Here is a useful freeopenvpn batch script which skip UAC & which works for everyone (I think)

[Bill Powell]

A few times a day I use the script below to connect to a free VPN named
https://www.freeopenvpn.org/

It's open to everyone without needing to create an account.
So this script, if improved, would greatly benefit everyone using it.

Most of freeopenvpn setup is static, but the password changes constantly.
Config: USA_freeopenvpn_tcp.ovpn (the contents change about twice a year)
Username: freeopenvpn (this remains the same for years)
Password/PIN: This 9-digit number changes a few times a day

For the username and password, I usually add this line to the config files:
for %f in (*.ovpn) do type C:\freeopenvpn\freeopenvpninclude.txt >> %f
Where the "freeopenvpninclude.txt" file contains this single line:
auth-user-pass C:\\freeopenvpn\\freeopenvpnauthuserpass.txt
And where the "freeopenvpnauthurserpass.txt" file contains two lines:
freeopenvpn
123456789
Where nothing changes quickly except that one 9-digit password above.

I don't use the OpenVPN GUI since I connect to the VPN via
doubleclicking the batch file below, whose last line is
what skirts around the Windows UAC popups (yes, I know, if you
don't like that part, just uncomment the part above it then),
and I don't feel like typing the VPN password each time which
is the second point of having the script (instead of the OpenVPN GUI).

Here's the current short script which, if the username/password
is already set, will work for anyone without need for user input.

RUN-ONLY BATCH SCRIPT:
@echo off
set configfile=USA_freeopenvpn_tcp.ovpn
REM set configfile=USA_freeopenvpn_udp.ovpn
set configcmd=C:\Program Files\OpenVPN\bin\openvpn.exe
set configdir=C:\freeopenvpn\config\
REM %configcmd% %configdir%%configfile%
c:\windows\system32\runas.exe /user:administrator /savecred "%configcmd% %configdir%%configfile%"

But a few times a day, the 9-digit password changes so user input
is required. To do that, I run this setup-and-run script instead.

SETUP-AND-RUN BATCH SCRIPT:
@echo off
echo "Append the username/password to all freeopenvpn ovpn config files"
echo "auth-user-pass C:\\freeopenvpn\\freeopenvpnauthuserpass.txt"
pause
echo "Get the latest 9-digit password from https://www.freeopenvpn.org/premium.php"
"C:\Users\username\AppData\Local\Epic Privacy Browser\Application\epic.exe" "https://www.freeopenvpn.org/premium.php" &
set /p user_input=Enter 9-digit password here"
echo %user_input%
REM it might be nice to count the number of digits to ensure it's 9 in number
pause
echo "Paste that latest 9-digit password into the freeopenvpnauthuserpass.txt file"
C:\Windows\notepad.exe "C:\\freeopenvpn\\freeopenvpnauthuserpass.txt" &
pause
cd C:\\freeopenvpn\
set configfile=USA_freeopenvpn_tcp.ovpn
REM set configfile=USA_freeopenvpn_udp.ovpn
set configcmd=C:\Program Files\OpenVPN\bin\openvpn.exe
set configdir=C:\freeopenvpn\config\
REM %configcmd% %configdir%%configfile%
c:\windows\system32\runas.exe /user:administrator /savecred "%configcmd% %configdir%%configfile%"

The reason this is posted is to help others connect to the same free
freeopenvpn VPN service without needing to invoke the OpenVPN GUI.

While I'm well aware that some people won't like that it bypasses
UAC, all they have to do to NOT bypass UAC is uncomment the
penultimate line and comment out the last line so that's not where
improvements are going to be found (unless you have a better solution,
which, yes, I know, involves shortcuts & the Windows task manager).

But that's complicated.
This is simple.
And I'm not worried about my kids or my dog accessing my computer.

If you can improve this file (other than the UAC part), then that
would be useful to thousands of people since it works for everyone.

