OpenVPN
From WPKG | Open Source Software Deployment and Distribution
[edit] Silent installer for OpenVPN.
- See WPKG over VPN, if you don't want WPKG to start when computer is using VPN.
<?xml version="1.0" encoding="UTF-8"?> <packages> <package id="openvpn" name="OpenVPN" revision="211" reboot="false" priority="0"> <check type='uninstall' condition='exists' path='OpenVPN 2.1.1' /> <install cmd='"%SOFTWARE%\openvpn\DriverSigning.exe" -OFF' /> <install cmd='"%SOFTWARE%\openvpn\openvpn-2.1.1-install.exe" /S' /> <install cmd='"%SOFTWARE%\openvpn\DriverSigning.exe" -ON' /> <install cmd='%COMSPEC% /c copy "%SOFTWARE%\openvpn\config\*.*" "%PROGRAMFILES%\OpenVPN\config\"' /> <install cmd='sc config openvpnservice start=auto' /> <!--<install cmd='sc start openvpnservice' />--> <remove cmd='%COMSPEC% /c del /q "%PROGRAMFILES%\OpenVPN\config\*.*"' /> <remove cmd='"%PROGRAMFILES%\OpenVPN\Uninstall.exe" /S' /> </package> </packages>
DriverSigning-On/Off tool or direct link DriverSigning.zip (you have to register on forum). This tool removes the window that pops-up when unsigned driver installation is required. OpenVPN installs the TAP driver interface. If you can't find it there, try: http://bit.ly/jlpBO9 or here
[edit] Alternative installation by SkyBeam
I've got a slightly different approach installing OpenVPN. The main difference is that you don't need an additional tool to disable driver signing since the certificate which is used to sign the drivers is added to the certificate store in advance. This works for packages like VirtualBox as well in order to prevent Windows to warn you that the driver is signed by an untrusted publisher.
This approach also includes security settings to allow non-privileged users to start/stop the OpenVPN service. Feel free to alter default OpenVPN-GUI settings in unattended-post.cmd.
My directory contains the following files:
- install.cmd
- OpenVPN Certificate.cer
- openvpn-2.1.1-install.exe
- subinacl.exe
- unattended.cmd
- unattended-post.cmd
- unattended-pre.cmd
- unattended-uninstall.cmd
I am using the following, very simple package definition:
<?xml version="1.0" encoding="utf-8" ?> <packages> <package id='OpenVPN' name='OpenVPN' revision='211' priority='50' reboot='false' > <!-- OpenVPN v.2.1.1 --> <check type='uninstall' condition='exists' path='OpenVPN 2.1.1' /> <install cmd='"%SOFTWARE%\software.free\OpenVPN v.2.1.1\unattended.cmd" > NUL' /> <remove cmd='"%SOFTWARE%\software.free\OpenVPN v.2.1.1\unattended-uninstall.cmd" > NUL' /> <upgrade cmd='"%SOFTWARE%\software.free\OpenVPN v.2.1.1\unattended.cmd" > NUL' /> </package> </packages>
The "subinacl.exe" tool is part of the Windows Resource Kit Tools collection and can be downloaded independently from the Microsoft Download Center.
The certificate "OpenVPN Certificate.cer" needs to be extracted from the archive once. To do this follow these steps:
- Install 7-Zip or any extractor capable of extracting NSIS installers
- Extract "openvpn-2.1.1-install.exe"
- Open (just double-click) "driver/tap0901.cat" from the extracted directory structure
- In the "Security Catalog" dialog appearing click on "View Signature" in "General" tab
- Click on "View Certificate" on the "General" tab
- Go to "Details" tab of the Certificate dialog popping up
- Click on "Copy to File..."
