OpenVPN client on Windows 7 - cannot add route from config script

I am connecting from my Windows 7 laptop to an openvpn server and I am unable to automatically add a route. In my script I have the line:

route-up "route add 192.168.33.0 mask 255.255.255.0 10.0.33.1"

but after the connection is set-up there is an error message:

Sat Feb 06 20:30:07 2010 us=974000 openvpn_execve: CreateProcess route failed: Cannot find file specified.   (errno=2)
Sat Feb 06 20:30:07 2010 us=989000 Route script failed: external program did not execute -- returned error code -1

The openvpn.exe is run as administrator. Any ideas?


better use:

route 192.168.33.0 255.255.255.0 10.0.33.1

this way route will be added and deleted when you connect and disconnect the vpn


Ughh, finally found a solution (Windows-specific).

Put into OpenVPN client config the parameter:

script-security 2 system

The description from openvpn.net manual (https://community.openvpn.net/openvpn/wiki/Openvpn22ManPage) explains it:

--script-security level [method] This directive offers policy-level control over OpenVPN's usage of external programs and scripts. Lower level values are more restrictive, higher values are more permissive. Settings for level:

0 -- Strictly no calling of external programs.
1 -- (Default) Only call built-in executables such as ifconfig, ip, route, or netsh.
2 -- Allow calling of built-in executables and user-defined scripts.
3 -- Allow passwords to be passed to scripts via environmental variables
(potentially unsafe).

The method parameter indicates how OpenVPN should call external commands and scripts. Settings for method:

execve -- (default) Use execve() function on Unix family OSes and CreateProcess()
on Windows.
system -- Use system() function (deprecated and less safe since the external
program command line is subject to shell expansion).

The --script-security option was introduced in OpenVPN 2.1_rc9. For configuration file compatibility with previous OpenVPN versions, use: --script-security 3 system


You need to run your OpenVNP client with run as Administrator Command for it to work.