[AllanH]

This looked like an interesting way to use OpenVPN.
I'm having a problem with the SETUP-AND-RUN BATCH SCRIPT.
I modified the URL that displays the password to https://www.freeopenvpn.org/premium.php?cntid=USA&lang=en.
The original URL redirected to https://www.freeopenvpn.org/.
If the browser window is not already open, the user input will not work.
If it is open, it works fine.
Do you know the reason for that?


--
Using Opera's mail client:
https://web.archive.org/web/20130226002115/http://www.opera.com/mail/
https://web.archive.org/web/20130709005515/http://help.opera.com/Windows/12.10/en/mail.html
https://web.archive.org/web/20130223015023/http://www.opera.com/browser/tutorials/mail/

[Newyana2]

"Bill Powell" <bi...@anarchists.org> wrote

|A few times a day I use the script below to connect to a free VPN named
| https://www.freeopenvpn.org/
|
| It's open to everyone without needing to create an account.
| So this script, if improved, would greatly benefit everyone using it.
|

Personally I'd write a VBScript. Why ride in a horse and buggy when
you have a car? But if DOS is what you know and it works for your,
that's up to you.

I'm posting mainly for something else that people might find
useful. Recently I've been setting up a new computer with
the thought that I might actually switch over to Win10. One
of the more useful tidbits I came across:

I was trying to figure out why drag-drop files didn't work in
my own software. I'd written a simple program to remove all
file restrictions on any folder (recursive) or file dropped into the
path text field of the program window. (Otherwise it's necesary
to browse for the file/folder.)

I thought maybe drag/drop was just broken in Win10. Then I noticed
that it worked on one computer but not another. Very weird. Finally I
figured it out: UAC set to its lowest level is still restricted and
nagging. Worse, it breaks things on Win10. In this case it's that any
object dragged to an elevate process window can't be dropped.
(Win7 doesn't do that.)

It turns out there's something called Limited User Account (LUA)
which is a lock the remains when UAC is turned down. Apparently
there's now a setting in the UAC window for it, but I don't see it
on my system. Yet it's an easy Registry hack:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

Add a 32-bit dword value named EnableLUA, if it's not there. Set the
value to 0. Reboot. Drag-drop then works and it seems to stop the
nags. I'm guessing that setting would save you from problems in your
code. But if you want LUA handcuffs then just leave the code as is.
What does it matter, really? You're only elevating for that occasion.

[Bill Powell]

On Wed, 21 Feb 2024 09:08:40 -0500, Newyana2 wrote:

> It turns out there's something called Limited User Account (LUA)
> which is a lock the remains when UAC is turned down. Apparently
> there's now a setting in the UAC window for it, but I don't see it
> on my system. Yet it's an easy Registry hack:
>
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
>
> Add a 32-bit dword value named EnableLUA, if it's not there. Set the
> value to 0. Reboot. Drag-drop then works and it seems to stop the
> nags. I'm guessing that setting would save you from problems in your
> code. But if you want LUA handcuffs then just leave the code as is.
> What does it matter, really? You're only elevating for that occasion.

Thank you for that information where I also had some irritating Windows
issues years ago when I would select a dozen or two dozen free open vpn
configuration files from vpngate.net to run them in batch, where Windows 10
would run them in sequence, one by one, until one of them worked.

That particular website is designed on purpose to thwart big-nation
censorship so on purpose only some free config files work at any moment.

Specifically, the config files come and go, and then come back, and
then they go again, so they only work for a few days before they
stop working and then they work again, and also often if you run
them multiple times they work so they must be set to work only on the
third or whatever try as there are some that are consistently set.

But no big deal. It's easy to deal with that if you script in batch
reproducing what you do manually - but Windows 10 was designed for
manual use and not for batch use, so you need to set up a few tricks.

The tricks I did are described below - which make it all work smoothly.

