On Wed, 21 Feb 2024 15:37:26 -0600, AllanH wrote:

> I appreciate your detailed reply.

Most people give one word answers.
That's because they don't care.
I do.

> I have a little experience with batch files, but not much experience with VPN Clients.

I guess I'm the opposite. So we can work well together.

The reason I choose the openvpn protocol is the client is well proven.
But notice that almost every openvpn site wants you to use THEIR client.

There's NEVER a reason to use their client.
They want to lock you into using their client.

Where some people are fooled into thinking that client is special.
It's not.

The client I suggest for _all_ openvpn configuration files is this one.
https://openvpn.net/community-downloads/
https://swupdate.openvpn.org/community/releases/OpenVPN-2.6.9-I001-amd64.msi
Name: OpenVPN-2.6.9-I001-amd64.msi
Size: 5369856 bytes (5244 KiB)
SHA256: 0B1DDA1AABA754467A6D7AC4E64E178E783AEC5E7FD717882CF5B296A40320AB

It works for EVERY config file you can find that uses the openvpn protocol.
https://www.freeopenvpn.org/
https://www.vpngate.net/en/
https://www.tunnelbear.com/
https://vanwa.tech/
https://protonvpn.com/

I just tried to find the protonvpn site for the config files, but notice
how extremely difficult they make it for you to _find_ the text configs.
They don't want you to know that's the ONLY thing you need from them!

Here they explain for Linux users how to use openvpn clients.
https://protonvpn.com/download-linux
Where they FINALLY (after ten minutes of searching) show you how to get
the text config files (which is all you ever need with openvpn protocols).
https://protonvpn.com/support/linux-openvpn/

Unfortunately you have to log into their web site to get their config
files which is ridiculous because the whole point is anonymity.
https://protonvpn.com/support/vpn-config-download/

Also vanwa took too long and tunnelbear seems to have the same problem
as does protonvpn which is two problems both of which are artificial.
1. They want you to use their client (but you don't need their client).
2. You have to create an account to get the text configuration files
which defeats the whole purpose of being anonymous while on VPN.

All you ever need, on any platform, is the text configuration file.
And the openvpn client for that platform.

That's it.
They're giving you garbage if they force you to do more than that.
> I tried the batch file with both of my Chromium-based browsers, with the same result.
> The user input would work if the browsers were open and would not if they were not open.
> I don't know what the problem would be.

We both agree something funny is going on that shouldn't be happening.
1. We both agree the browser shouldn't matter.
2. And we both agree the link URI shouldn't matter.
3. And we both agree that we shouldn't need the browser to be open.

What happened to me makes no sense, but the first time I tested it,
everything worked fine and even a few more times, but now it hangs.

WTF?
Makes no sense.

But as a result, I believe you.
What we need is for someone else to test it to see what happens to them
now that they're on the lookout for running it a few times in a row.

> Does the last line of your batch file that executes openvpn.exe display anything?
> Since it didn't for me, I didn't think it worked correctly.

In the very end, your original window dies and up pops in its place
another command window so there is only going to be one window at a time.

The last line of THAT openvpn log window will always say (let me check)
OK. The password hasn't changed (327112703) so let's move forward.

This is the last line of _any_ openvpn config file showing it worked.
2024-02-21 22:37:41 Initialization Sequence Completed

However, you could check with a curl if you want to make sure.
%comspec% /k curl ifconfig.me
%comspec% /k curl icanhazip.com

