Difference between revisions of "OpenVPN"
(→Silent installer for OpenVPN.: add more direct link) |
|||
Line 29: | Line 29: | ||
[http://www.dualsoft.net/majstorije/?p=6 DriverSigning-On/Off tool] or direct link [http://www.boot-land.net/forums/index.php?act=attach&type=post&id=4073 DriverSigning.zip] (you have to register on forum). This tool removes the window that pops-up when unsigned driver installation is required. OpenVPN installs the TAP driver interface. | [http://www.dualsoft.net/majstorije/?p=6 DriverSigning-On/Off tool] or direct link [http://www.boot-land.net/forums/index.php?act=attach&type=post&id=4073 DriverSigning.zip] (you have to register on forum). This tool removes the window that pops-up when unsigned driver installation is required. OpenVPN installs the TAP driver interface. | ||
− | ''If you can't find it there, try: http://bit.ly/jlpBO9'' | + | ''If you can't find it there, try: http://bit.ly/jlpBO9 or [http://reboot.pro/topic/3095-how-to-circumvent-driver-signing-policy-elevation/?p=27510 here]'' |
− | + | ||
− | + | ||
==Alternative installation by SkyBeam== | ==Alternative installation by SkyBeam== |
Revision as of 16:40, 8 January 2013
Silent installer for OpenVPN.
- See WPKG over VPN, if you don't want WPKG to start when computer is using VPN.
<?xml version="1.0" encoding="UTF-8"?>
<packages>
<package
id="openvpn"
name="OpenVPN"
revision="211"
reboot="false"
priority="0">
<check type='uninstall' condition='exists' path='OpenVPN 2.1.1' />
<install cmd='"%SOFTWARE%\openvpn\DriverSigning.exe" -OFF' />
<install cmd='"%SOFTWARE%\openvpn\openvpn-2.1.1-install.exe" /S' />
<install cmd='"%SOFTWARE%\openvpn\DriverSigning.exe" -ON' />
<install cmd='%COMSPEC% /c copy "%SOFTWARE%\openvpn\config\*.*" "%PROGRAMFILES%\OpenVPN\config\"' />
<install cmd='sc config openvpnservice start=auto' />
<!--<install cmd='sc start openvpnservice' />-->
<remove cmd='%COMSPEC% /c del /q "%PROGRAMFILES%\OpenVPN\config\*.*"' />
<remove cmd='"%PROGRAMFILES%\OpenVPN\Uninstall.exe" /S' />
</package>
</packages>
DriverSigning-On/Off tool or direct link DriverSigning.zip (you have to register on forum). This tool removes the window that pops-up when unsigned driver installation is required. OpenVPN installs the TAP driver interface. If you can't find it there, try: http://bit.ly/jlpBO9 or here
Alternative installation by SkyBeam
I've got a slightly different approach installing OpenVPN. The main difference is that you don't need an additional tool to disable driver signing since the certificate which is used to sign the drivers is added to the certificate store in advance. This works for packages like VirtualBox as well in order to prevent Windows to warn you that the driver is signed by an untrusted publisher.
This approach also includes security settings to allow non-privileged users to start/stop the OpenVPN service. Feel free to alter default OpenVPN-GUI settings in unattended-post.cmd.
My directory contains the following files:
- install.cmd
- OpenVPN Certificate.cer
- openvpn-2.1.1-install.exe
- subinacl.exe
- unattended.cmd
- unattended-post.cmd
- unattended-pre.cmd
- unattended-uninstall.cmd
I am using the following, very simple package definition:
<?xml version="1.0" encoding="utf-8" ?>
<packages>
<package id='OpenVPN' name='OpenVPN' revision='211' priority='50' reboot='false' >
<!-- OpenVPN v.2.1.1 -->
<check type='uninstall' condition='exists' path='OpenVPN 2.1.1' />
<install cmd='"%SOFTWARE%\software.free\OpenVPN v.2.1.1\unattended.cmd" > NUL' />
<remove cmd='"%SOFTWARE%\software.free\OpenVPN v.2.1.1\unattended-uninstall.cmd" > NUL' />
<upgrade cmd='"%SOFTWARE%\software.free\OpenVPN v.2.1.1\unattended.cmd" > NUL' />
</package>
</packages>
The "subinacl.exe" tool is part of the Windows Resource Kit Tools collection and can be downloaded independently from the Microsoft Download Center.
