OpenVPN client on Windows 7 - cannot add route from config script
I am connecting from my Windows 7 laptop to an openvpn server and I am unable to automatically add a route. In my script I have the line:
route-up "route add 192.168.33.0 mask 255.255.255.0 10.0.33.1"
but after the connection is set-up there is an error message:
Sat Feb 06 20:30:07 2010 us=974000 openvpn_execve: CreateProcess route failed: Cannot find file specified. (errno=2)
Sat Feb 06 20:30:07 2010 us=989000 Route script failed: external program did not execute -- returned error code -1
The openvpn.exe is run as administrator. Any ideas?
better use:
route 192.168.33.0 255.255.255.0 10.0.33.1
this way route will be added and deleted when you connect and disconnect the vpn
Ughh, finally found a solution (Windows-specific).
Put into OpenVPN client config the parameter:
script-security 2 system
The description from openvpn.net manual (https://community.openvpn.net/openvpn/wiki/Openvpn22ManPage) explains it:
--script-security level [method] This directive offers policy-level control over OpenVPN's usage of external programs and scripts. Lower level values are more restrictive, higher values are more permissive. Settings for level:
0 -- Strictly no calling of external programs. 1 -- (Default) Only call built-in executables such as ifconfig, ip, route, or netsh. 2 -- Allow calling of built-in executables and user-defined scripts. 3 -- Allow passwords to be passed to scripts via environmental variables (potentially unsafe).
The method parameter indicates how OpenVPN should call external commands and scripts. Settings for method:
execve -- (default) Use execve() function on Unix family OSes and CreateProcess() on Windows. system -- Use system() function (deprecated and less safe since the external program command line is subject to shell expansion).
The --script-security option was introduced in OpenVPN 2.1_rc9. For configuration file compatibility with previous OpenVPN versions, use:
--script-security 3 system
You need to run your OpenVNP client with run as Administrator Command for it to work.