I have been trying to come up with a way to interact with openvpn on windows.
I did fine the openvpn.exe but there are no commands that will use a config file to connect with a vpn server.
I am using nordvpn by the way. Specifically a tcp Canadian server.
I did find some people suggesting to use the openvpn-gui.exe to run the program but it defeats the purpose. I want t to completely be on command line.
Secondly, i need the command line to work as i want to integrate openvopn into a script which will download stuff from the internet.
Anyone with any idea how to do it?
For anyone looking into this in 2021, please find below a connect and a disconnect.
To connect
"C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --command connect yourconfigfile.ovpn
To disconnect
"C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --command disconnect yourconfigfile.ovpn
For windows users...
Both of these can be placed in a .bat file and automated with task scheduler, works like a charm.
Another CMD example:
"C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect config.ovpn
Replace 'config.ovpn' by your configuration file. You also may have another path to openvpn-gui.exe.
It will work if you have no openVPN correctly installed so you can't run openvpn-gui ... from cmd.
You can actually use the config file with openvpn.exe, but you must provide the full path to it unlike with openvpn-gui.exe:
openvpn.exe --config "path/to/config.ovpn"
So I figured out the answer to the problem.
To control openvpn from command-line on windows:
Set the Environment Variable so you can access the openvpn-gui.exe from command-line.
Type this command: openvpn-gui --connect [config file]. (You are going to need the config file so download it from your vpn provider)
If you don't want to type the password every time you run the script, edit the config file to read the username and password from a .txt file. Here's a link that can help you do that: https://help.vpntunnel.com/support/solutions/articles/5000613671-how-do-i-save-my-username-password-in-openvpn-for-automatic-login-
Instructions
Step 1. Go to the correct location for x64 systems:
cd "%ProgramFiles%\OpenVPN Connect"
Note: if you have the 32 bits program installed on a 64 bits OS, replace %ProgramFiles% with %ProgramFiles(x86)%.
Step 2. Install the system service:
ovpnconnector.exe install
Step 3. Specify connection profile to use (optional):
ovpnconnector.exe set-config profile <FULL_PATH_AND_FILENAME_TO_PROFILE.OVPN>
Note: if your OpenVPN Connect installation file was downloaded from Access Server or OpenVPN Cloud and came with a bundled autologin connection profile, then you can skip step 3. It will then simply default to the bundled connection profile. It can be found in the program location with the name "ovpnconnector.ovpn" - that is the bundled connection profile.
Step 4. Specify the path to a log file (optional):
ovpnconnector.exe set-config log <FULL_PATH_AND_FILENAME_TO_LOGFILE.LOG>
Note: if you skip step 4, the service will write to the default log file in the program location with the name “ovpnconnector.log”.
Step 5. Start the service:
ovpnconnector.exe start
The service will now start the VPN connection and log output to the log file.
Note: you will not receive feedback after starting the service if the connection succeeded or not. You can check the log file or use the ping command to verify that the connection is now up and running.
Important: OpenVPN Connect client should not be running, otherwise service startup will abort.
Related
I have a virtual machine that is supposed to be the host, which can receive and send data. The first picture is the error that I'm getting on my main machine (from which I'm trying to send data from). The second picture is the mosquitto log on my virtual machine. Also I'm using the default config, which as far as I know can't cause these problems, at least from what I have seen from other examples. I have very little understanding on how all of this works, so any help is appreciated.
What I have tried on the host machine:
Disabling Windows defender
Adding firewall rules for "mosquitto.exe"
Installing mosquitto on a linux machine
Starting with the release of Mosquitto version 2.0.0 (you are running v2.0.2) the default config will only bind to localhost as a move to a more secure default posture.
If you want to be able to access the broker from other machines you will need to explicitly edit the config files to either add a new listener that binds to the external IP address (or 0.0.0.0) or add a bind entry for the default listener.
By default it will also only allow anonymous connections (without username/password) from localhost, to allow anonymous from remote add:
allow_anonymous true
More details can be found in the 2.0 release notes here
You have to run with
mosquitto -c mosquitto.conf
mosquitto.conf, which exists in the folder same with execution file exists (C:\Program Files\mosquitto etc.), have to include following line.
listener 1883 ip_address_of_the_machine(192.168.1.1 etc.)
By default, the Mosquitto broker will only accept connections from clients on the local machine (the server hosting the broker).
Therefore, a custom configuration needs to be used with your instance of Mosquitto in order to accept connections from remote clients.