1. Install the OpenVPN daemon and batch executable.
https://openvpn.net/community-downloads/
https://swupdate.openvpn.org/community/releases/OpenVPN-2.6.9-I001-amd64.msi
Name: OpenVPN-2.6.9-I001-amd64.msi
Size: 5369856 bytes (5244 KiB)
SHA256: 0B1DDA1AABA754467A6D7AC4E64E178E783AEC5E7FD717882CF5B296A40320AB
2. Obtain any number of openvpn files from vpngate.net using wget.
https://www.vpngate.net/en/
A hundred config filse are available at a time, which rotate constantly.
You can manually obtain them by rightclicking on "OpenVPN Config file".
3. Set the doubleclick-action Windows 10 file association for *.ovpn to
open using the "OpenVPN Daemon" instead of using the "OpenVPN GUI".
4. Set the double-click executable permissions for the openvpn.exe
executable to "Run as administrator" by rightclicking & properties.
5. Optionally set open vpn log windows to open up in the same spot
as you could have twenty open until one works where I haven't
figured out how to killall without killing the one that finally
worked so you want to just click the Windows X to close in one spot.
Right click in the top bar of that running log file to select
"Properties" & go to the "Layout" tab and then position the log
window as you want all of the windows to appear and then uncheck
the checkbox for "Let system position window" & press OK.
6. Add a 32-bit DWORD so you can run more than 15 files at a time.
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
Name : MultipleInvokePromptMinimum
Type : DWORD
Default : 15 (decimal)
Change to: 50 (decimal)

Given the anti-censorship stance of the vpngate.net web site, that
turns out to be a good use model with almost no manual effort.

a. Daily you wget a few dozen (up to about 50) free config files.
b. You select a bunch (maybe a dozen or so) & rightclick execute.
c. One by one, they open in sequence until one invariably works.

Then you are on VPN, which you can check by running a simple curl.
%comspec% /k curl ifconfig.me
%comspec% /k curl icanhazip.com

Optionally hit the software killswitch to toggle the gateway.
set defgw=192.168.0.1
set "ip="
for /f "tokens=2,3 delims={,}" %%a in ('"WMIC NICConfig where IPEnabled="True" get DefaultIPGateway /value | find "I" "') do if not defined ip set ip=%%~a
IF "%ip%"=="%defgw%" ( %comspec% /c %windir%\system32\route.exe delete 0.0.0.0 %defgw%) ELSE ( %comspec% /c %windir%\system32\route.exe add 0.0.0.0 mask 0.0.0.0 %defgw%)
exit

To get off of VPN, you simply press the magic "F4" keyboard key.
And then you toggle the killswitch (if you optionally employed it)
which sets the gateway back to the original default gateway.

There are about a dozen Windows 10 tricks involved but the end
result is simply duplicating in batch what you already do manually.

[Bill Powell]

On Wed, 21 Feb 2024 03:40:56 -0600, AllanH wrote:

> This looked like an interesting way to use OpenVPN.

It's universal. Should work for everyone. Free VPN. Any time they want.

The goal, always, is to duplicate in batch what you already do manually.
The problem, always, is Windows 10 is designed for manual use (not batch).

You need to flip a few trick switches in Windows to make it batching work.
So if it doesn't work for you - it's probably one of those trick switches.

BTW, there is one "magic" keyboard button which you MUST KNOW ABOUT!

It's the magic "F4" button. When you close an openvpn log Window, all the
normal Windows methods work - but - eventually they screw up your route.

Don't ask me why because I don't know why not closing with "F4" eventually
screws up the route (if you do it enough, and I do it all day every day).

So always use the magic "F4" key to close any working openvpn log window!

However, if the VPN connection isn't working, for example on an expired
password, then you can close the batch openvpn log window any way you like.

> I'm having a problem with the SETUP-AND-RUN BATCH SCRIPT.

But does the plain short run script work?
Because if the simple script doesn't work, the "fancy" script can't.

The reason is the aforementioned Windows tricks to make batching work.

