OpenVPN GUI is a graphical frontend for OpenVPN running on Windows XP / Vista / 7 / 8. It creates an icon in the notification area from which you can control OpenVPN to start/stop your VPN tunnels, view the log and do other useful things.
Clone or download
selvanair Remove service-only checkbox from settings menu
- This checkbox is inactive and does nothing.

  The service-only  usage can be still activated using the command
  line option --service_only  or by editing the registry, but its
  not a recommended use case for GUI version 11.0 and above.

See also issue: #264

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Latest commit 8950974 Jun 11, 2018
Permalink
Failed to load latest commit information.
res Remove service-only checkbox from settings menu Jun 16, 2018
.appveyor.yml AppVeyor: use proper way to resolve project path Nov 19, 2017
.editorconfig Add EditorConfig file Aug 14, 2017
.gitignore File 'compile' now removed as well May 4, 2016
.kateconfig add .kateconfig Jun 29, 2010
.travis-build-openssl.sh travis-ci: add openssl-1.1.0 support Jan 18, 2018
.travis.yml travis-ci: switch to openssl-1.1.0 by default Apr 23, 2018
BUILD.rst Fix use of backticks Aug 16, 2017
CHANGES.rst Add information about versions 2-7 to CHANGES.rst Nov 24, 2015
COPYING import of openvpn-gui-1.0.3.zip Dec 18, 2008
COPYRIGHT.GPL import of openvpn-gui-1.0.3.zip Dec 18, 2008
Makefile.am add Chinese (Simplified) localization May 26, 2018
README.rst Update README Jan 24, 2018
access.c Close token handle in GetProcessTokenGroups() May 11, 2017
access.h Handle interactive service policy restrictions Mar 14, 2016
bootstrap use automake in build Mar 28, 2012
chartable.h convert files to unix style end-of-line Mar 28, 2012
configure.ac Update year in the "About" tab Apr 3, 2018
env_set.c Support for 'setenv name var' using echo Apr 23, 2018
env_set.h Support for 'setenv name var' using echo Apr 23, 2018
localization.c Fix truncation of usage message shown when --help is used Jan 31, 2017
localization.h Fix truncation of usage message shown when --help is used Jan 31, 2017
main.c Log --command option errors to the event log Apr 24, 2018
main.h Log --command option errors to the event log Apr 24, 2018
manage.c Subscribe to bytecount message from management interface Jan 30, 2018
manage.h Support sending commands to running instance Jan 20, 2018
misc.c Fix display of assigned IPs when IPv4 address is absent Jun 16, 2018
misc.h Fix detection of running instance Apr 24, 2018
openvpn-gui-res.h Remove service-only checkbox from settings menu Jun 16, 2018
openvpn.c Clear c->ip and c->ipv6 buffers before reset Jun 16, 2018
openvpn.h Support for 'setenv name var' using echo Apr 23, 2018
openvpn_config.c In '--connect profile-name' make the extension (.ovpn) optional Jan 20, 2018
openvpn_config.h refactor option handling code Apr 9, 2010
options.c Fix detection of running instance Apr 24, 2018
options.h Log --command option errors to the event log Apr 24, 2018
passphrase.c Simplify some parameters and registry keys Aug 6, 2016
passphrase.h Simplify some parameters and registry keys Aug 6, 2016
proxy.c change "%S" to "%ls" to silence mingw warning: Mar 25, 2017
proxy.h support SOCKS 5 proxy auth notifications from mgmt Jul 20, 2012
registry.c Set a fall back for editor if file association fails Apr 23, 2018
registry.h Make options saved in registry editable by user Aug 6, 2016
save_pass.c Save username and optionally passwords May 29, 2016
save_pass.h Save username and optionally passwords May 29, 2016
scripts.c Support for 'setenv name var' using echo Apr 23, 2018
scripts.h use managment interface Sep 10, 2010
service.c Close open service handles after use May 12, 2017
service.h Handle interactive service policy restrictions Mar 14, 2016
tray.c Fix display of assigned IPs when IPv4 address is absent Jun 16, 2018
tray.h Support sending commands to running instance Jan 20, 2018
viewlog.c Use file associations to open config and log Aug 6, 2016
viewlog.h convert files to unix style end-of-line Mar 28, 2012

README.rst

OpenVPN GUI

TravisCI status AppVeyor status

Installation Instructions for OpenVPN GUI for Windows

OpenVPN-GUI has been bundled with OpenVPN installers for a long time, so there is rarely a need to install it separately. Bleeding-edge versions of OpenVPN-GUI are available in OpenVPN snapshot installers based on Git master branch. OpenVPN-GUI gets installed by default in all OpenVPN installers.

