search

OpenVPN / openvpn-gui

OpenVPN GUI is a graphical frontend for OpenVPN running on Windows 7 / 8 / 10. It creates an icon in the notification area from which you can control OpenVPN to start/stop your VPN tunnels, view the log and do other useful things.
Other
1.43k stars 403 forks source link

[2.6_rc1] Upgrade OpenVPN 2.5.8 to 2.6_rc1 - persistent connections #574

Closed TinCanTech closed 1 year ago

TinCanTech commented 1 year ago

Observation only - This could be expected behavior. Windows 10 - Updated..

The GUI-Menu does not recognise currently running persistent connections after upgrading.

Here is a screenshot: ovpn-gui-persist

The connection dan-auto is fully operational.

selvanair commented 1 year ago

Can you try to exit and restart the GUI? It may be a timing issue soon after upgrade.

TinCanTech commented 1 year ago

Restarting the GUI gives me the same result.

Functioning (same) auto-start VPN is not detected.

Do I require a specific --management option ? (I have none)

selvanair commented 1 year ago

Do I require a specific --management option ? (I have none)

yes you do.. without that the GUI has no way of hoking into it. See: https://github.com/OpenVPN/openvpn-gui/blob/master/README.rst#persistent-or-pre-started-connections

selvanair commented 1 year ago

Title says of this issue says: [2.6_rc1] Upgrade OpenVPN 2.5.8 to 2.6_rc1 - persistent connections #574

If it was working in 2.5.8, should workwith 2.6_rc1 too. Requirements are the same.

TinCanTech commented 1 year ago

Do I require a specific --management option ? (I have none)

yes you do.. without that the GUI has no way of hoking into it. See: https://github.com/OpenVPN/openvpn-gui/blob/master/README.rst#persistent-or-pre-started-connections

Thanks. This solves the issue, along with restarting.

Sorry, I should have checked first.

TinCanTech commented 1 year ago

Title says of this issue says: [2.6_rc1] Upgrade OpenVPN 2.5.8 to 2.6_rc1 - persistent connections #574

If it was working in 2.5.8, should workwith 2.6_rc1 too. Requirements are the same.

This was not working with 2.5x either but I had confusion caused by the reconnect issue ..

Actually, a similar issue with wintun and persistent IPs, saved by Windows. (Ongoing-ish)

TinCanTech commented 1 year ago

Other than my own mistakes, the upgrade from 2.5 to 2.6_rc1 went very well.

TinCanTech commented 1 year ago

FYI UX: adding a --management option to a client config (especially windows), for functionality (NOT security requirements), feels challenging.

Can this not be automated by service ?

(Service auto could use a separate port range)

selvanair commented 1 year ago

Can this not be automated by service ?

If its added by the service on the command line the GUI wouldn't know what the host/port/password combination is --- the GUI wants this info somewhere it can read from. Also not every one may want this to be added. There are ways to get around that, but not in my TODO.

But I get the "challenge" part :) though I think its not that bad: There was a time when OpenVPN-MI-GUI was quite popular as it connected to pre-started daemons. Users who wanted the service to start OpenVPN.exe and have a GUI that could run as user preferred it. Recall pre 2.4 days when this GUI had to be run as admin. Having --management and --management-hold was a pre-requisite and that did not deter its usage. I'm hoping that it may not be that challenging for many of our users either. Especially so for those who are savvy enough to use the automatic service.

Anyway, the purpose of this feature is not to magically show up all connections started at boot in the GUI. Its targeted at users who want to change those configs for interactive use (like adding --auth-user-pass, --management-query-passwords, requiring MFA etc.). All of that require config edits. I personally know a few who had been pushing for this feature for long.

Those who were happily using the service with no need for interactive access won't miss or notice anything new.

Before anyone asks, PLAP is also meant for those who need to it, not to make every pre-started connection appear on the login screen. PLAP leverages on automatic service is just a design decision that simplifies the implementation.

TinCanTech commented 1 year ago

If its added by the service on the command line the GUI wouldn't know what the host/port/password combination is

The crux of the issue.

I feel like this can be solved.

Mad hatter idea: The service listens on a management port, eg: 23456 The service can publish all auto-started details because they were appended in a defined manner.

A predefined service port does present new issues.

selvanair commented 1 year ago

Here is how I use it: when want to keep always on connections not controllable by any user, I do not add --management option. When I want it to be user controllable I add the --management option. That's how it works even before this feature was added. Why change it?

A useful feature would be to add support for auto-selecting the management port by daemon and having a way of announcing it. Sometimes choosing a free port is a challenge.