> I modified the URL that displays the password to https://www.freeopenvpn.org/premium.php?cntid=USA&lang=en.
> The original URL redirected to https://www.freeopenvpn.org/.

Great idea. THANK YOU FOR IMPROVING batching for everyone, plus for me!

As you obviously noticed, the original script required an extra keyclick
once the web browser popped up. Let me try your improvement URL first.

Test1: Manual (start Epic Privacy Browser & paste in the suggested URI)
https://www.freeopenvpn.org/premium.php?cntid=USA&lang=en

When batching, I have a devil of a time escaping funky characters,
which is why I can't put the following into a REM statement.
REM for %f in (*.ovpn) do type C:\freeopenvpn\include.txt >> %f
And I can't get that to work inside the batch script for some reason.

Probably I need double backslashes but the percent sign is causing
problems in the REM statement so I have to escape that % somehow.

Which is too bad, because that append step should also be automatic,
even though it's only needed about once every six months or so, and
even though there are only two freeopenvpn configuration files (tcp,udp).

But your funky characters worked fine without extra escape escapades.

Test2: With the web browser already open, run the setup-and-run script:
This worked (password was 327112703) where you may have noticed the
script should automatically add the password but I don't know how
to do that in batch so I echo it to the screen for a cut and paste.

THANK YOU for the improvement which knocked off one button press!

Test3: With the web browser NOT already open, run it again.
Well, that worked perfectly. It brought up the browser & to the right page.

> If the browser window is not already open, the user input will not work.
> If it is open, it works fine.
> Do you know the reason for that?

See above. It worked fine for me whether or not the browser was already
open. I used the Epic Privacy Browser but I don't see how that matters.
https://cdn.epicbrowser.com/v120/mini_installer.exe

Since it's a universal script, maybe someone else can check it as I've been
using these batch methods for freeopenvpn so long I forget all the Windows
switches I had to flip in order to turn Windows (which is a graphical user
interface) into a batch user interface (see my other post in this thread).

Having said that, thank you for eliminating one keystroke.

There are two others we can figure out how to remove maybe together.
1. At the beginning, check if the authuserpass is already added,
and if not, add it automatically (but this only is needed once
every few months, and there are only one or two config files involved).

2. When getting the password, after typing it, I echo it and then
I copy it into my clipboard and then when the editing window
comes up, I paste it into that Notepad (or vim) editing window.

But it would be nice to just wipe out the existing password
in the two-line file to automatically put this new password in.

Or... just replace the password authuserpass within the actual
config file which will be run at the end of the script.

There were three extra button pushes, where you eliminated one.
So those are the only two extra button pushes left to eliminate.

[Newyana2]

"Bill Powell" <bi...@anarchists.org> wrote

|
| There are about a dozen Windows 10 tricks involved but the end
| result is simply duplicating in batch what you already do manually.

Wow. I was impressed with myself for making Proton VPN work. :)
But I'm fortunate that I don't need it. I only used it once because
I was on hotel wifi.

[Larry Wolff]

On 2/21/2024 2:23 AM, Bill Powell wrote:

> REM %configcmd% %configdir%%configfile%
> c:\windows\system32\runas.exe /user:administrator /savecred "%configcmd% %configdir%%configfile%"

There is one step you did long ago to make the 'savecred' option work.
I forget what it is, but it is one-time thing.

Googling what that might be, I found a stackexchange with /savecred
but I know it doesn't work until you "do something" - but what?