Installation using the official OpenVPN installers

  • Download an OpenVPN installer
  • If you have a previous version of OpenVPN GUI running, shut it down. Make sure it's closed by ALL logged on users.
  • Run the OpenVPN installer

Manual installation of OpenVPN GUI

  • Download and install OpenVPN
  • Download OpenVPN GUI of your choice and save it in OpenVPN's bin folder. Default is C:\Program Files\OpenVPN\bin\. You must put it in this folder because OpenVPN GUI depends on the OpenSSL DLLs installed in this folder by OpenVPN.

Configuring OpenVPN GUI to start on Windows logon

OpenVPN GUI can be configured to start automatically on logon to Windows from its setting menu. This is default behavior for all users if OpenVPN GUI was installed by an OpenVPN 2.4 installer using default installer options.

Adding an OpenVPN configuration file

To launch a VPN connections using OpenVPN GUI you need to add an OpenVPN configuration file with .ovpn suffix. Any text editor (e.g. notepad.exe) can be used to create a OpenVPN configuration files. Note that log and log-append options are ignored as OpenVPN GUI redirects the normal output to a log file itself. There are sample config files in the sample-config folder. Please refer to the OpenVPN project homepage for more information regarding creating the configuration file.

Once the configuration file is ready, you need to let OpenVPN GUI know about it. There are three ways to do this:

  • Place the file into the system-wide location, usually C:\Program Files\OpenVPN\config\, or any of its immediate subdirectories. This VPN connection will be visible for all users of the system.
  • Place the file into C:\Users\username\OpenVPN\config\, or any of its immediate subdirectories. The configuration file is only visible for the user in question. If the user is not a member of the built-in "Administrators" group or "OpenVPN Administrators" group and tries to launch such a connection, OpenVPN GUI pops up a UAC, offering to create the latter group (if missing) and to add the user to it. This will only work if admin-level credentials are available.
  • Use the "Import file" function in OpenVPN GUI itself

Using OpenVPN GUI

When OpenVPN GUI is started your OpenVPN config folders (C:\Users\username\OpenVPN\config and C:\Program Files\OpenVPN\config) will be scanned for .ovpn files and the OpenVPN GUI icon will appear in the system tray. Each OpenVPN configuration file shows up as a separate menu item in the OpenVPN GUI tray, allowing you to selectively connect to and disconnect to your VPNs. The config dir will be re-scanned for new config files every time you open the OpenVPN GUI menu by right-clicking the icon.

When you choose to connect to a site OpenVPN GUI will launch openvpn with the specified config file. If you use a passphrase protected key you will be prompted for the passphrase.

If you want OpenVPN GUI to start a connection automatically when it's started, you can use the --connect cmd-line option. The extension of the config file may be optionally included. Example:

openvpn-gui --connect office.ovpn
OR
openvpn-gui --connect office

To get help with OpenVPN GUI please use one of the official OpenVPN support channels.

Running OpenVPN GUI as a Non-Admin user

OpenVPN 2.3.x and earlier bundle an OpenVPN GUI version (< 11) which has to be run as admin for two reasons

  • OpenVPN GUI registry keys are stored in system-wide location under HKEY_LOCAL_MACHINE, and they are generated when OpenVPN GUI was launched the first time
  • OpenVPN itself requires admin-level privileges to modify network settings

OpenVPN GUI 11 and later can make full use of the Interactive Service functionality in recent versions of OpenVPN. This changes a number of things:

  • OpenVPN GUI can store its settings in user-specific part of the registry under HKEY_CURRENT_USER
  • OpenVPN is able to delegate certain privileged operations, such as adding routes, to the Interactive service, removing the need to run OpenVPN with admin privileges. Note that for this to work the OpenVPNServiceInteractive system service has to be enabled and running.

