OpenVPN client on Windows 7 - cannot add route from config script

windows-7 openvpn route

I am connecting from my Windows 7 laptop to an openvpn server and I am unable to automatically add a route. In my script I have the line:

route-up "route add 192.168.33.0 mask 255.255.255.0 10.0.33.1"

but after the connection is set-up there is an error message:

Sat Feb 06 20:30:07 2010 us=974000 openvpn_execve: CreateProcess route failed: Cannot find file specified.   (errno=2)
Sat Feb 06 20:30:07 2010 us=989000 Route script failed: external program did not execute -- returned error code -1

The openvpn.exe is run as administrator. Any ideas?


better use:

route 192.168.33.0 255.255.255.0 10.0.33.1

this way route will be added and deleted when you connect and disconnect the vpn


Ughh, finally found a solution (Windows-specific).

Put into OpenVPN client config the parameter:

script-security 2 system

The description from openvpn.net manual (https://community.openvpn.net/openvpn/wiki/Openvpn22ManPage) explains it:

--script-security level [method] This directive offers policy-level control over OpenVPN's usage of external programs and scripts. Lower level values are more restrictive, higher values are more permissive. Settings for level:

0 -- Strictly no calling of external programs.
1 -- (Default) Only call built-in executables such as ifconfig, ip, route, or netsh.
2 -- Allow calling of built-in executables and user-defined scripts.
3 -- Allow passwords to be passed to scripts via environmental variables
(potentially unsafe).

The method parameter indicates how OpenVPN should call external commands and scripts. Settings for method:

execve -- (default) Use execve() function on Unix family OSes and CreateProcess()
on Windows.
system -- Use system() function (deprecated and less safe since the external
program command line is subject to shell expansion).

The --script-security option was introduced in OpenVPN 2.1_rc9. For configuration file compatibility with previous OpenVPN versions, use: --script-security 3 system


You need to run your OpenVNP client with run as Administrator Command for it to work.

Related

Are there any tools to do change management with Active Directory / Group Policy?
SQL Server: Memory Usage High (7GB) + Page File Usage High (7GB) but CPU Usage (2% to10%) [duplicate]
Connect to WEP Wireless Network by command line on Ubuntu
Automatically run PowerShell script at first boot
Pushing IP routes to various VPN clients
Why does doing large deletes, copies, moves on my ZFS NAS block all other IOs?
How to match selinux rules/transitions/labels/etc to modules
How do I cleanly remove ruby 1.8.7 from CentOS 5?
Hazards of increasing network size by changing the netmask
how to forward wlan0 to eth0?
High load without explanation
Which OS/distributions have 64-bit kernel and 32-bit userspace? [closed]