the connection dies the users can't restart it... That is what I am showing you how to do - the article gives you the gui to see if the connection is up down, restart it, etc..  Same goes with the replacement guis that do not require admin.

 

"the app runs but there's no icon"

There is a icon!!! 

 

This automatically created task will put the user in the group "Network Configuration Operators" and then start OpenVPN GUI automatically at the next logon of this (non privileged) user (with highest privileges).

 

"win7x64_user1_openvpn will then execute openvpn-gui.exe in the users context but with highest privileges."

 

Since the user task win7x64_user1_openvpn was present at logon, it get's executed and starts openvpn-gui.exe. So after the user logged in, he/she has the OpenVPN-GUI running in the system tray and is ready to establish connections without administrative privileges"

 

Clearly you did NOT read it???

 

 

Expand  

I did read it and tried, but it didn't work then, I think I missed a step or something. I tried again today and it does indeed work as expected, but there's still a minor issue (I really don't care about it, just mentioning): the tray icon is always green, even if the vpn gets disconnected. 

Anyway, thanks! This is a much better solution than the others that I found so far.

[+BudMan MVC]

that is odd.. So your status shows it disconnected but icon doesn't change... Will have to test that.

[mediumwhite]

  On 12/02/2016 at 09:47, BudMan said:

If you read the article I Linked too it gives them the gui so they can restart the connection.  Or the other guis in the article do not have to have admin rights and they can restart the connection.  They have a GUI!!

 

That is your whole point right - if the connection dies the users can't restart it... That is what I am showing you how to do - the article gives you the gui to see if the connection is up down, restart it, etc..  Same goes with the replacement guis that do not require admin.

 

"the app runs but there's no icon"

There is a icon!!! 

 

This automatically created task will put the user in the group "Network Configuration Operators" and then start OpenVPN GUI automatically at the next logon of this (non privileged) user (with highest privileges).

 

"win7x64_user1_openvpn will then execute openvpn-gui.exe in the users context but with highest privileges."

 

Since the user task win7x64_user1_openvpn was present at logon, it get's executed and starts openvpn-gui.exe. So after the user logged in, he/she has the OpenVPN-GUI running in the system tray and is ready to establish connections without administrative privileges"

 

Clearly you did NOT read it???

 

 

Expand  

thanks for the tip this might be just what im looking for, one question, in the article it mentions accessing a "hidden" menu. I fixed the value in the registry but I don’t know where to look for it, nothing has SEEMED to change. If you have any advice it would be much appreciated

 

- I'm running Windows 10 and am also having trouble with the system tray icon showing up

[+BudMan MVC]

I have not tested this with windows 10. 

[mediumwhite]

  On 20/07/2016 at 11:21, BudMan said:

I have not tested this with windows 10. 

Expand  

Thanks for fast reply. I have Win 7 computers as well and i wanted to see this. I changed the value but I am unsure where the extra menu pops up. i.e. do I right click the GUI or maybe the system tray icon? Thanks.

 

"If you are running as administrator, and just want a convenient way to control the OpenVPN Service, you can enable a hidden menu for this."

 

You enable this by setting the following registry value to "1":  HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN-GUI\allow_service

 

I changed the value but I am unsure where the extra menu pops up. i.e. do I right click the GUI or maybe the system tray icon? Thanks.