OpenVPN
How do I exit a client in windows elegantly and securely?
I want to gracefully stop a client under Windows, is it possible? Also, is there an out-of-the-box command to detect if the machine has a tap-windows6 virtual NIC available?
Assuming you are referring to situations where OpenVPN client is started from a script (say, powershell) or a service, here are a few ways:
(i) openvpn.exe client responds to CTRL_C_EVENT and CTRL_BREAK_EVENT -- these are internally handled the same way as as a SIGTERM on POSIX systems. Attach to the console of the process and use GenerateConsoleCtrlEvent() to send the signal. In some cases it may a take few seconds for graceful exit, so wait on the process before killing the script.
(ii) On windows you can start openvpn.exe with --service exit-event-name [0|1] option. Here exit-event-name is the name of an a global event object that you create before starting the client process or you can let OpenVPN create it. Then trigger the event to stop the client. The optional argument (0 or 1) sets the initial state of the event.
Though this option is intended for OpenVPNService it is usable more generally.
(iii) If you start the client with the --management ... option, you can send SIGHUP, SIGTERM etc. via the management interface.
If running interactively from the command line there are number of keyboard shortcuts to restart, stop etc. These are displayed when the process is started.
Tap adapters can be listed using tapctl.exe list. See tapctl.exe help list for details. It is installed by default in C:\Program Files\OpenVPN\bin
Assuming you are referring to situations where OpenVPN client is started from a script (say, powershell) or a service, here are a few ways:
(i) openvpn.exe client responds to CTRL_C_EVENT and CTRL_BREAK_EVENT -- these are internally handled the same way as as a SIGTERM on POSIX systems. Attach to the console of the process and use
GenerateConsoleCtrlEvent()to send the signal. In some cases it may a take few seconds for graceful exit, so wait on the process before killing the script.(ii) On windows you can start openvpn.exe with
--service exit-event-name [0|1]option. Hereexit-event-nameis the name of an a global event object that you create before starting the client process or you can let OpenVPN create it. Then trigger the event to stop the client. The optional argument (0 or 1) sets the initial state of the event. Though this option is intended for OpenVPNService it is usable more generally.(iii) If you start the client with the
--management ...option, you can send SIGHUP, SIGTERM etc. via the management interface.If running interactively from the command line there are number of keyboard shortcuts to restart, stop etc. These are displayed when the process is started.
Tap adapters can be listed using
tapctl.exe list. Seetapctl.exe help listfor details. It is installed by default inC:\Program Files\OpenVPN\bin
Sorry, my comprehension may be a bit poor, and I don't know how to use it on the second point. I looked through the parameter document and didn't understand it, can you explain it more clearly or give an example? Thanks, in addition I'm using a different language to call openvpn
This issue tracker is for reporting bugs -- for help ask on users mailing list or openvpn forum. I responded assuming that probably docs are a bit lacking on what you asked. But if you do not have the technical know-how to follow what I wrote, just use OpenVPN-GUI as a front-end. This ticket may be closed now.