OpenVPN MI GUI

Description

OpenVPN MI GUI is a Windows graphical user interface for the OpenVPN client management interface.

It is based on the OpenVPN GUI by Mathias Sundman (version 1.0.3 from August 2005) which is shipped with OpenVPN, but had large parts of the backend adapted by Boris Wesslowski from Inside Security GmbH, commissioned by Conergy AG.

OpenVPN versions 2.1.x, 2.2.x are supported. OpenVPN 2.3.x too, but not all new features are supported yet.

Purpose

The original OpenVPN GUI encounters the following problems especially in enterprise or high security environments:

The OpenVPN MI GUI talks to the management interfaces of OpenVPN instances started through the service wrapper and can overcome the above problems.

Differences

The major differences to the original GUI are:

Requirements

OpenVPN MI GUI will read but not modify your OpenVPN configuration file(s). The following configuration options are required:

management 127.0.0.1 <port_number>
management-hold
management-query-passwords
auth-retry interact

Where the <port_number> must be different for every configuration file so each instance of OpenVPN can be controlled through it's own port. You can for example start at 1194 and add 1 for every configuration file you add.

Additionally, using auth-nocache is recommended, or you may want to consider using management-forget-disconnect and management-signal.

Only the management option is actually required, if neither user authentication nor certificate passwords are in use you may omit the rest, including the management-hold option.

Like the original GUI the MI GUI can be configured on the command line or with global registry settings which must be initialized by an administrator.

Known issues

If OpenVPN configuration files are added, removed or changed while the MI GUI is running it may run into an inconsistent state. Since in such cases the OpenVPN service wrapper has to be restarted to activate the changes an additional restart of the MI GUI is usually not necessary.

When an OpenVPN instance exits the OpenVPN service wrapper will still be running and will not restart the missing instance. The OpenVPN MI GUI tries to avoid this, but cases remain where it can happen. The missing cancel button in the user authentication dialog is an example of a workaround of a case where OpenVPN would exit.

Using management-forget-disconnect with OpenVPN version 2.1.x will lead to problems due to a known bug in the included pkcs11-helper.

At system boot the MI GUI may be started before the OpenVPN service is running, this will trigger an error message.

The OpenVPN service may also be unavailable after the system was in standby or suspend mode. You may want to use the do_not_check_service option and NSSM to handle this case.

Screenshots

Minimal setup with 1 configuration and disabled configuration edit menu item on Windows XP:

Minimal setup

Setup with 10 configurations, change password feature and OpenVPN service control menu on Windows 7 (1 active connection):

Maximal setup

Status and user authentication windows on Windows 7:

Status and user authentication windows

Download

OpenVPN MI GUI consists of a single executable file.

There are two variants: With and without support for changing the password of PEM and PKCS12 certificates. The one with support should be installed in the bin directory of your OpenVPN installation. The other can run from anywhere.

The latest version is 20160308:

German localization:

Czech localization: 32-bit / 64-bit / chpw 32-bit / chpw 64-bit

Italian localization: 32-bit / 64-bit / chpw 32-bit / chpw 64-bit

OpenVPN MI GUI is open source software under the GNU General Public License (GPL).

You can contact the author at bw <at> inside <minus> security <dot> de.

Changelog

20160308

20140918

20130109

20120316

20110902

20110624

20110511

Copyright © 2011-2016 Boris Wesslowski, Inside Security GmbH