Integrating OpenVPN with NSSM
NSSM ("Non-sucking Service Manager") is a public domain service manager for Windows. It tries to ensure that processes launched by it are respawned should they die. In addition it can write processes' output into logfiles and manage log rotation, among other things. For details have a look at the NSSM website and the README.txt file bundled in the nssm zip-file.
The OpenVPN project planned on bundling NSSM with OpenVPN installers (see ticket #597). That plan was abandoned soon after openvpnserv2 was released. Openvpnserv2 is a better C# replacement for the original, poorly working openvpnserv.exe,
Installing NSSM
NSSM is distributed as a zipfile which contains binaries for 32- and 64-bit Windows. To install nssm.exe just extract the zip-file and copy the appropriate executable somewhere in the path, e.g. C:\Program Files\OpenVPN\bin.
Adding an OpenVPN connection to NSSM
Making NSSM monitor an OpenVPN connection is quite straightforward using this batch file:
set BASEDIR=C:\Program Files\OpenVPN set NSSM=%BASEDIR%\bin\nssm.exe set CONN=community.ovpn set EXIT_DELAY=2500 "%NSSM%" status %CONN% > NUL 2>&1 if %ERRORLEVEL% EQU 3 ( "%NSSM%" install %CONN% "%BASEDIR%\bin\openvpn.exe" > NUL 2>&1 ) "%NSSM%" set %CONN% AppDirectory "%BASEDIR%\config" > NUL 2>&1 "%NSSM%" set %CONN% AppParameters "--config %CONN%" > NUL 2>&1 "%NSSM%" reset %CONN% AppStdin > NUL 2>&1 "%NSSM%" set %CONN% AppStdout "%BASEDIR%\log\%CONN%.log" > NUL 2>&1 "%NSSM%" set %CONN% AppStderr "%BASEDIR%\log\%CONN%.log" > NUL 2>&1 "%NSSM%" set %CONN% AppRotateFiles 1 > NUL 2>&1 "%NSSM%" set %CONN% DependOnService Dhcp tap0901 > NUL 2>&1 "%NSSM%" set %CONN% AppStopMethodConsole %EXIT_DELAY% > NUL 2>&1 "%NSSM%" start %CONN% > NUL 2>&1
The CONN variable refers to the OpenVPN connection file you wish to launch. The suggested EXIT_DELAY of 2500 msec may have to be increased if you use explicit-exit-notify n
with n > 1
in the connection configuration file.
Basic NSSM usage
NSSM commands are pretty self-explanatory:
nssm.exe status <service-name> nssm.exe start <service-name> nssm.exe stop <service-name> nssm.exe restart <service-name>
If you type
nssm.exe
you will get a list of all options NSSM supports.
Debugging
NSSM write its logs to the Windows Event Log. You can use the Event Viewer to display the events. If you dislike GUIs you can also use Windows Powershell. First figure out which event you need to view:
> Get-EventLog System -Source "Service Control Manager" -Newest 10 Index Message ----- ------- 53502 The Software Protection service entered the running state. 53501 The Software Protection service entered the running state. 53500 The Software Protection service entered the running state. 53499 The Software Protection service entered the running state. 53498 The Software Protection service entered the running state. 53497 The Software Protection service entered the running state. 53495 The WinHTTP Web Proxy Auto-Discovery Service service entered the running state. 53494 The community.ovpn service entered the running state. 53493 The Software Protection service entered the running state. 53492 The Software Protection service entered the running state.
Then display the even contents:
> Get-EventLog System|Where-Object { $_.Index -eq 53494 }|Format-List Index : 53494 EntryType : Information InstanceId : 1073748860 Message : The community.ovpn service entered the running state. Category : (0) CategoryNumber : 0 ReplacementStrings : {community.ovpn, running} Source : Service Control Manager TimeGenerated : 6/22/2015 3:08:25 PM TimeWritten : 6/22/2015 3:08:25 PM UserName :
To debug the actual OpenVPN startup check the OpenVPN stdout/stderr logs NSSM is configured to write to. For example:
> Get-Content -Last 4 community-stdout.log Mon Jun 22 15:08:31 2015 us=890229 Route addition via IPAPI failed [adaptive] Mon Jun 22 15:08:31 2015 us=890229 Route addition fallback to route.exe Mon Jun 22 15:08:31 2015 us=890229 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem Mon Jun 22 15:08:31 2015 us=905832 Initialization Sequence Completed
Acknowledgements
Thanks to Jason Haar for providing the initial version of the above script and for the tip for using NSSM in the first place!
Removed AppStdin, not needed and causes log rotation to file. - Nathan Rennie-Waldock