On your Windows machine, run a text editor as administrator and paste the following text:
listener 1883
allow_anonymous true
This creates a listener on port 1883 and allows anonymous connections. By default the number of connections is infinite. Save the file to "C:\Program Files\Mosquitto" using a file name with the ".conf" extension such as "your_conf_file.conf".
Open a terminal window and navigate to the mosquitto directory. Run the following command:
mosquitto -v -c your_conf_file.conf
where
-c : specify the broker config file.
-v : verbose mode - enable all logging types. This overrides
any logging options given in the config file.
I found I had to add, not only bind_address ip_address but also had to set allow_anonymous true before devices could connect successfully to MQTT. Of course I understand that a better option would be to set user and password on each device. But that's a next step after everything actually works in the minimum configuration.
For those who use mosquitto with homebrew on Mac.
Adding these two lines to /opt/homebrew/Cellar/mosquitto/2.0.15/etc/mosquitto/mosquitto.conf fixed my issue.
allow_anonymous true
listener 1883
you can run it with the included 'no-auth' config file like so:
mosquitto -c /mosquitto-no-auth.conf
I had the same problem while running it inside docker container (generated with docker-compose).
In docker-compose.yml file this is done with:
command: mosquitto -c /mosquitto-no-auth.conf
I've got some code which needs to grab code from github periodically (on a Windows machine).
When I do pulls manually, I use GitBash, and I've got ssh keys running for the repos I check so everything is fine. However when I try to run the same actions in a python subprocess I don't have the ssh services which GitBash provides and I'm unable to authenticate to the repo.
How should I proceed from here. I can think of a couple of different options:
I could revert to using https:// fetches. This is problematic because the repos I'm fetching use 2-factor authentication and are going to be running unattended. Is there a way to access an https repo that has 2fa from a command line?
I've tried calling sh.exe with arguments that will fire off ssh-agent and then issuing my commands so that everything is running more or less the way it does in gitBash, but that doesn't seem to work:
"C:\Program Files (x86)\Git\bin\sh.exe" -c "C:/Program\ Files\ \(x86\)/Git/bin/ssh-agent.exe; C:/Program\ Files\ \(x86\)/Git/bin/ssh.exe -t git#github.com"
produces
SSH_AUTH_SOCK=/tmp/ssh-SiVYsy3660/agent.3660; export SSH_AUTH_SOCK;
SSH_AGENT_PID=8292; export SSH_AGENT_PID;
echo Agent pid 8292;
Could not create directory '/.ssh'.
The authenticity of host 'github.com (192.30.252.129)' can't be established.
RSA key fingerprint is XXXXXXXXXXX
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/.ssh/known_hosts).
Permission denied (publickey).
Could I use an ssh module in python like paramiko to establish a connection? It looks to me like that's only for ssh'ing into a remote terminal. Is there a way to make it provide an ssh connection that git.exe can use?
So, I'd be grateful if anybody has done this before or has a better alternative
The git bash set the HOME environment variable, which allows git to find the ssh keys (in %HOME%/.ssh)
You need to make sure the python process has or define HOME to the same PATH.
As explained in "Python os.environ[“HOME”] works on idle but not in a script", you need to set HOME to %USERPROFILE% (or, in python, to os.path.expanduser("~") ).
I have the following situation.
I want to write python code in my Laptop that will take more than 24 hours to run.I am using UBUNTU 12.04 lts.
Is it possible so that I write python code in my laptop, automatically send it to some remote desktop, run there and send the output result to my laptop when done?
one way suggested to me is to use openssh.
But I want to do this in the following way----
Write and Debug Python Code in my laptop.(Solved)
email the code as attachment to ****#gmail.com(Solved)
Other python program in the desktop will automatically download and run the source code(Unsolved)
and email the output file back to my gmail id.(Solved)
what is the python code to download the attachment from the latest email from a specific gmail folder?
If your remote system is windows, a good option would be to use PsExec from SysInternals.
Ex. If your script is long_running.py a typical usage would be
PsExec \\remote-server -c long_running.py
If your remote system is *nix, and your local system is Windows, you can use ssh for remote execution via Plink (part of PuTTY).
plink remote-server#user -m long_running.py
Finally if both remote and local machine are *nix systems, you can simply use ssh
ssh remote-server#user 'bash -s' < long_running.py
Note This is just some possible options, but the idea is remote execution is possible either via ssh or a similar option (like PsExec) for Windows
If both systems are running *nix, you can easily do all your dev work and debugging locally, while still executing remotely:
One time set up:
Mount a folder from the remote box locally
On your laptop, save your project/script to that (now local) folder, or set the mounted folder as your project's save path in your IDE.
