Hello. Which day I struggle with this problem. I have an OpenVPN server under Linux. There is a domain. There are balls. I distributed flash drives to users on which OpenVPN Portable, it is not necessary to install it for convenience, but you need to run as administrator In the connection config:

script-security 3 system route-up "start.cmd" down "unmount.cmd"

That is, to run the script, you need to raise the user's rights. The script starts, network drives are mounted, but they are mounted by the administrator, and not by the user who initiated the connection.

Any idea how to fix this?

Update

It runs another script, since the mount does not work right away:

 start mount.cmd. mount.cmd: net use * /delete /yes net use * "\\172.16.0.1\Home$\" PASSWORD /user:"USERNAME" /persistent:yes
  • Can content start.cmd? - don Rumata

1 answer 1

I confirm the urgency of the problem. OpenVPN GUI for Windows in order to raise the interface and add routes requires elevation of rights, as a result, the disk mount script specified in the config is executed with administrator rights.

A distinct and tidy solution does not seem to exist.

Only came up with a crutch solution, through event logs.

  1. In the connection config, specify the path to the script:

     up 'c:\\Windows\\system32\\wscript.exe c:\\Program\ Files\\OpenVPN\\config\\up.vbs'

  2. In the up.vbs script up.vbs create an entry in the event log with an ID equal to 777 (you can choose any other ID at your discretion):

     Set WshShell = WScript.CreateObject("WScript.Shell") Command = "eventcreate /T Information /ID 777 /L Application /D " & Chr(34) & "VPN-соединение установлено." & Chr(34) WshShell.Run Command,0,false

    When OpenVPN is connected to the event log, an event from EventCreate with ID = 777 will be added to the EventCreate .

  3. In the task scheduler we create a task that is performed for a registered user, without elevation of rights.

    On the Триггеры tab, we indicate:

    • start of the task При событии
    • Application log
    • event code 777

    On the Действия tab, specify the path to the disk mount script.

It can be made easier. Of course, if you do not confuse flashing windows command line. To do this, you can use the OpenVPN GUI features to run scripts . Instead of pp 1-2 Put the xxxx_up.cmd file in the config folder (where хххх is the name of an OpenVPN connection) of approximately the same content:

  eventcreate /T Information /ID 777 /L Application /D "VPN-соединение установлено."

Then in the config do not need to refer to the script. When a connection is established, a black command window will appear for a split second, and the event will be added to the application log, after which the task scheduler will run and the disks will be mounted.

The method described above may be crooked, but it works quite well in production. At the time of the connection is not particularly affected. Users do not notice anything.

If you wish, you can create your own separate journal and write events in it, but this perfectionism is already beyond the scope of the problem.

Unmounting disks is done in the same way.

  • Unfortunately, the username is dynamic. That is, I cannot register this solution with everyone in the scheduler. - Sanches