The certificate "OpenVPN Certificate.cer" needs to be extracted from the archive once. To do this follow these steps:
- Install 7-Zip or any extractor capable of extracting NSIS installers
- Extract "openvpn-2.1.1-install.exe"
- Open (just double-click) "driver/tap0901.cat" from the extracted directory structure
- In the "Security Catalog" dialog appearing click on "View Signature" in "General" tab
- Click on "View Certificate" on the "General" tab
- Go to "Details" tab of the Certificate dialog popping up
- Click on "Copy to File..."
- Click "Next" selecting DER encoded binary X.509 (.CER)
- Enter "OpenVPN Certificate.cer" as the file name and store the file within your OpenVPN installer folder
Here's a listing of all other files required:
Listing of "unattended-pre.cmd":
@echo off
:: This script prepares the system to install OpenVPN
echo Importing OpenVPN certificate as trusted publisher
certutil -addstore "TrustedPublisher" "%INSTALLER_LOC%OpenVPN Certificate.cer" > NUL
As you can see it's just importing the certificate into the certificate store before the installation is run.
Listing of "unattended-post.cmd":
@echo off
:: Post-installation actions for OpenVPN
set ICON_PREFIX=OpenVPN
set KEY="hklm\system\controlset001\control\nls\language"
set G_USERS=Users
:: Detect language
:select
if "%LANG%" == "en" goto en
if "%LANG%" == "enu" goto en
if "%LANG%" == "de" goto de
if "%LANG%" == "deu" goto de
if "%LANG%" == "nl" goto nl
if "%LANG%" == "nld" goto nl
goto detect
:detect
for /f "Skip=1 Tokens=3*" %%i in ('reg QUERY %KEY% /v Installlanguage') do set language=%%i
if "%language%" == "0407" (
set LANG=de
goto select
)
if "%language%" == "0409" (
set LANG=en
goto select
)
if "%language%" == "0413" (
set LANG=nl
goto select
)
goto select
:en
set G_USERS=Users
goto continue
:de
set G_USERS=Benutzer
goto continue
:nl
set G_USERS=Gebruikers
goto continue
:continue
echo Removing desktop icon
del /F /Q "%USERPROFILE%\Desktop\%ICON_PREFIX%**"
echo Granting users the right to start the OpenVPN service
start /wait "Grant rights" "%~dp0subinacl.exe" /SERVICE "OpenVPNService" /GRANT=%G_USERS%=TO
echo Configure OpenVPN GUI
:: detect 64-bit edition and set correct registry path
set VPN_GUI_KEY=HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN-GUI
if not "%ProgramFiles(x86)%" == "" set VPN_GUI_KEY=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\OpenVPN-GUI
set PROGRAM_FILES=%ProgramFiles%
if not "%ProgramFiles(x86)%" == "" set PROGRAM_FILES=%ProgramFiles(x86)%
reg add "%VPN_GUI_KEY%" /v allow_service /t REG_SZ /d 1 /f > NUL
reg add "%VPN_GUI_KEY%" /v allow_password /t REG_SZ /d 0 /f > NUL
reg add "%VPN_GUI_KEY%" /v allow_edit /t REG_SZ /d 0 /f > NUL
reg add "%VPN_GUI_KEY%" /v allow_proxy /t REG_SZ /d 0 /f > NUL
reg add "%VPN_GUI_KEY%" /v service_only /t REG_SZ /d 1 /f > NUL
:: required standard settings
set VPN_HOME=%PROGRAM_FILES%\OpenVPN
reg add "%VPN_GUI_KEY%" /v config_dir /t REG_SZ /d "%VPN_HOME%\config" /f > NUL
reg add "%VPN_GUI_KEY%" /v config_ext /t REG_SZ /d "ovpn" /f > NUL
reg add "%VPN_GUI_KEY%" /v exe_path /t REG_SZ /d "%VPN_HOME%\bin\openvpn.exe" /f > NUL
reg add "%VPN_GUI_KEY%" /v log_dir /t REG_SZ /d "%VPN_HOME%\log" /f > NUL
reg add "%VPN_GUI_KEY%" /v log_append /t REG_SZ /d 0 /f > NUL
reg add "%VPN_GUI_KEY%" /v priority /t REG_SZ /d "NORMAL_PRIORITY_CLASS" /f > NUL