- Click "Next" selecting DER encoded binary X.509 (.CER)
- Enter "OpenVPN Certificate.cer" as the file name and store the file within your OpenVPN installer folder
Here's a listing of all other files required:
Listing of "unattended-pre.cmd":
@echo off :: This script prepares the system to install OpenVPN echo Importing OpenVPN certificate as trusted publisher certutil -addstore "TrustedPublisher" "%INSTALLER_LOC%OpenVPN Certificate.cer" > NUL
As you can see it's just importing the certificate into the certificate store before the installation is run.
Listing of "unattended-post.cmd":
@echo off :: Post-installation actions for OpenVPN set ICON_PREFIX=OpenVPN set KEY="hklm\system\controlset001\control\nls\language" set G_USERS=Users :: Detect language :select if "%LANG%" == "en" goto en if "%LANG%" == "enu" goto en if "%LANG%" == "de" goto de if "%LANG%" == "deu" goto de if "%LANG%" == "nl" goto nl if "%LANG%" == "nld" goto nl goto detect :detect for /f "Skip=1 Tokens=3*" %%i in ('reg QUERY %KEY% /v Installlanguage') do set language=%%i if "%language%" == "0407" ( set LANG=de goto select ) if "%language%" == "0409" ( set LANG=en goto select ) if "%language%" == "0413" ( set LANG=nl goto select ) goto select :en set G_USERS=Users goto continue :de set G_USERS=Benutzer goto continue :nl set G_USERS=Gebruikers goto continue :continue echo Removing desktop icon del /F /Q "%USERPROFILE%\Desktop\%ICON_PREFIX%**" echo Granting users the right to start the OpenVPN service start /wait "Grant rights" "%~dp0subinacl.exe" /SERVICE "OpenVPNService" /GRANT=%G_USERS%=TO echo Configure OpenVPN GUI :: detect 64-bit edition and set correct registry path set VPN_GUI_KEY=HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN-GUI if not "%ProgramFiles(x86)%" == "" set VPN_GUI_KEY=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\OpenVPN-GUI set PROGRAM_FILES=%ProgramFiles% if not "%ProgramFiles(x86)%" == "" set PROGRAM_FILES=%ProgramFiles(x86)% reg add "%VPN_GUI_KEY%" /v allow_service /t REG_SZ /d 1 /f > NUL reg add "%VPN_GUI_KEY%" /v allow_password /t REG_SZ /d 0 /f > NUL reg add "%VPN_GUI_KEY%" /v allow_edit /t REG_SZ /d 0 /f > NUL reg add "%VPN_GUI_KEY%" /v allow_proxy /t REG_SZ /d 0 /f > NUL reg add "%VPN_GUI_KEY%" /v service_only /t REG_SZ /d 1 /f > NUL :: required standard settings set VPN_HOME=%PROGRAM_FILES%\OpenVPN reg add "%VPN_GUI_KEY%" /v config_dir /t REG_SZ /d "%VPN_HOME%\config" /f > NUL reg add "%VPN_GUI_KEY%" /v config_ext /t REG_SZ /d "ovpn" /f > NUL reg add "%VPN_GUI_KEY%" /v exe_path /t REG_SZ /d "%VPN_HOME%\bin\openvpn.exe" /f > NUL reg add "%VPN_GUI_KEY%" /v log_dir /t REG_SZ /d "%VPN_HOME%\log" /f > NUL reg add "%VPN_GUI_KEY%" /v log_append /t REG_SZ /d 0 /f > NUL reg add "%VPN_GUI_KEY%" /v priority /t REG_SZ /d "NORMAL_PRIORITY_CLASS" /f > NUL reg add "%VPN_GUI_KEY%" /v log_viewer /t REG_SZ /d "%SystemRoot%\notepad.exe" /f > NUL reg add "%VPN_GUI_KEY%" /v editor /t REG_SZ /d "%SystemRoot%\notepad.exe" /f > NUL reg add "%VPN_GUI_KEY%" /v show_balloon /t REG_SZ /d 1 /f > NUL reg add "%VPN_GUI_KEY%" /v silent_connection /t REG_SZ /d 0 /f > NUL reg add "%VPN_GUI_KEY%" /v show_script_window /t REG_SZ /d 1 /f > NUL reg add "%VPN_GUI_KEY%" /v disconnect_on_suspend /t REG_SZ /d 1 /f > NUL reg add "%VPN_GUI_KEY%" /v passphrase_attempts /t REG_SZ /d 3 /f > NUL reg add "%VPN_GUI_KEY%" /v connectscript_timeout /t REG_SZ /d 5 /f > NUL reg add "%VPN_GUI_KEY%" /v disconnectscript_timeout /t REG_SZ /d 10 /f > NUL reg add "%VPN_GUI_KEY%" /v preconnectscript_timeout /t REG_SZ /d 10 /f > NUL
Feel free to customize the registry entries as needed. The script works for English and German version of Windows. Feel free to extend the language detection with your own languages as required. The purpose of the language detection is to detect the group name for "normal users" which should be granted the right to start/stop the service.
