{"id":6522,"date":"2020-07-28T22:20:14","date_gmt":"2020-07-28T19:20:14","guid":{"rendered":"https:\/\/kifarunix.com\/?p=6522"},"modified":"2024-03-14T22:04:56","modified_gmt":"2024-03-14T19:04:56","slug":"configure-openvpn-to-prompt-for-credentials-on-logon-on-windows-systems","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/configure-openvpn-to-prompt-for-credentials-on-logon-on-windows-systems\/","title":{"rendered":"Configure OpenVPN to Prompt for Credentials on Logon on Windows Systems"},"content":{"rendered":"\n

Welcome to our tutorial on how to configure OpenVPN to prompt for credentials on logon on Windows systems.<\/p>\n\n\n\n

In most cases, you may want to configure OpenVPN to run automatically on system startup<\/a>. However, if you are using authentication based OpenVPN setup, it means that for this to work, you need to put your OpenVPN credentials on a file so that they can always be read while automatic connection is being initiated. But, in the cases that the password keeps changing after a specific duration of time, then you would better configure your OpenVPN such that, everytime you login to your system, you are prompted to enter your OpenVPN credentials.<\/p>\n\n\n\n

Configuring OpenVPN to Prompt for Credentials on Logon on Windows Systems<\/h2>\n\n\n\n

Note that this setup was tested on a Windows 7 ultimate system. The procedure, however, applies to other Windows systems including Windows 10.<\/p>\n\n\n\n

Also, note that, this setup utilizes, openvpn-gui.exe<\/code><\/strong> service rather than the openvpn.exe<\/strong><\/code> client command.<\/p>\n\n\n\n

Install OpenVPN Client on Windows<\/h3>\n\n\n\n

Navigate to OpenVPN Community Downloads page<\/a> and grab the OpenVPN installer for your system.<\/p>\n\n\n\n

Once the download is complete, double click the installer to launch the installation of OpenVPN client on your Windows system.<\/p>\n\n\n\n

The installation is as easy as clicking Next<\/strong>, Next<\/strong>.<\/p>\n\n\n\n

Choose your OpenVPN installation destination folder. In this setup, we set the installation folder to C:\\Program Files\\OpenVPN<\/code>.<\/p>\n\n\n\n

Once you have set your destination folder, click Install<\/strong> to proceed with installation.<\/p>\n\n\n\n

Install OpenVPN Client Configuration file<\/h3>\n\n\n\n

Once the OpenVPN client is installed, obtain the client configuration file, and place it in the same directory where the OpenVPN binary\/executable files resides, C:\\Program Files\\OpenVPN\\bin<\/strong><\/code>.<\/p>\n\n\n\n

Ensure that the client configuration file has the .ovpn<\/code><\/strong> extension.<\/p>\n\n\n\n

In my setup, my OpenVPN client configuration file is named kifarunix-demo-vpn.ovpn<\/code><\/strong>.<\/p>\n\n\n\n

For the purposes of demo, below are the contents of my OpenVPN client configuration file, kifarunix-demo-vpn.ovpn<\/code><\/strong>.<\/p>\n\n\n\n