reg add "%VPN_GUI_KEY%" /v log_viewer /t REG_SZ /d "%SystemRoot%\notepad.exe" /f > NUL
reg add "%VPN_GUI_KEY%" /v editor /t REG_SZ /d "%SystemRoot%\notepad.exe" /f > NUL
reg add "%VPN_GUI_KEY%" /v show_balloon /t REG_SZ /d 1 /f > NUL
reg add "%VPN_GUI_KEY%" /v silent_connection /t REG_SZ /d 0 /f > NUL
reg add "%VPN_GUI_KEY%" /v show_script_window /t REG_SZ /d 1 /f > NUL
reg add "%VPN_GUI_KEY%" /v disconnect_on_suspend /t REG_SZ /d 1 /f > NUL
reg add "%VPN_GUI_KEY%" /v passphrase_attempts /t REG_SZ /d 3 /f > NUL
reg add "%VPN_GUI_KEY%" /v connectscript_timeout /t REG_SZ /d 5 /f > NUL
reg add "%VPN_GUI_KEY%" /v disconnectscript_timeout /t REG_SZ /d 10 /f > NUL
reg add "%VPN_GUI_KEY%" /v preconnectscript_timeout /t REG_SZ /d 10 /f > NUL
Feel free to customize the registry entries as needed. The script works for English and German version of Windows. Feel free to extend the language detection with your own languages as required. The purpose of the language detection is to detect the group name for "normal users" which should be granted the right to start/stop the service.
Listing of "unattended.cmd"
@echo off
:: This script is a generic unattended installer/uninstaller. It helps you to
:: run installer.cmd with the right command line arguments. In addition it
:: allows you to simply add *-preinstall.cmd *-postinstall.cmd scripts:
:: call trace:
:: - unattended.cmd | - unattended-uninstall.cmd
:: -> unattended-preinstall.cmd | -> unattended-uninstall.cmd
:: -> installing application | -> remove application
:: -> unattended-postinstall.cmd | -> unattended-uninstall-postinstall.cmd
:: Name of the application (just to print it on the command prompt
set PROGRAM_NAME=OpenVPN
:: 32-bit installer command (run on 32-bit Windows)
set CMD32=openvpn-2.1.1-install.exe
:: 64-bit installer command (run on 64-bit Windows)
:: set to %CMD32% to install the same package on 64-bit Windows
set CMD64=%CMD32%
:: Type of installer, select one supported by install.cmd
:: e.g. msiinstall, msiuninstall, nsis, innosetup...
set INSTALLER_TYPE=nsis
:: Additional options to be passed to installer.
set INSTALLER_OPTIONS=
:: Working directory for installer
set INSTALLER_WORKDIR=
:: install helper script name (needs to be within the same directory)
set INSTALLER=install.cmd
:: custom options to pass to the installer
set CUSTOM_OPTIONS=
:: ############################################################################
:: No need to change anything below this line (usually ;-))
:: ############################################################################
set INSTALLER_LOC=%~dp0
set CMDPATH=%~dpn0
if exist "%INSTALLER_LOC%prerun.cmd" (
call "%INSTALLER_LOC%prerun.cmd"
)
if exist "%CMDPATH%-pre.cmd" (
call "%CMDPATH%-pre.cmd"
)
:install
echo Installing %PROGRAM_NAME%
set PROGRAM_FILES=%ProgramFiles%
if not "%ProgramFiles(x86)%" == "" set PROGRAM_FILES=%ProgramFiles(x86)%
call "%INSTALLER_LOC%%INSTALLER%" %INSTALLER_TYPE% "%CMD32%" "%CMD64%" "%INSTALLER_WORKDIR%" "%INSTALLER_OPTIONS%"
set EXIT_CODE=%ERRORLEVEL%
if exist "%CMDPATH%-post.cmd" (
call "%CMDPATH%-post.cmd"
)
if exist "%INSTALLER_LOC%postrun.cmd" (
call "%INSTALLER_LOC%postrun.cmd"
)
:end
exit /B %EXIT_CODE%
This is just my default unattended script I am using for almost any program. It allows calling my generic install.cmd script while supporting extension points (in this case unattended-pre.cmd and unattended-post.cmd are used).