HKLM\Microsoft\Windows\CurrentVersion\App Paths\admin.exe
C:\path\admim.bat
Where admin.bat sets an obvious color when it invokes an admin window.
Win+R | admin <CarriageReturn>
Which runs this batch file.
@ECHO OFF
SETLOCAL ENABLEEXTENSIONS
IF NOT "%~1"=="" goto :START
SET LogFile=%TEMP%\admin.vbs"
Echo Set UAC = CreateObject("Shell.Application") >"%LogFile%"
Echo UAC.ShellExecute "%~f0", "%cd%", "", "runas", 1 >>"%LogFile%"
Start "" /MIN "%LogFile%"
goto :EOF
:START
cmd /k "CD /D "%*" & Echo Administrator: & color 4F"
REM runas.exe /user:administrator /savecred "put your command here instead, to skip UAC"
:EOF

The stackexchange doesn't say you need any registry changes beforehand
but this explains you need to run it once with the admin password.
https://robotronic.net/blogenRunasSavecred.html

Blog Runas Savecred
Run as administrator from standard user with runas savecred command
Run application with administrator privileges as normal user without administrator rights by runas command in Windows.

Use runas in command line, in a batch file or a shortcut with the program.exe you want to run as administrator.
In example my program.exe is >> cmd.exe << and my administrator account is my local administrator account >> localadmin <<.
My command is
>> runas /user:localadmin cmd.exe <<
Runas command

After execute this runas command, you will be asked to enter the password of the administrator account.
Runas password

You cannot pass the password to runas command as argument,
but with the parameter savecred you can store credentials in credential manager, to avoid entering the password on each call.
>> runas /user:localadmin /savecred cmd.exe <<
Runas savecred
Now you are asked for the password only once, the next calls with savecred parameter you don't have to enter this password to run this application as administrator.
Beside the missing password parameter, there are two other problems with runas savecred

1. It is not recommended, because username and password are stored in the windows credential manager of this profile and
can used to execute every program with credentials of the administrator.
Better storing the credentials for each program separate, instead of using runas savecred.

2. The application is not running with elevated privileges or it is blocked by the UAC (User Access Control).
As solution you can allow specific applications to run with administrator permissions, elevated privileges and bypass the UAC

This can do by
1. using an encrypted file with administrator credentials only for the authorized application
or
2. an application manager that control selected application to run as administrator.

Both is not possible with runas savecred, but the following simple solutions can do it.

1. RunAsSpc store login information for each application in a separate encrypted file.
or
2. RunAsRob manage and start applications with administrator rights and elevated privileges from a user account.

With RunAsRob you can authorize specific applications or complete folders and its contents you want to allow running with administrator privileges.
By this tool you can limit administrator rights to a few applications or delegate particular administrator tasks fast and easy.

The principle is very simple, clear to understand, safe and easy to configure.
You just have to authorize the task, folder or program file.
After the application.exe run via runasrob.exe, RunAsRob compare this application and its path if it is an allowed directory and start the application with appropriate rights.

A call can do by drag and drop application.exe over runasrob.exe, a shortcut, a script or any other way by the command
>> C:\Program Files\RunasRob\runasrob.exe C:\path\application.exe <<

RunAsRob Screenshot
RunAsRob RunAsAdmin Screenshot
There are lot of other runas tools or utilities you can run application with administrator rights.

[AllanH]

I appreciate your detailed reply.
I have a little experience with batch files, but not much experience with VPN Clients.

I tried the batch file with both of my Chromium-based browsers, with the same result.
The user input would work if the browsers were open and would not if they were not open.
I don't know what the problem would be.

Does the last line of your batch file that executes openvpn.exe display anything?
Since it didn't for me, I didn't think it worked correctly.

One reason I may not continue with OpenVPN is it caused an issue with connecting to my Wi-Fi after a reboot.
It's not the type of software I would use very often.

[Bill Powell]

On Wed, 21 Feb 2024 15:53:07 -0500, Newyana2 wrote:

>| There are about a dozen Windows 10 tricks involved but the end
>| result is simply duplicating in batch what you already do manually.
>
> Wow. I was impressed with myself for making Proton VPN work. :)
> But I'm fortunate that I don't need it. I only used it once because
> I was on hotel wifi.

When it comes to VPN, there are two kinds of people (IMHO).
1. The kind of person who just wants to change his IP address.
2. The kind of person who is worried about what he's doing.

