wiki:IntegratingOpenvpnWithNssm

Version 5 (modified by Samuli Seppänen, 9 years ago) (diff)

--

Integrating OpenVPN with NSSM

NSSM ("Non-sucking Service Manager") is a public domain service manager for Windows. It tries to ensure that processes launched by it are respawned should they die. In addition it can write processes' output into logfiles and manage log rotation, among other things. For details have a look at the NSSM website and the README.txt file bundled in the nssm zip-file.

Installing NSSM

NSSM is distributed as a zipfile which contains binaries for 32- and 64-bit Windows. To install nssm.exe just extract the zip-file and copy the appropriate executable somewhere in the path, e.g. C:\Program Files\OpenVPN\bin.

Adding an OpenVPN connection to NSSM

Making NSSM monitor an OpenVPN connection is quite straightforward using this batch file:

set BASEDIR=C:\Program Files\OpenVPN
set NSSM=%BASEDIR%\bin\nssm.exe
set CONN=community.ovpn

"%NSSM%" status %CONN% > NUL 2>&1
if %ERRORLEVEL% EQU 3 (
    "%NSSM%" install %CONN% "%BASEDIR%\bin\openvpn.exe" > NUL 2>&1
)

"%NSSM%" set %CONN% AppDirectory "%BASEDIR%\config" > NUL 2>&1
"%NSSM%" set %CONN% AppParameters "--config %CONN%" > NUL 2>&1
"%NSSM%" set %CONN% AppStdin "%BASEDIR%\log\%CONN%.log" > NUL 2>&1
"%NSSM%" set %CONN% AppStdout "%BASEDIR%\log\%CONN%.log" > NUL 2>&1
"%NSSM%" set %CONN% AppStderr "%BASEDIR%\log\%CONN%.log" > NUL 2>&1
"%NSSM%" set %CONN% AppRotateFiles 1 > NUL 2>&1
"%NSSM%" set %CONN% DependOnService Dhcp tap0901 > NUL 2>&1
"%NSSM%" start %CONN% > NUL 2>&1

The CONN variable refers to the OpenVPN connection file you wish to launch.

Basic NSSM usage

NSSM commands are pretty self-explanatory:

nssm.exe status <service-name>
nssm.exe start <service-name>
nssm.exe stop <service-name>
nssm.exe restart <service-name>

If you type

nssm.exe

you will get a list of all options NSSM supports.

Debugging

NSSM write its logs to the Windows Event Log. You can use the Event Viewer to display the events. If you dislike GUIs you can also use Windows Powershell. First figure out which event you need to view:

> Get-EventLog System -Source "Service Control Manager" -Newest 10

Index Message
----- -------
53502 The Software Protection service entered the running state.
53501 The Software Protection service entered the running state.
53500 The Software Protection service entered the running state.
53499 The Software Protection service entered the running state.
53498 The Software Protection service entered the running state.
53497 The Software Protection service entered the running state.
53495 The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
53494 The community.ovpn service entered the running state.
53493 The Software Protection service entered the running state.
53492 The Software Protection service entered the running state.

Then display the even contents:

> Get-EventLog System|Where-Object { $_.Index -eq 53494 }|Format-List

Index              : 53494
EntryType          : Information
InstanceId         : 1073748860
Message            : The community.ovpn service entered the running state.
Category           : (0)
CategoryNumber     : 0
ReplacementStrings : {community.ovpn, running}
Source             : Service Control Manager
TimeGenerated      : 6/22/2015 3:08:25 PM
TimeWritten        : 6/22/2015 3:08:25 PM
UserName           : 

To debug the actual OpenVPN startup check the OpenVPN stdout/stderr logs NSSM is configured to write. For example:

> Get-Content -Last 4 community-stdout.log
Mon Jun 22 15:08:31 2015 us=890229 Route addition via IPAPI failed [adaptive]
Mon Jun 22 15:08:31 2015 us=890229 Route addition fallback to route.exe
Mon Jun 22 15:08:31 2015 us=890229 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Mon Jun 22 15:08:31 2015 us=905832 Initialization Sequence Completed

Acknowledgements

Thanks to Jason Haar for providing the initial version of the above script!