client\ntls-client\npull\ndev tun\nproto udp4\nremote 192.168.58.5 1194\nresolv-retry infinite\nnobind\npersist-key\npersist-tun\nkey-direction 1\nremote-cert-tls server\nauth-nocache\ncomp-lzo\nverb 3\nauth SHA512\n<tls-auth>\n#\n# 2048 bit OpenVPN static key\n#\n-----BEGIN OpenVPN Static key V1-----\n...\n...\n-----END OpenVPN Static key V1-----\n<\/tls-auth>\n<ca>\n-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIURO2qNFJy57yCdVRJdfZui6MSzs8wDQYJKoZIhvcNAQEL\n...\n...\nDg==\n-----END CERTIFICATE-----\n<\/ca>\n<cert>\nCertificate:\n ...\n ...\n-----BEGIN CERTIFICATE-----\nMIIDZDCCAkygAwIBAgIRAOvU4d4QdDYDAOOvMX26OIUwDQYJKoZIhvcNAQELBQAw\n...\n...\nR0t3zU4iQUI=\n-----END CERTIFICATE-----\n<\/cert>\n<key>\n-----BEGIN PRIVATE KEY-----\nMIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQCjLpmys21XpOW+\n...\n...\n3taMnSk389XsOUF6eZgw\n-----END PRIVATE KEY-----\n<\/key><\/code><\/pre>\n\n\n\n
Create OpenVPN GUI Scheduler Task<\/h3>\n\n\n\n
To ensure that you are prompted to enter your OpenVPN connection credentials every time you login to your Windows system, you need to create a basic scheduler task.<\/p>\n\n\n\n
Launch Task Scheduler Wizard<\/h4>\n\n\n\n
To create a scheduler task for OpenVPN, open the Task Scheduler wizard by pressing the Windows<\/strong> logo key<\/strong> and type task scheduler<\/code><\/strong>.<\/p>\n\n\n\n
Click on Task Scheduler<\/strong> program to lauch it.<\/p>\n\n\n\n
You can as well launch the scheduler by pressing the Windows<\/strong> Key + R<\/strong><\/strong> and typing taskschd.msc<\/code><\/strong>.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Click Ok<\/strong> to launch the Task Scheduler program.<\/p>\n\n\n\n
If prompted on whether you want to allow the program to make changes, click Yes<\/strong> to accept.<\/p>\n\n\n\n
Create a Basic Task<\/h4>\n\n\n\n
To create a task that will launch the openvpn-gui<\/code><\/strong> program on logon, click Create Basic Task<\/strong> as highlighted in the screenshot below.<\/p>\n\n\n
\n
\"\"<\/figure><\/div>\n\n\n
This will launch a basic task wizard.<\/p>\n\n\n\n
Set the Name of the Task<\/h4>\n\n\n\n
Set a preferred name of the task and a description, if you like.<\/p>\n\n\n
\n
\"\"<\/figure><\/div>\n\n\n
Define Task Trigger<\/h4>\n\n\n\n
Set the task to be triggered on logon, by selecting When I log on<\/strong>.<\/p>\n\n\n
\n
\"\"<\/figure><\/div>\n\n\n
Define the Task Scheduler Action<\/h4>\n\n\n\n
Click Next to set the action that the task should perform on logon. In this case, we want it to launch an openvpn-gui.exe program and prompt user to enter OpenVPN authentication credentials, hence, select Start a program<\/strong>.<\/p>\n\n\n
\n
\"\"<\/figure><\/div>\n\n\n
Specify the Program to Launch<\/h4>\n\n\n\n
Click Next to specify the program to launch. In this case, we will need to launch the openvpn-gui.exe<\/code><\/strong> program and ask it to open our OpenVPN client configuration file, kifarunix-demo-vpn.ovpn<\/code><\/strong>.<\/p>\n\n\n\n
Specify the full path to the openvpn-gui.exe<\/code><\/strong>, which in our case is, C:\\Program Files\\OpenVPN\\bin\\openvpn-gui.exe<\/code><\/strong>.<\/p>\n\n\n\n
Note that our OpenVPN client configuration file, kifarunix-demo-vpn.ovpn<\/code><\/strong>, resides in the same directory as the openvpn-gui.exe<\/code><\/strong> program.<\/p>\n\n\n\n
Therefore, the arguments to pass to the program will be to tell it to connect to vpn using the client configuration file provided, --connect \"kifarunix-demo-vpn.ovpn\"<\/code><\/strong>.<\/p>\n\n\n\n
Note the double quotes enclosing the client configuration file<\/strong>.<\/p>\n\n\n
\n
\"\"<\/figure><\/div>\n\n\n
Scheduled Task Summary<\/h4>\n\n\n\n
Click Next to check the summary of the scheduled task. To open the Task properties dialog when you finish the setup, check the box specified.<\/p>\n\n\n
\n
\"\"<\/figure><\/div>\n\n\n
Click Finish<\/strong> to proceed.<\/p>\n\n\n\n
Define the Task Privileges<\/h4>\n\n\n\n
Usually, connection to vpn requires elevated privileges. Hence, enable the task to run with highest privileges.<\/p>\n\n\n
\n
\"\"<\/figure><\/div>\n\n\n
Define the Task Conditions<\/h4>\n\n\n\n
From the task properties dialog, click Conditions<\/strong> tab and uncheck\/check the highlighted conditions.<\/p>\n\n\n
\n
\"\"<\/figure><\/div>\n\n\n
Define the Task Settings<\/h4>\n\n\n
\n
\"\"<\/figure><\/div>\n\n\n
Click Ok<\/strong> on the task dialog once you are done with the setup.<\/p>\n\n\n\n
You should now be able to see your task under Task Scheduler Library<\/strong>.<\/p>\n\n\n\n
Verify the Task Scheduler OpenVPN GUI Launch<\/h4>\n\n\n\n
Before you can restart your machine to verify  that you scheduled task works as expected, run the task program and its arguments on Command Prompt (CMD);<\/p>\n\n\n\n
\"C:\\Program Files\\OpenVPN\\bin\\openvpn-gui.exe\" --connect \"kifarunix-demo-vpn.ovpn\"<\/code><\/pre>\n\n\n\n
This should launch OpenVPN gui and prompt for OpenVPN username and password.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Now, restart your machine to verify whether your program can be launched on logon.<\/p>\n\n\n\n
Upon logon, you should get the OpenVPN GUI prompt to enter your OpenVPN connection credentials.<\/p>\n\n\n
\n
\"\"<\/figure><\/div>\n\n\n
You can then verify that the task is running thereafter by navigating to Task Scheduler Library.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
You can as well verify the assigned IP address.<\/p>\n\n\n\n
Related Tutorials<\/h3>\n\n\n\n
Configure OpenVPN LDAP Based Authentication<\/a><\/p>\n\n\n\n
Configure IPSEC VPN using StrongSwan on Ubuntu 18.04<\/a><\/p>\n\n\n\n
Configure strongSwan VPN Client on Ubuntu 18.04\/CentOS 8<\/a><\/p>\n\n\n\n
Connect to VPN Automatically on Ubuntu 20.04\/18.04<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Welcome to our tutorial on how to configure OpenVPN to prompt for credentials on logon on Windows systems. In most cases, you may want to<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,282],"tags":[1846,1845,283,1847,1848,909],"class_list":["post-6522","post","type-post","status-publish","format-standard","hentry","category-howtos","category-openvpn","tag-auto-start-openvpn-on-windows-system","tag-autoconnect-to-openvpn-on-windows-systems","tag-openvpn","tag-openvpn-prompt-for-credentials-on-login","tag-openvpn-windows-system","tag-windows-system","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/6522"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=6522"}],"version-history":[{"count":8,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/6522\/revisions"}],"predecessor-version":[{"id":21441,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/6522\/revisions\/21441"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=6522"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=6522"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=6522"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}