I'm only trying to change the IP address. So any free vpn works for me.

I'm not in the least worried about what I'm doing since I'm only trying to
get some privacy out of a web site if I have to visit it with Firefox or
Ungoogled Chromium instead of Epic, Opera or Tor.

The kind who is worried about what he's doing will have far more stringent
requirements of a VPN service than the kind who just wants an IP address.

Now we all know lots of web sites hate proxy IP addresses, so that's where
having the choice of a few thousand free openvpn config files is handy.

I lost my wget script long ago but at the time it would not only get the
vpngate.net config files by the thousands every day, but it would run a
test to delete the stale ones and then it would geolocate the country.

It would put the countries into a folder for each country so I could select
a dozen Germany openvpn config files and one of them would work for me.

While the scripts I provided work for me (which means they work for
everyone as my Windows is just a normal setup), they could be improved.

MUST:
a. I just reproduced the problem that AllanH experienced.
With the old URI, it worked every time but with the new URI,
it works at first, even with a closed browser, but then it hangs.

Makes no sense to me yet why, but I'm going back to the old URI.

SHOULD:
b. It would be nice to automatically modify the password.
Currently I type it, and when it spits it back, I copy/paste that
into the editor that opens up in the next step of the process.

c. It might be useful to add the choice of any number of countries.
https://www.freeopenvpn.org/premium.php?cntid=USA&lang=en
https://www.freeopenvpn.org/premium.php?cntid=UK&lang=en
https://www.freeopenvpn.org/premium.php?cntid=Germany&lang=en

COULD:
d. We could automate adding the authuserpass to a new config file
(but that's only needed once every few months for only two files)

for %f in (*.ovpn) do type C:\\freeopenvpn\freeopenvpninclude.txt >> %f

e. We could automate the first-time-use of 'savecred' for Windows
(but you only need to set the admin password once)
f. We could eliminate /savecred by setting it up as a scheduled task
g. We could give the user the choice of tcp or udp (but who cares?)

What other creeping elegance could improve this for everyone out there?

[Bill Powell]

On Wed, 21 Feb 2024 21:10:10 +0100, Bill Powell wrote:

> Test3: With the web browser NOT already open, run it again.
> Well, that worked perfectly. It brought up the browser & to the right page.

I ran the test for AllanH a few more times with the new URI and it does
hang up. Not in the beginning though. But after a few uses. WTF?

I'm going back to the old URL (maybe that's why I did it in the first
place). If someone can test this out, that would be useful to know why.

The old URL works consistently.
https://www.freeopenvpn.org/

The new URI hangs the script after a few independent uses.
https://www.freeopenvpn.org/premium.php?cntid=USA&lang=en

This makes no sense. So it's a browser-interacting-with-a-script issue.

But why would the script work perfectly a few times.
And then hang in the middle after opening the browser?

Without any changes in between?

[Oliver]

On Wed, 21 Feb 2024 15:53:07 -0500, Newyana2 <Newy...@invalid.nospam>

I would think the batch scripts would work for any free VPN outfit.

ProtonVPN offers free service with lower speeds in three countries.
https://privacycanada.net/best-free-vpn/

[Bill Powell]

On Wed, 21 Feb 2024 15:37:26 -0600, AllanH wrote:

> I appreciate your detailed reply.

Most people give one word answers.
That's because they don't care.
I do.

> I have a little experience with batch files, but not much experience with VPN Clients.

I guess I'm the opposite. So we can work well together.

The reason I choose the openvpn protocol is the client is well proven.
But notice that almost every openvpn site wants you to use THEIR client.

There's NEVER a reason to use their client.
They want to lock you into using their client.

Where some people are fooled into thinking that client is special.
It's not.

