A lot of quoting from openvpn sites

Code:

Running OpenVPN as a Windows Service

When OpenVPN runs as a service it will start a separate OpenVPN process for each configuration file it finds in the \Program Files\OpenVPN\config directory and will output a logfile of the same name to the \Program Files\OpenVPN\log directory.

When installed as a service, OpenVPN will default to manual start mode. You can go to the "Services" control panel in Control Panel -> Administrative Tools to start the service or to set it to Automatic Start mode.

A sample config file has been provided in \Program Files\OpenVPN\config\sample.ovpn.txt which can be adapted to your needs.
Service Notes:

    When you install OpenVPN as a service, you are actually installing openvpnserv.exe which is a service wrapper for OpenVPN, i.e. it reads the config file directory and starts up a separate OpenVPN process for each config file. openvpnserv.exe performs the same function under windows as the /etc/init.d/openvpn startup script does under linux.
    When you stop the OpenVPN service, it will send a terminate signal to all OpenVPN processes which were started by it.
    If the OpenVPN service wrapper (openvpnserv.exe) encounters fatal errors, it will write them to the windows event log, which can be viewed in Control Panel -> Administrative Tools -> Event Viewer -> Application Log.
    If the OpenVPN processes themselves encounter errors, they will write them to their respective log files in the log file directory.
    There is a one-to-one correspondence between an OpenVPN process, an OpenVPN config file, an OpenVPN log file, and a TAP-Win32 adapter which represents an endpoint of a VPN tunnel.
    OpenVPN tunnels are point-to-point in their simplest form, but can be made point-to-multi-point through the use of bridging or routing (see below).
    Multiple OpenVPN processes can run concurrently, each on a different TAP-Win32 adapter.
    openvpn.exe gets all configuration information from its config file, not from the registry.
    The openvpnserv.exe program (the service wrapper) gets several string parameters from the registry which can be modified by the user. If you change any of these parameters, you should be able to upgrade OpenVPN to a new version without the installer overwriting your changes:

    HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN

    config_dir
        configuration file directory to scan, defaults to "\Program Files\OpenVPN\config"
    config_ext
        file extension on configuration files, defaults to "ovpn"
    exe_path
        path to openvpn.exe, defaults to "\Program Files\OpenVPN\bin\openvpn.exe"
    log_dir
        log file directory, defaults to "\Program Files\OpenVPN\log"
    log_append
        if set to "1", multiple instantiations of an OpenVPN process will append onto the same log file, if set to "0" (default), each new instantiation will truncate the previous log file
    priority
        the windows priority class for each instantiated OpenVPN process, can be one of:
            "IDLE_PRIORITY_CLASS"
            "BELOW_NORMAL_PRIORITY_CLASS"
            "NORMAL_PRIORITY_CLASS" (default)
            "ABOVE_NORMAL_PRIORITY_CLASS"
            "HIGH_PRIORITY_CLASS"

I read that.

I know how to start it as a service.

When I start the service it does not connect.

I assume this is because it does not prompt for a un/pw when one is needed to connect

I would like to know if this information can be included in the config file.

Am I being unclear with my question?

That link had also info of run as service oportunity

Where did you see this?

After I completed the video and successfully login using the OpenVPN gui I tried to run it as a service.  It was a no go.  I believe its because I'm not entering the username and password.  As its running as a service its not prompting me for one.

Can the username and password information be included in the config file (the .ovpn file)?

I'm also interested. This is my next project.

When a client uses the gui to connect they are prompted to enter a username and password.  Can the config file be edited to supply this information automatically so that a user is not prompted for it.

I'd like t to run as a service.  Just start up and run.  No intervention by our "intelligent" users.

http://www.youtube.com/watch?v=odjviG-KDq8

There arent many guides for pfsense 2.0 let alone a video.

This video shows step by step how to setup Road Warrior VPN and authentication vs a local user database.  

Now that I've been turned onto the local user database I like this method much better.  Seems much easier to manage users.

One question.... I would like to elimiate the user login and start openvpn as a service.  Is this possible?

I have the VLAN setup on my cisco switch.  VLAN and interface added to pfsense.  Rule setup for allow traffic to and from the vlan to my main lan.  I can ping the pfsense vlan interface from my LAN

Question:  I'd like to access this vlan throug vpn as well.  I noticed when i left the offices yesterday I couldnt ping it.  Does it require a rule?  OVPN doesnt have an interface.

Any ideas?

When you say bridging do you mean clients that connect to your server get an ip address on the internal lan and not on their own subnet?

If this is the case... what happens to broadcasts?  do they make their way into the lan that you know?

Saw a few of them on the first two pages, but they dont exactly pertain to my problem.

After upgrading from an RC2 image this morning all seems well.  But I noticed country block was not working.  Thought I should reinstall the package.  When I try to access the package manager i get: Please wait while packages are reinstalled in the background.

Its been like this for hours. 

Is this possible...

Also if it is possible since the traffic is still going through the WAN would it block broadcasts from passing through.

I banned the previous user from my forum which deleted any information pertaining to the IP address.  However a new spammer registered and i ran an ARIN lookup on his IP address.  It comes from this CIDR block in Denmark: 91.0.0.0/8

Obviously its not in the list,  how do I add this block to my list manually?  Where are the files for the lists located?

Thanks in advance!

At this point I dont recall.   

Hi,

few more questions.

Is the IP address list updated automatically?

If not where are the files located for me to edit?

If I were to try to edit I noticed that countryipblocks.net format is x.x.x.x/sn. 

I ask because I had someone spam one of my forums I host.  Their IP was in the Ukraine, but was not on the list from that website.  I have the person's IP address but I dont think theres any way for me to tell the subnet.

Any insight?

hello,

quick question.... I know the country block will block outgoing connections to these countries because I accidentally choose "select all" once and pretty much blocked myself out of the US,

my question is will this block incoming connections as well?  I'm trying to cut down spam on some forums and blogs i host.  Will this work as most of the IP's i see are foreign.

One more thing.  Can this thing auto update its lists or would I have to setup a cron job to download, extract, and restart the service?

You are a life saver.  I was using the default.  Thanks for the link to those.