Listing of "unattended.cmd"
@echo off :: This script is a generic unattended installer/uninstaller. It helps you to :: run installer.cmd with the right command line arguments. In addition it :: allows you to simply add *-preinstall.cmd *-postinstall.cmd scripts: :: call trace: : : : : :: Name of the application (just to print it on the command prompt set PROGRAM_NAME=OpenVPN :: 32-bit installer command (run on 32-bit Windows) set CMD32=openvpn-2.1.1-install.exe :: 64-bit installer command (run on 64-bit Windows) :: set to %CMD32% to install the same package on 64-bit Windows set CMD64=%CMD32% :: Type of installer, select one supported by install.cmd :: e.g. msiinstall, msiuninstall, nsis, innosetup... set INSTALLER_TYPE=nsis :: Additional options to be passed to installer. set INSTALLER_OPTIONS= :: Working directory for installer set INSTALLER_WORKDIR= :: install helper script name (needs to be within the same directory) set INSTALLER=install.cmd :: custom options to pass to the installer set CUSTOM_OPTIONS= :: ############################################################################ :: No need to change anything below this line (usually ;-)) :: ############################################################################ set INSTALLER_LOC=%~dp0 set CMDPATH=%~dpn0 if exist "%INSTALLER_LOC%prerun.cmd" ( call "%INSTALLER_LOC%prerun.cmd" ) if exist "%CMDPATH%-pre.cmd" ( call "%CMDPATH%-pre.cmd" ) :install echo Installing %PROGRAM_NAME% set PROGRAM_FILES=%ProgramFiles% if not "%ProgramFiles(x86)%" == "" set PROGRAM_FILES=%ProgramFiles(x86)% call "%INSTALLER_LOC%%INSTALLER%" %INSTALLER_TYPE% "%CMD32%" "%CMD64%" "%INSTALLER_WORKDIR%" "%INSTALLER_OPTIONS%" set EXIT_CODE=%ERRORLEVEL% if exist "%CMDPATH%-post.cmd" ( call "%CMDPATH%-post.cmd" ) if exist "%INSTALLER_LOC%postrun.cmd" ( call "%INSTALLER_LOC%postrun.cmd" ) :end exit /B %EXIT_CODE%
This is just my default unattended script I am using for almost any program. It allows calling my generic install.cmd script while supporting extension points (in this case unattended-pre.cmd and unattended-post.cmd are used).