Run Connect/Disconnect/Preconnect Scripts

There are three different scripts that OpenVPN GUI can execute to help with different tasks like mapping network drives.

Preconnect If a file named "xxx_pre.bat" exist in the config folder
where xxx is the same as your OpenVPN config file name, this will be executed BEFORE the OpenVPN tunnel is established.
Connect If a file named "xxx_up.bat" exist in the config folder
where xxx is the same as your OpenVPN config file name, this will be executed AFTER the OpenVPN tunnel is established.
Disconnect If a file named "xxx_down.bat" exist in the config folder
where xxx is the same as your OpenVPN config file name, this will be executed BEFORE the OpenVPN tunnel is closed.

Send Commands to a Running Instance of OpenVPN GUI

When an instance of the GUI is running, certain commands may be sent to it using the command line interface using the following syntax:

openvpn-gui.exe --command *cmd* [*args*]

Currently supported cmds are

connect config-name
Connect the configuration named config-name (excluding the extension .ovpn). If already connected, show the status window.
disconnect config-name
Disconnect the configuration named config-name if connected.
reconnect config-name
Disconnect and then reconnect the configuration named config-name if connected.
disconnect_all
Disconnect all active connections.
silent_connection 0 | 1
Set the silent connection flag on (1) or off (0)
exit
Disconnect all active connections and terminate the GUI process

If no running instance of the GUI is found, these commands do nothing except for --command connect config-name which gets interpreted as --connect config-name

Registry Values affecting the OpenVPN GUI operation

Parameters taken from the global registry values in HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN\ key

(Default)
The installation directory of openvpn (e.g., C:\Program Files\OpenVPN). This value must be present.
config_dir
The global configuration file directory. Defaults to C:\Program Files\OpenVPN\config
exe_path
path to openvpn.exe, defaults to C:\Program Files\OpenVPN\bin\openvpn.exe
priority

the windows priority class for each instantiated OpenVPN process, can be one of:

  • IDLE_PRIORITY_CLASS
  • BELOW_NORMAL_PRIORITY_CLASS
  • NORMAL_PRIORITY_CLASS (default)
  • ABOVE_NORMAL_PRIORITY_CLASS
  • HIGH_PRIORITY_CLASS
ovpn_admin_group
The windows group whose membership allows the user to start any configuration file in their profile (not just those installed by the administrator in the global config directory). Default: "OpenVPN Administrators".
disable_save_passwords
Set to a nonzero value to disable the password save feature. Default: 0

User Preferences

All other OpenVPN GUI registry values are located below the HKEY_CURRENT_USER\SOFTWARE\OpenVPN-GUI\ key. In a fresh installation none of these values are present and are not required for the operation of the program. These keys are only used for persisting user's preferences, and the key names and their values are subject to change.

The user is not expected to edit any of these values directly. Instead, edit all preferences using the settings menu.

config_dir
The user-specific configuration file directory: defaults to C:\Users\username\OpenVPN\config. The GUI parses this directory for configuration files before parsing the global config_dir.
config_ext
file extension on configuration files, defaults to ovpn
connectscript_timeout
Time in seconds to wait for the connect script to finish. If set to 0 the exitcode of the script is not checked.
disconnectscript_timeout
Time in seconds to wait for the disconnect script to finish. Must be a value between 1-99.
preconnectscript_timeout
Time in seconds to wait for the preconnect script to finish. Must be a value between 1-99.
log_dir
log file directory, defaults to C:\Users\username\OpenVPN\log
log_append
if set to "0", the log file will be truncated every time you start a connection. If set to "1", the log will be appended to the log file.
silent_connection
If set to "1", the status window with the OpenVPN log output will not be shown while connecting. Warnings such as interactive service not started or multiple config files with same name are also suppressed.
service_only
If set to "1", OpenVPN GUI's normal "Connect" and "Disconnect" actions are changed so they start/stop the OpenVPN service instead of launching openvpn.exe directly.
show_balloon

0: Never show any connected balloon

1: Show balloon after initial connection is established

2: Show balloon even after re-connects

All of these registry options are also available as cmd-line options. Use "openvpn-gui --help" for more info about cmd-line options.

Building OpenVPN GUI from source

See BUILD.rst for build instructions.