The client I suggest for _all_ openvpn configuration files is this one.

https://openvpn.net/community-downloads/
https://swupdate.openvpn.org/community/releases/OpenVPN-2.6.9-I001-amd64.msi
Name: OpenVPN-2.6.9-I001-amd64.msi
Size: 5369856 bytes (5244 KiB)
SHA256: 0B1DDA1AABA754467A6D7AC4E64E178E783AEC5E7FD717882CF5B296A40320AB

It works for EVERY config file you can find that uses the openvpn protocol.
https://www.freeopenvpn.org/
https://www.vpngate.net/en/
https://www.tunnelbear.com/
https://vanwa.tech/
https://protonvpn.com/

I just tried to find the protonvpn site for the config files, but notice
how extremely difficult they make it for you to _find_ the text configs.
They don't want you to know that's the ONLY thing you need from them!

Here they explain for Linux users how to use openvpn clients.
https://protonvpn.com/download-linux
Where they FINALLY (after ten minutes of searching) show you how to get
the text config files (which is all you ever need with openvpn protocols).
https://protonvpn.com/support/linux-openvpn/

Unfortunately you have to log into their web site to get their config
files which is ridiculous because the whole point is anonymity.
https://protonvpn.com/support/vpn-config-download/

Also vanwa took too long and tunnelbear seems to have the same problem
as does protonvpn which is two problems both of which are artificial.
1. They want you to use their client (but you don't need their client).
2. You have to create an account to get the text configuration files
which defeats the whole purpose of being anonymous while on VPN.

All you ever need, on any platform, is the text configuration file.
And the openvpn client for that platform.

That's it.
They're giving you garbage if they force you to do more than that.

> I tried the batch file with both of my Chromium-based browsers, with the same result.
> The user input would work if the browsers were open and would not if they were not open.
> I don't know what the problem would be.

We both agree something funny is going on that shouldn't be happening.
1. We both agree the browser shouldn't matter.
2. And we both agree the link URI shouldn't matter.
3. And we both agree that we shouldn't need the browser to be open.

What happened to me makes no sense, but the first time I tested it,
everything worked fine and even a few more times, but now it hangs.

WTF?
Makes no sense.

But as a result, I believe you.
What we need is for someone else to test it to see what happens to them
now that they're on the lookout for running it a few times in a row.

> Does the last line of your batch file that executes openvpn.exe display anything?
> Since it didn't for me, I didn't think it worked correctly.

In the very end, your original window dies and up pops in its place
another command window so there is only going to be one window at a time.

The last line of THAT openvpn log window will always say (let me check)
OK. The password hasn't changed (327112703) so let's move forward.

This is the last line of _any_ openvpn config file showing it worked.
2024-02-21 22:37:41 Initialization Sequence Completed

However, you could check with a curl if you want to make sure.