Listing of "unattended-uninstall.cmd"
@echo off :: This script is an extended uninstaller script for programs which have tricky :: uninstallers (e.g. VLC media player). :: It is able to run an uninstaller application and then to monitor if the :: uninstaller is erased from the system. Depending on the result (either :: remove completes or timeout occurs) it exits with different ecit code: :: code 0: all fine, program uninstalled :: code 1: failed, uninstaller still exissts after timeout :: This is required to evaluate the target of %ProgramFiles% on 64-bit systems :: Please note that this is required only if you uninstall a 32-bit application. set PROGRAM_FILES=%ProgramFiles% if not "%ProgramFiles(x86)%" == "" set PROGRAM_FILES=%ProgramFiles(x86)% :: Path where the uninstaller is located set APP_DIR=%PROGRAM_FILES%\OpenVPN :: Path to the uninstaller (see path definition above) set UNINSTALLER=%APP_DIR%\Uninstall.exe :: Options to be passed to the uninstaller in order to uninstall silently set OPTIONS=/S :: ############################################################################ :: No need to change anything below this line (usually ;-)) :: ############################################################################ echo Remove System privileges start /wait "Revoke rights" "%~dp0subinacl.exe" /SERVICE "OpenVPNService" /REVOKE=Users echo Removing Program if not exist "%UNINSTALLER%" goto good_end start /wait "Uninstall" "%UNINSTALLER%" %OPTIONS% REM Unfortunately the uninstaller seems to fork a child process and the parent REM process exits immediately. So give it some time to uninstall for /L %%C IN (1,1,30) DO ( if not exist "%UNINSTALLER%" goto good_end ping -n 2 127.0.0.1 > NUL ) :bad_end exit /B 1 :good_end if exist "%APP_DIR%" rmdir /s /q "%APP_DIR%" exit /B 0
This script is just part of my default collection of install/uninstall script. Since OpenVPN uninstaller forks its own process it does not wait until it's really uninstalled. The script waits for the uninstaller itself to disappear before terminating.
Last but not least a listing of my generic install.cmd script:
Listing of "install.cmd"
@echo off REM Usage: REM msiinstall.cmd <type> <32-bit-installer> <64-bit-installer> [installer-location [custom-options]] REM where type is one of REM msiinstall Install the given MSI package REM msiuninstall Uninstall the given MSI package REM install4j Install4J setup REM innosetup Inno setup REM installshield Install shield REM nsis Nullsoft install system (NSIS) REM custom Custom installer - options required in this case REM 32-bit-installer Full file name (including extension) of 32-bit installer REM 64-bit-installer Full file name (including extension) of 64-bit installer REM installer-location Path where the installers are stored, if empty assumes directory where install.cmd is REM custom-options Replace the default installer options with the ones given :: Additional options to be passed to the installer :: set CUSTOM_OPTIONS= REM Global variables set INSTALL_CMD= set EXIT_CODE=0 REM Get command type set TYPE=%~1 REM Get 32-bit installer name set CMD32=%~2 REM Get 64-bit installer name set CMD64=%~3 REM get file path set INSTALLER_PATH=%~dp0 if not "%~4" == "" ( set INSTALLER_PATH=%~4 ) set OPTIONS= if not "%~5" == "" goto readOptions goto noOptions :readOptions set OPTIONS=%~5 :noOptions REM Detect which system is used if not "%ProgramFiles(x86)%" == "" goto 64bit goto 32bit REM ########################################################################## REM 64-bit system detected REM ########################################################################## :64bit REM Determine 64-bit installer to be used echo 64-bit system detected. REM set INSTALLER64= if not "%CMD64%" == "" ( set INSTALLER64=%CMD64% ) else ( REM Use 32-bit installer if