Hi, On Tue, Aug 18, 2020 at 3:21 PM Gert Doering <g...@greenie.muc.de> wrote:
> Hi, > > On Tue, Aug 18, 2020 at 12:09:11PM -0700, Marvin Adeff wrote: > > I???m sorry for the confusing response. > > > > Our systems do M2M monitoring and need to run OpenVPN even without a > user logged in. In previous versions we created a script run as a service > (as SYSTEM) that started OpenVPN (using certificates for authentication). > It also monitored tunnel status and restarted OpenVPN if necessary. We > never used the GUI. > > > > So we are watching how v2.5 develops to know how we will need to > implement the new version. We are also very interested in seeing what > speed improvements wintun will offer. > > > > I hope that is clearer. > > Thanks for the clarification. > > In that regard, 2.5 will bring no surprises - if you already have SYSTEM > privileges, and do not want/need a GUI, you can "just run OpenVPN" as > you did before. > > You can do this with your script, or with the "openvpnsrv2" service, > which basically runs openvpn on all config it finds in its config > directory at system startup. Not sure if these instances get restarted > at exit (last time I looked at this was before 2.4.0 release...). > > If you already have SYSTEM, accessing wintun from openvpn directly will > also work and should bring quite a bit of speed improvement. > I was wrong to assume that this just works. Looking at it again, the current implementation of wintun support does not seem to cover this. Meaning the only working approach is to use the interactive service. If developing a new service, I would suggest to have the service talk to the interactive service for starting openvpn. It will return you the PID of openvpn.exe which can be monitored. An advantage of this approach is that your service and openvpn.exe can run with limited privileges like LOCAL SERVICE or a dedicated openvpn service user. That said, I don't know anyone who has tested such a usage though it should work in theory. Selva
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