%comspec% /k curl ifconfig.me
%comspec% /k curl icanhazip.com

For gory detail, here is the ENTIRE second window (the first just dies).
024-02-21 22:37:29 DEPRECATED OPTION: --max-routes option ignored.The number of routes is unlimited as of OpenVPN 2.4. This option will be removed in a future version, please remove it from your configuration.
2024-02-21 22:37:29 OpenVPN 2.5.8 [git:none/0357ceb877687faa] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 2 2022
2024-02-21 22:37:29 Windows version 10.0 (Windows 10 or greater) 64bit
2024-02-21 22:37:29 library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10
2024-02-21 22:37:29 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-02-21 22:37:29 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-02-21 22:37:30 TCP/UDP: Preserving recently used remote address: [AF_INET]85.239.52.173:12352
2024-02-21 22:37:30 UDP link local: (not bound)
2024-02-21 22:37:30 UDP link remote: [AF_INET]85.239.52.173:12352
2024-02-21 22:37:30 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-02-21 22:37:30 VERIFY OK: depth=1, O=5fa2b89021f9231b1afdb036, CN=5fa2b89021f9231b1afdb043
2024-02-21 22:37:30 VERIFY KU OK
2024-02-21 22:37:30 Validating certificate extended key usage
2024-02-21 22:37:30 NOTE: --mute triggered...
2024-02-21 22:37:30 4 variation(s) on previous 3 message(s) suppressed by --mute
2024-02-21 22:37:30 [5fa2b89521f9231b1afdb050] Peer Connection Initiated with [AF_INET]85.239.52.173:12352
2024-02-21 22:37:36 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2024-02-21 22:37:36 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-02-21 22:37:36 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2024-02-21 22:37:36 NOTE: --mute triggered...
2024-02-21 22:37:36 1 variation(s) on previous 3 message(s) suppressed by --mute
2024-02-21 22:37:36 open_tun
2024-02-21 22:37:36 tap-windows6 device [Local Area Connection] opened
2024-02-21 22:37:36 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.235.0/192.168.235.239/255.255.255.0 [SUCCEEDED]
2024-02-21 22:37:36 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.235.239/255.255.255.0 on interface {8970EFE9-1460-429C-B94D-FD7EAC28BF7C} [DHCP-serv: 192.168.235.0, lease-time: 31536000]
2024-02-21 22:37:36 Successful ARP Flush on interface [16] {8970EFE9-1460-429C-B94D-FD7EAC28BF7C}
2024-02-21 22:37:36 IPv4 MTU set to 1500 on interface 16 using SetIpInterfaceEntry()
2024-02-21 22:37:41 Initialization Sequence Completed

Remember you MUST use the magic "F4" key to close that thing.
If you don't, nothing bad seems to happen, but over time,
your router table is all messed up until you reboot.

So just always close it with the magic "F4" key.

> One reason I may not continue with OpenVPN is it caused an issue
> with connecting to my Wi-Fi after a reboot.

I disagree. I can't imagine how openvpn matters at all.
Once you kill it properly, you're back to where you were.
I think you're not killing it properly.
If you don't kill openvpn properly, you can screw up your router table.
Ask me how I know this.

However, a reboot (in my experience) always cleans up the router table.
Although see below that I reboot without a gateway while others don't do that.

> It's not the type of software I would use very often.

Again, I do NOT think openvpn is the source of your network issues.
However, as I said, you MUST shut down openvpn windows properly.

In addition, with respect to networking, killswitches are de rigueur.

I have the killswitch set up for that which is from liquidvpn
which I modified for my use many years ago & it works perfectly.
<https://metager.org/meta/meta.ger3?eingabe=liquidvpn%20killswitch>

I have a shortcut on my taskbar that I tap to toggle the gateway.
a. If, for whatever reason, Windows boots
b. Windows boots to no gateway set
c. I tap the killswitch toggle shorcut, and I have a gateway

This is useful when I use torrents, for example, where the process is
a. I go on vpn and then I immediately toggle the gateway
b. This doesn't affect the VPN - nor the local 192.168 network
c. But it prevents anything from going out the router on a non-VPN IP

If, for example, the VPN drops (which happens)
d. The gateway is unset - so the Windows icon goes to offline

Instantly. There is zero delay. It's as perfect as is Mary Poppins.

To get back online, I simply do two things:
e. I kill the bittorrent client
f. I tap the stopsign killswitch toggle on my taskbar
g. Now I'm back online

This ensures that if the VPN drops, there will be no network
outside the local LAN. It seems hard to find the liquidVPN killswitch
(see search above) but there are plenty out there and I already
gave the basic code in another post in this thread.

BTW, in addition, I don't like that Windows update reboots my PC.
On the net.

So I set up Windows to reboot to no gateway at all.
Then I hit the killswitch toggle and only then it's on Wi-Fi.

The killswitch then serves multiple purposes.
The killswitch is also useful for when installing software.
As lots of software phones home.

That software can't phone home if I toggle the killswitch.
You may notice I gave you an offline Epic Browser URL too.
Otherwise you get a netstub which I never use if I can avoid them.

As for the killswitch toggle, it's set up as a Windows scheduled
task & it works absolutely wonderfully forever once you set it up.

I don't know how people live without a killswitch toggle.