Listing of "unattended-uninstall.cmd"
@echo off
:: This script is an extended uninstaller script for programs which have tricky
:: uninstallers (e.g. VLC media player).
:: It is able to run an uninstaller application and then to monitor if the
:: uninstaller is erased from the system. Depending on the result (either
:: remove completes or timeout occurs) it exits with different ecit code:
:: code 0: all fine, program uninstalled
:: code 1: failed, uninstaller still exissts after timeout
:: This is required to evaluate the target of %ProgramFiles% on 64-bit systems
:: Please note that this is required only if you uninstall a 32-bit application.
set PROGRAM_FILES=%ProgramFiles%
if not "%ProgramFiles(x86)%" == "" set PROGRAM_FILES=%ProgramFiles(x86)%
:: Path where the uninstaller is located
set APP_DIR=%PROGRAM_FILES%\OpenVPN
:: Path to the uninstaller (see path definition above)
set UNINSTALLER=%APP_DIR%\Uninstall.exe
:: Options to be passed to the uninstaller in order to uninstall silently
set OPTIONS=/S
:: ############################################################################
:: No need to change anything below this line (usually ;-))
:: ############################################################################
echo Remove System privileges
start /wait "Revoke rights" "%~dp0subinacl.exe" /SERVICE "OpenVPNService" /REVOKE=Users
echo Removing Program
if not exist "%UNINSTALLER%" goto good_end
start /wait "Uninstall" "%UNINSTALLER%" %OPTIONS%
REM Unfortunately the uninstaller seems to fork a child process and the parent
REM process exits immediately. So give it some time to uninstall
for /L %%C IN (1,1,30) DO (
if not exist "%UNINSTALLER%" goto good_end
ping -n 2 127.0.0.1 > NUL
)
:bad_end
exit /B 1
:good_end
if exist "%APP_DIR%" rmdir /s /q "%APP_DIR%"
exit /B 0
This script is just part of my default collection of install/uninstall script. Since OpenVPN uninstaller forks its own process it does not wait until it's really uninstalled. The script waits for the uninstaller itself to disappear before terminating.
Last but not least a listing of my generic install.cmd script:
Listing of "install.cmd"
@echo off
REM Usage:
REM msiinstall.cmd <type> <32-bit-installer> <64-bit-installer> [installer-location [custom-options]]
REM where type is one of
REM msiinstall Install the given MSI package
REM msiuninstall Uninstall the given MSI package
REM install4j Install4J setup
REM innosetup Inno setup
REM installshield Install shield
REM nsis Nullsoft install system (NSIS)
REM custom Custom installer - options required in this case
REM 32-bit-installer Full file name (including extension) of 32-bit installer
REM 64-bit-installer Full file name (including extension) of 64-bit installer
REM installer-location Path where the installers are stored, if empty assumes directory where install.cmd is
REM custom-options Replace the default installer options with the ones given
:: Additional options to be passed to the installer
:: set CUSTOM_OPTIONS=
REM Global variables
set INSTALL_CMD=
set EXIT_CODE=0
REM Get command type
set TYPE=%~1
REM Get 32-bit installer name
set CMD32=%~2
REM Get 64-bit installer name
set CMD64=%~3
REM get file path
set INSTALLER_PATH=%~dp0
if not "%~4" == "" (
set INSTALLER_PATH=%~4
)
set OPTIONS=
if not "%~5" == "" goto readOptions
goto noOptions
:readOptions
set OPTIONS=%~5
:noOptions
REM Detect which system is used
if not "%ProgramFiles(x86)%" == "" goto 64bit
goto 32bit
REM ##########################################################################
REM 64-bit system detected
REM ##########################################################################
:64bit
REM Determine 64-bit installer to be used
echo 64-bit system detected.