available, no 64-bit installer available. if not "%CMD32%" == "" ( echo Using 32-bit installer, no 64-bit installer specified. set INSTALLER64=%CMD32% ) else ( echo Neither 64-bit nor 32-bit installer specified. Exiting. goto usage ) ) REM Check if installer is valid if exist "%INSTALLER_PATH%%INSTALLER64%" ( set INSTALL_CMD=%INSTALLER_PATH%%INSTALLER64% ) else ( echo Installer "%INSTALLER_PATH%%INSTALLER64%" cannot be found! Exiting. exit /B 97 ) goto installerselection REM ########################################################################## REM 32-bit system detected REM ########################################################################## :32bit REM Determine 32-bit installer to be used echo 32-bit system detected. set INSTALLER32= if not "%CMD32%" == "" ( set INSTALLER32=%CMD32% ) else ( echo No 32-bit installer specified. Exiting. exit /B 96 ) REM Check if installer is valid if exist "%INSTALLER_PATH%%INSTALLER32%" ( set INSTALL_CMD=%INSTALLER_PATH%%INSTALLER32% ) else ( echo Installer "%INSTALLER_PATH%%INSTALLER32%" cannot be found! Exiting. exit /B 95 ) goto installerselection REM ########################################################################## REM select installer system REM ########################################################################## :installerselection if /i "%TYPE%" == "msiinstall" goto msiinstaller if /i "%TYPE%" == "msiuninstall" goto msiuninstaller if /i "%TYPE%" == "install4j" goto install4j if /i "%TYPE%" == "innosetup" goto innoinstaller if /i "%TYPE%" == "installshield" goto installshieldinstaller if /i "%TYPE%" == "nsis" goto nsisinstaller if /i "%TYPE%" == "custom" goto custominstaller goto usage :msiinstaller echo Installing "%INSTALL_CMD%" if "%OPTIONS%" == "" ( set OPTIONS=/qn /norestart ) start /wait "Software installation" msiexec /i "%INSTALL_CMD%" %OPTIONS% %CUSTOM_OPTIONS% set EXIT_CODE=%ERRORLEVEL% goto end :msiuninstaller echo Uninstalling "%INSTALL_CMD%" if "%OPTIONS%" == "" ( set OPTIONS=/qn /norestart ) start /wait "Software uninstallation" msiexec /x "%INSTALL_CMD%" %OPTIONS% %CUSTOM_OPTIONS% set EXIT_CODE=%ERRORLEVEL% goto end :install4j echo Installing "%INSTALL_CMD%" start /wait "Software installation" "%INSTALL_CMD%" -q %OPTIONS% %CUSTOM_OPTIONS% set EXIT_CODE=%ERRORLEVEL% goto end :innoinstaller echo Installing "%INSTALL_CMD%" REM if "%OPTIONS%" == "" ( REM set OPTIONS=/verysilent /norestart /sp- REM ) start /wait "Software installation" "%INSTALL_CMD%" /verysilent /norestart /sp- %OPTIONS% %CUSTOM_OPTIONS% set EXIT_CODE=%ERRORLEVEL% goto end :installshieldinstaller echo Installing "%INSTALL_CMD%" start /wait "Software installation" "%INSTALL_CMD%" /s %OPTIONS% %CUSTOM_OPTIONS% set EXIT_CODE=%ERRORLEVEL% goto end :nsisinstaller echo Installing "%INSTALL_CMD%" start /wait "Software installation" "%INSTALL_CMD%" /S %OPTIONS% %CUSTOM_OPTIONS% set EXIT_CODE=%ERRORLEVEL% goto end :custominstaller if "%OPTIONS%" == "" goto usage echo Installing "%INSTALL_CMD%" start /wait "Software installation" "%INSTALL_CMD%" %OPTIONS% %CUSTOM_OPTIONS% set EXIT_CODE=%ERRORLEVEL% goto end :usage echo Usage: echo "%~nx0 <type> <32-bit-installer> <64-bit-installer> [installer-location [custom-options]]" echo where type is one of echo msiinstall Install the given MSI package echo msiuninstall Uninstall the given MSI package echo innosetup Inno setup echo installshield Install shield echo nsis Nullsoft install system (NSIS) echo custom Custom installer - options required in this case echo 32-bit-installer Full file name (including extension) of 32-bit installer echo 64-bit-installer Full file name (including extension) of 64-bit installer echo installer-location Path where the installers are stored echo custom-options Replace the default installer options with the ones given exit /B 99 :end exit /B %EXIT_CODE%