Skip to main content

OpenVPN Connect tutorials

Use OpenVPN Connect v3 on Windows in service daemon mode

Abstract

Set up an OpenVPN connection as a system service on Windows with service daemon mode for OpenVPN Connect.

On Windows, OpenVPN Connect 3.2 and newer includes a method to set up an OpenVPN connection as a system service. You can configure the connection to run right after system boot, even when nobody is logged on. A few possible use cases:

  1. A Windows Server with Remote Desktop Services, where the users need access to some VPN resources, and it's not practical or possible to have each user establish connections because of technical and organizational reasons.

  2. A Windows client system that is joined to a domain that needs access to a VPN network domain that is required for logon purposes, so the connection needs to be up and running before the user logs in.

  3. Connecting your Windows system as an unattended host system offering certain services and resources to your OpenVPN server or to CloudConnexa.

We designed this system service mode for system administrators. Once the connection is up, administrators and unprivileged users on the system can reach resources available through this VPN connection.

Before you begin

Ensure you have the following set up:

  1. OpenVPN Connect v3 of version v3.2 or higher.

  2. Administrator shell (PowerShell or cmd).

  3. An autologin-type connection profile (the service daemon has no interactive capabilities).

  4. Close the OpenVPN Connect v3 window before setting up the system service.

  5. Run all commands from the program location (as specified below).

  • x64: %ProgramFiles%\OpenVPN Connect\ovpnconnector.exe

  • x86: %ProgramFiles(x86)%>\OpenVPN Connect\ovpnconnector.exe

Following these steps to set up OpenVPN Connect to run in service daemon mode:

  1. Go to the correct location for your system (for our example, we use an x64 system):

    cd "%ProgramFiles%\OpenVPN Connect\"

    Tip

    Ensure you use the correct location for your system.

  2. Install the system service:

    ovpnconnector.exe install
  3. Specify the connection profile to use (optional):

    ovpnconnector.exe set-config profile <FULL_PATH_AND_FILENAME_TO_PROFILE.OVPN>

    Note

    If you downloaded your OpenVPN Connect installation file from Access Server or CloudConnexa and it came with a bundled autologin connection profile, you can skip step three. It will then simply default to the bundled connection profile. You can find it in the program location with the name "ovpnconnector.ovpn" — that's the bundled connection profile.

  4. Specify the path to a log file (optional):

    ovpnconnector.exe set-config log <FULL_PATH_AND_FILENAME_TO_LOGFILE.LOG>

    Note

    If you skip step four, the service writes to the default log file in the program location with the name, "ovpnconnector.log".

  5. Start the service:

    ovpnconnector.exe start
    • The service starts the VPN connection and logs output to the log file.

    Tip

    You don't receive any feedback about whether the connection succeeds or not after you start the service. You can check the log file or use the ping command to verify that the connection is up and running.

    Important

    OpenVPN Connect should not be running, otherwise service startup aborts.

If you've installed and configured the service correctly, it automatically establishes a VPN connection on system startup. In other words, the system service starts at every boot.

Apart from writing regular OpenVPN logs to the configured log file, the service also reports any critical errors to the system: Event Viewer → Windows Logs → Applications. (Event source: OVPNConnectorService).

You can check the service status in the Windows Services (services.msc) utility. You can stop, start, and restart the service there.

On the command line, this is also possible with ovpnconnector.exe:

ovpnconnector.exe stop/start/restart

Or using the Windows 'net' command-line tool:

net stop/start/restart ovpnconnector

Important

You can't use the OpenVPN Connect v3 graphical interface while the service is running.

An administrator must manage the service using the tools mentioned above. The service blocks the graphical interface from running to prevent users from interfering with the VPN connection.

When an admin stops the service, the OpenVPN Connect v3 graphical interface will become available again.

The service runs with the following OpenVPN settings:

  • Connection Timeout: "Continuously retry" (try to connect indefinitely).

  • Seamless Tunnel: Enabled (block VPN while VPN is paused or reconnecting).

You can configure other possible settings in the connection profile with standard OpenVPN directives.

If you need to undo a configuration setting for the OpenVPN connection profile path or the log file path to revert them to defaults, you can use these commands:

ovpnconnector.exe unset-config profile
ovpnconnector.exe unset-config log

Use the following commands to stop or remove the service.

Stop the service
ovpnconnector.exe stop

The service stops, and the active OpenVPN connection terminates. On the next reboot, the service starts and reconnects.

Remove the service
ovpnconnector.exe remove

The system stops and the active OpenVPN connection terminates. You've removed the service from the system.