Publishing:
Do work
Click the save button
Executing:
SSH into the remote box and open a new screen
Navigate to the folder you'd previously mounted, and run your script.
You can then safely detach and close ssh if necessary (ctrl+a d), and re-attach later:
3a. screen -ls (to find the screen name)
3b. screen -x screen_name
The advantage of this solution is that if you've got an ongoing project requiring frequent edits/changes, you can do all your dev work/debugging locally, and the only work required to "publish" is clicking the save button, starting the screen, and running.
I am attempting to write a python script for linux to start openvpn and have been running into a problem getting openvpn to start using subprocess.
I am using the following to start openvpn:
openvpn_cmd = ['sudo', 'openvpn', '--config', 'client.cfg', '--auth-user-pass', 'hmaauth.conf']
prog = subprocess.Popen(openvpn_cmd)
But I get the following error back from OpenVPN:
Options error: --nobind doesn't make sense unless used with --remote
The config file is downloaded directly from the VPN service website prior to running the subprocess command, so I can't (and shouldn't have to) change anything in the configuration.
I've heard this can happen if you don't run with root privileges, but I'm already doing that...
Does anyone have any suggestions as to why I am getting this error?
I have a working shell script that starts openvpn using the following:
sudo openvpn --config client.cfg --auth-user-pass hmaauth.conf
Which should be exactly what I have in my python script.
Thanks in advance for your advice.
Ok, the problem here is that I'm dumb. I was downloading a config file that didn't have the remote server for the VPN specified, now I understand the 'no remote' error.
Now that I have that cleared up we're good to go.
I am trying to install and start a simple CherryPy server as a Windows service.
Here is the script: (Removed some lines to cut it short. It's fully working when executing manually from the command-line)
app = AdminMediaHandler(django.core.handlers.wsgi.WSGIHandler())
logged_app = TransLogger(app)
server = wsgiserver.CherryPyWSGIServer( ('127.0.0.1', 8632), logged_app, server_name='localhost', numthreads=20 )
try:
server.start()
except KeyboardInterrupt:
server.stop()
I'm using sc.exe to install and start the service. Installation goes fine, but I can't seem to start the service.
The command used is: (note there're spaces in the paths, though I'm handeling this with double-quotes, and the binPath is working when executing its string manually through the command-line)
> sc.exe create "ServiceName" binPath= "\"C:\Path to Python\python.exe\" \"C:\Path to CherryPy Script\cherryserver.py\""
> sc.exe start "ServiceName"
I keep getting this error, no matter if attempting to start the service using sc.exe or through services.msc GUI:
[SC] StartService FAILED 1053:
The service did not respond to the start or control request in a timely fashion.
From what I understand, this is happenning because python.exe doesn't implement the Windows Service API.
I do not wish to create an .exe from the script, using py2exe.
I have found this answer that suggests to install the service using different tools than sc.exe, called srvany.exe & instsrv.exe. However, I can't find them in the Win2K Resource Kit website.
Does anybody know how to install & start this .py as a Windows succesfully?
Does anybody know
CherryPy ships with a module for starting as a Windows service. See this other SO question for instructions on how to install and run it. You'll probably want to switch from your current approach (of passing the Django app directly to the WSGIServer) and use cherrypy.tree.graft instead.
I prefer nssm for installing normal scripts as a service.
You can copy the nssm.exe in the C:\Windows\system32 or C:\Windows\SysWOW64 directory depending on your system. After that you are able to install a Service as follow:
nssm install yourservicename
For a python script you must set the application path to your python.exe and the argument is your script self.
Other common commands for start/stop/edit your service are:
nssm start yourservicename
nssm stop yourservicename
nssm edit yourservicename
I eventually used ServiceInstaller aka SMaster, as stated in this answer. The URL in the given answer is broken, and I couldn't find a working URL. I just had srunner.exe available locally beforehand.
Note there was another obstacle to overcome though, as ServiceInstaller can't handle files with spaces in their paths.
So, I used the old DOS path formatting for service registration.
Instead of registering C:\Program Files\MyApp\python.exe, I registered C:\PROGRA~1\MyApp\python.exe.