wiki:IntegratingOpenvpnWithNssm

Integrating OpenVPN with NSSM

NSSM ("Non-sucking Service Manager") is a public domain service manager for Windows. It tries to ensure that processes launched by it are respawned should they die. In addition it can write processes' output into logfiles and manage log rotation, among other things. For details have a look at the NSSM website and the README.txt file bundled in the nssm zip-file.

The OpenVPN project planned on bundling NSSM with OpenVPN installers (see ticket #597). That plan was abandoned soon after openvpnserv2 was released. Openvpnserv2 is a better C# replacement for the original, poorly working openvpnserv.exe,

Installing NSSM

NSSM is distributed as a zipfile which contains binaries for 32- and 64-bit Windows. To install nssm.exe just extract the zip-file and copy the appropriate executable somewhere in the path, e.g. C:\Program Files\OpenVPN\bin.

Adding an OpenVPN connection to NSSM

Making NSSM monitor an OpenVPN connection is quite straightforward using this batch file:

set BASEDIR=C:\Program Files\OpenVPN
set NSSM=%BASEDIR%\bin\nssm.exe
set CONN=community.ovpn
set EXIT_DELAY=2500

"%NSSM%" status %CONN% > NUL 2>&1
if %ERRORLEVEL% EQU 3 (
    "%NSSM%" install %CONN% "%BASEDIR%\bin\openvpn.exe" > NUL 2>&1
)

"%NSSM%" set %CONN% AppDirectory "%BASEDIR%\config" > NUL 2>&1
"%NSSM%" set %CONN% AppParameters "--config %CONN%" > NUL 2>&1
"%NSSM%" reset %CONN% AppStdin > NUL 2>&1
"%NSSM%" set %CONN% AppStdout "%BASEDIR%\log\%CONN%.log" > NUL 2>&1
"%NSSM%" set %CONN% AppStderr "%BASEDIR%\log\%CONN%.log" > NUL 2>&1
"%NSSM%" set %CONN% AppRotateFiles 1 > NUL 2>&1
"%NSSM%" set %CONN% DependOnService Dhcp tap0901 > NUL 2>&1
"%NSSM%" set %CONN% AppStopMethodConsole %EXIT_DELAY% > NUL 2>&1
"%NSSM%" start %CONN% > NUL 2>&1

The CONN variable refers to the OpenVPN connection file you wish to launch. The suggested EXIT_DELAY of 2500 msec may have to be increased if you use explicit-exit-notify n with n > 1 in the connection configuration file.

Basic NSSM usage

NSSM commands are pretty self-explanatory:

nssm.exe status <service-name>
nssm.exe start <service-name>
nssm.exe stop <service-name>
nssm.exe restart <service-name>

If you type

nssm.exe

you will get a list of all options NSSM supports.

Debugging

NSSM write its logs to the Windows Event Log. You can use the Event Viewer to display the events. If you dislike GUIs you can also use Windows Powershell. First figure out which event you need to view:

> Get-EventLog System -Source "Service Control Manager" -Newest 10

Index Message
----- -------
53502 The Software Protection service entered the running state.
53501 The Software Protection service entered the running state.
53500 The Software Protection service entered the running state.
53499 The Software Protection service entered the running state.
53498 The Software Protection service entered the running state.
53497 The Software Protection service entered the running state.
53495 The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
53494 The community.ovpn service entered the running state.
53493 The Software Protection service entered the running state.
53492 The Software Protection service entered the running state.

Then display the even contents:

> Get-EventLog System|Where-Object { $_.Index -eq 53494 }|Format-List

Index              : 53494
EntryType          : Information
InstanceId         : 1073748860
Message            : The community.ovpn service entered the running state.
Category           : (0)
CategoryNumber     : 0
ReplacementStrings : {community.ovpn, running}
Source             : Service Control Manager
TimeGenerated      : 6/22/2015 3:08:25 PM
TimeWritten        : 6/22/2015 3:08:25 PM
UserName           : 

To debug the actual OpenVPN startup check the OpenVPN stdout/stderr logs NSSM is configured to write to. For example:

> Get-Content -Last 4 community-stdout.log
Mon Jun 22 15:08:31 2015 us=890229 Route addition via IPAPI failed [adaptive]
Mon Jun 22 15:08:31 2015 us=890229 Route addition fallback to route.exe
Mon Jun 22 15:08:31 2015 us=890229 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Mon Jun 22 15:08:31 2015 us=905832 Initialization Sequence Completed

Acknowledgements

Thanks to Jason Haar for providing the initial version of the above script and for the tip for using NSSM in the first place!

Removed AppStdin, not needed and causes log rotation to file. - Nathan Rennie-Waldock

Last modified 9 years ago Last modified on 02/26/16 06:45:47