REM set INSTALLER64=
if not "%CMD64%" == "" (
set INSTALLER64=%CMD64%
) else (
REM Use 32-bit installer if available, no 64-bit installer available.
if not "%CMD32%" == "" (
echo Using 32-bit installer, no 64-bit installer specified.
set INSTALLER64=%CMD32%
) else (
echo Neither 64-bit nor 32-bit installer specified. Exiting.
goto usage
)
)
REM Check if installer is valid
if exist "%INSTALLER_PATH%%INSTALLER64%" (
set INSTALL_CMD=%INSTALLER_PATH%%INSTALLER64%
) else (
echo Installer "%INSTALLER_PATH%%INSTALLER64%" cannot be found! Exiting.
exit /B 97
)
goto installerselection
REM ##########################################################################
REM 32-bit system detected
REM ##########################################################################
:32bit
REM Determine 32-bit installer to be used
echo 32-bit system detected.
set INSTALLER32=
if not "%CMD32%" == "" (
set INSTALLER32=%CMD32%
) else (
echo No 32-bit installer specified. Exiting.
exit /B 96
)
REM Check if installer is valid
if exist "%INSTALLER_PATH%%INSTALLER32%" (
set INSTALL_CMD=%INSTALLER_PATH%%INSTALLER32%
) else (
echo Installer "%INSTALLER_PATH%%INSTALLER32%" cannot be found! Exiting.
exit /B 95
)
goto installerselection
REM ##########################################################################
REM select installer system
REM ##########################################################################
:installerselection
if /i "%TYPE%" == "msiinstall" goto msiinstaller
if /i "%TYPE%" == "msiuninstall" goto msiuninstaller
if /i "%TYPE%" == "install4j" goto install4j
if /i "%TYPE%" == "innosetup" goto innoinstaller
if /i "%TYPE%" == "installshield" goto installshieldinstaller
if /i "%TYPE%" == "nsis" goto nsisinstaller
if /i "%TYPE%" == "custom" goto custominstaller
goto usage
:msiinstaller
echo Installing "%INSTALL_CMD%"
if "%OPTIONS%" == "" (
set OPTIONS=/qn /norestart
)
start /wait "Software installation" msiexec /i "%INSTALL_CMD%" %OPTIONS% %CUSTOM_OPTIONS%
set EXIT_CODE=%ERRORLEVEL%
goto end
:msiuninstaller
echo Uninstalling "%INSTALL_CMD%"
if "%OPTIONS%" == "" (
set OPTIONS=/qn /norestart
)
start /wait "Software uninstallation" msiexec /x "%INSTALL_CMD%" %OPTIONS% %CUSTOM_OPTIONS%
set EXIT_CODE=%ERRORLEVEL%
goto end
:install4j
echo Installing "%INSTALL_CMD%"
start /wait "Software installation" "%INSTALL_CMD%" -q %OPTIONS% %CUSTOM_OPTIONS%
set EXIT_CODE=%ERRORLEVEL%
goto end
:innoinstaller
echo Installing "%INSTALL_CMD%"
REM if "%OPTIONS%" == "" (
REM set OPTIONS=/verysilent /norestart /sp-
REM )
start /wait "Software installation" "%INSTALL_CMD%" /verysilent /norestart /sp- %OPTIONS% %CUSTOM_OPTIONS%
set EXIT_CODE=%ERRORLEVEL%
goto end
:installshieldinstaller
echo Installing "%INSTALL_CMD%"
start /wait "Software installation" "%INSTALL_CMD%" /s %OPTIONS% %CUSTOM_OPTIONS%
set EXIT_CODE=%ERRORLEVEL%
goto end
:nsisinstaller
echo Installing "%INSTALL_CMD%"
start /wait "Software installation" "%INSTALL_CMD%" /S %OPTIONS% %CUSTOM_OPTIONS%
set EXIT_CODE=%ERRORLEVEL%
goto end
:custominstaller
if "%OPTIONS%" == "" goto usage
echo Installing "%INSTALL_CMD%"
start /wait "Software installation" "%INSTALL_CMD%" %OPTIONS% %CUSTOM_OPTIONS%
set EXIT_CODE=%ERRORLEVEL%
goto end
:usage
echo Usage:
echo "%~nx0 <type> <32-bit-installer> <64-bit-installer> [installer-location [custom-options]]"
echo where type is one of
echo msiinstall Install the given MSI package
echo msiuninstall Uninstall the given MSI package
echo innosetup Inno setup
echo installshield Install shield
echo nsis Nullsoft install system (NSIS)
echo custom Custom installer - options required in this case
echo 32-bit-installer Full file name (including extension) of 32-bit installer
echo 64-bit-installer Full file name (including extension) of 64-bit installer
echo installer-location Path where the installers are stored
echo custom-options Replace the default installer options with the ones given
exit /B 99
:end
exit /B %EXIT_CODE%