For gory detail, here is the ENTIRE second window (the first just dies).
024-02-21 22:37:29 DEPRECATED OPTION: --max-routes option ignored.The number of routes is unlimited as of OpenVPN 2.4. This option will be removed in a future version, please remove it from your configuration.
2024-02-21 22:37:29 OpenVPN 2.5.8 [git:none/0357ceb877687faa] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 2 2022
2024-02-21 22:37:29 Windows version 10.0 (Windows 10 or greater) 64bit
2024-02-21 22:37:29 library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10
2024-02-21 22:37:29 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-02-21 22:37:29 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-02-21 22:37:30 TCP/UDP: Preserving recently used remote address: [AF_INET]85.239.52.173:12352
2024-02-21 22:37:30 UDP link local: (not bound)
2024-02-21 22:37:30 UDP link remote: [AF_INET]85.239.52.173:12352
2024-02-21 22:37:30 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-02-21 22:37:30 VERIFY OK: depth=1, O=5fa2b89021f9231b1afdb036, CN=5fa2b89021f9231b1afdb043
2024-02-21 22:37:30 VERIFY KU OK
2024-02-21 22:37:30 Validating certificate extended key usage
2024-02-21 22:37:30 NOTE: --mute triggered...
2024-02-21 22:37:30 4 variation(s) on previous 3 message(s) suppressed by --mute
2024-02-21 22:37:30 [5fa2b89521f9231b1afdb050] Peer Connection Initiated with [AF_INET]85.239.52.173:12352
2024-02-21 22:37:36 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2024-02-21 22:37:36 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-02-21 22:37:36 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2024-02-21 22:37:36 NOTE: --mute triggered...
2024-02-21 22:37:36 1 variation(s) on previous 3 message(s) suppressed by --mute
2024-02-21 22:37:36 open_tun
2024-02-21 22:37:36 tap-windows6 device [Local Area Connection] opened
2024-02-21 22:37:36 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.235.0/192.168.235.239/255.255.255.0 [SUCCEEDED]
2024-02-21 22:37:36 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.235.239/255.255.255.0 on interface {8970EFE9-1460-429C-B94D-FD7EAC28BF7C} [DHCP-serv: 192.168.235.0, lease-time: 31536000]
2024-02-21 22:37:36 Successful ARP Flush on interface [16] {8970EFE9-1460-429C-B94D-FD7EAC28BF7C}
2024-02-21 22:37:36 IPv4 MTU set to 1500 on interface 16 using SetIpInterfaceEntry()
2024-02-21 22:37:41 Initialization Sequence Completed

Remember you MUST use the magic "F4" key to close that thing.
If you don't, nothing bad seems to happen, but over time,
your router table is all messed up until you reboot.

So just always close it with the magic "F4" key.

> One reason I may not continue with OpenVPN is it caused an issue
> with connecting to my Wi-Fi after a reboot.

I disagree. I can't imagine how openvpn matters at all.
Once you kill it properly, you're back to where you were.
I think you're not killing it properly.
If you don't kill openvpn properly, you can screw up your router table.
Ask me how I know this.

However, a reboot (in my experience) always cleans up the router table.
Although see below that I reboot without a gateway while others don't do that.

> It's not the type of software I would use very often.

Again, I do NOT think openvpn is the source of your network issues.
However, as I said, you MUST shut down openvpn windows properly.

In addition, with respect to networking, killswitches are de rigueur.

I have the killswitch set up for that which is from liquidvpn
which I modified for my use many years ago & it works perfectly.
<https://metager.org/meta/meta.ger3?eingabe=liquidvpn%20killswitch>

I have a shortcut on my taskbar that I tap to toggle the gateway.
a. If, for whatever reason, Windows boots
b. Windows boots to no gateway set
c. I tap the killswitch toggle shorcut, and I have a gateway

This is useful when I use torrents, for example, where the process is
a. I go on vpn and then I immediately toggle the gateway
b. This doesn't affect the VPN - nor the local 192.168 network
c. But it prevents anything from going out the router on a non-VPN IP

If, for example, the VPN drops (which happens)
d. The gateway is unset - so the Windows icon goes to offline

Instantly. There is zero delay. It's as perfect as is Mary Poppins.

To get back online, I simply do two things:
e. I kill the bittorrent client
f. I tap the stopsign killswitch toggle on my taskbar
g. Now I'm back online

This ensures that if the VPN drops, there will be no network
outside the local LAN. It seems hard to find the liquidVPN killswitch
(see search above) but there are plenty out there and I already
gave the basic code in another post in this thread.

BTW, in addition, I don't like that Windows update reboots my PC.
On the net.

So I set up Windows to reboot to no gateway at all.
Then I hit the killswitch toggle and only then it's on Wi-Fi.

The killswitch then serves multiple purposes.
The killswitch is also useful for when installing software.
As lots of software phones home.

That software can't phone home if I toggle the killswitch.
You may notice I gave you an offline Epic Browser URL too.
Otherwise you get a netstub which I never use if I can avoid them.

As for the killswitch toggle, it's set up as a Windows scheduled
task & it works absolutely wonderfully forever once you set it up.

I don't know how people live without a killswitch toggle.