Hi, On Wed, Oct 21, 2015 at 7:54 AM, Morris, Russell <rmor...@rkmorris.us> wrote:
> Hi, > > Lots of discussion on this - awesome to see! Perhaps a dumb question, but > I can see a few different ways to go on this, as I see comments about > services, applications, etc. ... so a couple thoughts, > - is the intention to run a service (like NSSM?) that keeps openvpn.exe > "alive" (restarting it as necessary), so it's always up and running? I > admit, I somewhat like this approach, one running application for each > config file. Then control it through the management interface. Or, > All said and done, I still think this is the best approach. This is also the current approach except that the service (non-NSSM) is "crappy" and the "official" GUI cant do much through MI if openvpn is started by the service. I'm saying this only based on the docs, may be the latest code is already capable of doing this with some coaxing. My current work-around is to use the MI-GUI and pray/hope for the service not to crash. I only run one server on 2008R2 and a few single user desktop clients with MI-GUI on Windows 7. This has worked well so far, but with few users. > - do folks prefer to have "control application" bring openvpn.exe up and > down? I have tried this, and it's a bit messy, but it is functional also. > Not sure how that works and what problems it would solve. For me the main needs are (i) a reliable way of daemonizing openvpn and keep it running on Windows (for servers and clients) and (ii) a way to run the GUI with user privileges. Both could be solved by NSSM + an improved GUI that speaks the MI. > > Thoughts? > > I do believe there may also be TAP related stability issues, but that may > be an artifact of openvpn.exe crashing - I guess the first step is to get > openvpn.exe stable? > I have seldom seen openvpn.exe crash -- its more like it just exits because of bad directives in a config file or a missing certificate/key etc. The problem is with the service -- a single bad config can stop it from loading others. It sometimes goes into a weird state which can be recovered only by a restart. It also lacks features like adding a new configs without affecting running instances. I hear it doesn't work on Windows 10, but I haven't tried. So, a stable service (or NSSM) and an improved GUI for desktop clients are needed. NSSM has many advantages in this regard as each instance is independent of the other (is n't it?). I am not that excited about the interactive service which lets openvpn.exe run as user but lets users push configs. And it cant handle non-interactive uses. In my view configs should be registered only with admin privilege, not arbitrarily pushed by any user -- this applies to desktops and servers. Only for day to day activities of starting and stopping a connection one wants to avoid the "run as admin" requirement.. Running only the GUI as user through the MI serves that purpose and looks a safer option than the interactive service. Thanks, Selva
