Guest Chaf Posted ... Hi all, Attached to this post a zip of my Openvpn config folder (without my Airvpn connection files of course!) What it does:- Applies firewall rules based on those provided by Omniferum- Protects against leaks based on dnsleaktest advices- Backs up and restores original firewall rules before/after openvpn connection/disconnection- On Openvpn connection, starts ipleak.net webpage to confirm connection and no dns leaks. Only 2 things to do:- Add your europe config files into config folder in openvpn install directory- In windows network connections, rename devices wifi->wlan, ethernet->lan This is basic but functional and needs to be adapted to your config files and usage but i'd be happy to help if needed. http://www.sendspace.com/file/oy0b26 1 neox8 reacted to this Quote Share this post Link to post
HeyWAZZab33 0 Posted ... hi guys,is it somehow possible to use the 2.1 airvpn-client with these settings? Quote Share this post Link to post
Omniferum 9 Posted ... I can't speak for denver's method but technically mine should work with the airvpn client. I have never used their client but I believe it is based on OpenVPN. The only line that is actually relevant to any 'specific' program is: netsh advfirewall firewall add rule name="VPN_INTERNET_OUTBOUND" dir=out action=allow localip=10.4.0.0-10.9.255.255 That line (specifically the ip range in the localip=) points your firewall to only accept internet on adapters within that range, which is the range on which OpenVPN adapters function. The airvpn-client should use the same range. The firewall flipper will still work as well for the record, just none of the openvpn functionality (terminating it/auto-connecting to stuff) Quote Share this post Link to post
Telios DisplayName 0 Posted ... Some questions: - It's possible to add some rules to block also the incoming connections? - In my Win7 there are preinstalled rules, for example called "Windows Media Player (TCP-Out)". This rules take precedence over your general "BlockOutbound"... there are some solution, or people need to disable them? Thanks, great guide! Quote Share this post Link to post
Spiral 0 Posted ... Hi,I’m using Win 7 Home Premium (German Edition). When I try running the ‘VPNFirewallRules.bat’ it can’t find the .ovpn files. I tried to remove the IF NOT EXIST *.ovpn part of the script, but then it crashes.Can anyone help me with a step-by-step description how to modify the firewall manually, so that I can use the ‘FirewallFlip.bat’ ? Your help would be much appreciated. Quote Share this post Link to post
haiki 0 Posted ... Hi everyone,I seem to have a weird issue here. I have set the two bat files to autostart on system startup and the second bat files keeps triggering with same messsage after I have powered on my machine.Usually it would be prompting at the "The firewall currently allows "ONLY" VPN traffic, do you wish to allow "ALL" traffic?", but now after powering on and repeated reruns of the 2nd bat file it always prompts with this message "The firewall currently allows "ALL" traffic, do you wish to allow "ONLY" VPN traffic?"I do not know why this is happening and now I cannot be certain that on a reboot my machine will be allowing DNS leaks. Please advise and any support is appreciated as always.Cheers,hakrins Quote Share this post Link to post
Staff 10014 Posted ... @hakrins You might like to run Eddie with "Network Lock" function enabled: https://airvpn.org/topic/12175-network-lock Kind regards Quote Share this post Link to post
dbuero 10 Posted ... Hi all, i found a couple of problems with the 2 batch files posted at the start of the fred. 1. the stupid windows locale crap messes with the return messages from the firewall, e.g. in the german windows instead of returning "AllowOutbound" it returns "Ausgehend zulassen". fix: since there is no problem with adding additional if cases in the script thats exactly what i did 2. The script only uses the 32 bit OpenVpn (by hard coded path), which is sad in 2015, so I fixed that for me, (who has less than 4g of Ram today?) 3. the ipconfig /release command messed everything up for me (both ways, while activating and deactivating) so i commented it out, I dont see the point anyways if it stays set to dhcp Now it seems to work fine and I'm very happy to have this forum and the basic setup provided by you guys, esp. OP. Thank you! Here my scripts: The "execute me once in the openvpnConfigFolder" setup script: @ECHO OFF SETLOCAL ENABLEDELAYEDEXPANSION SETLOCAL ENABLEEXTENSIONS ::Everything here is designed to auto-extract and populate the variable "vpnip", which is used in one of the 3 commands at the bottom of this script. This script should work regardless of what language your OS is. IF EXIST vpnip.txt DEL vpnip.txt IF EXIST rawvpnip.txt DEL rawvpnip.txt IF NOT EXIST *.ovpn ( ECHO ****************************************************************** ECHO This script cannot continue because it could not find the .ovpn ECHO files required in the same directory as this script. ECHO. ECHO For reference the directory that this script is in is: ECHO "%~dp0" ECHO ****************************************************************** PAUSE GOTO :EOF ) FOR /F "tokens=*" %%a IN ('DIR /b *.ovpn') DO ( FOR /F "tokens=1-3 delims= " %%b IN ('type "%%a" ^| findstr "remote" ^| findstr /R "[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"') DO ( ECHO %%c>>rawvpnip.txt set rvi=true ) ) IF %rvi% NEQ true ( IF EXIST rawvpnip.txt DEL rawvpnip.txt ECHO ****************************************************************** ECHO Your .ovpn file does not contain an IP address, it most likely has ECHO a DNS address ^(e.g. www.google.com - when it should be: 1.1.1.1^) ECHO This script cannot continue until you rectify this. ECHO ****************************************************************** PAUSE GOTO :EOF ) ::Remove duplicate IP's, useful IF you have both TCP and UDP .ovpn files SET n=0 FOR /F "usebackq delims=" %%A IN (rawvpnip.txt) DO ( SET "skip=" for /l %%N IN (1 1 !n!) DO IF "%%A"=="!var%%N!" SET skip=1 IF NOT DEFINED skip ( ECHO %%A>>vpnip.txt SET /a n+=1 SET "var!n!=%%A" ) ) DEL rawvpnip.txt FOR /F "tokens=*" %%a IN ('type vpnip.txt') DO ( IF NOT DEFINED vpnip SET vpnip=%%a SET vpnip=!vpnip!,%%a ) DEL vpnip.txt ::Delete any older rules that may have been put in place. ECHO Deleting any rules this script may have made earlier... netsh advfirewall firewall delete rule name="ALL_LOCAL_OUTBOUND" netsh advfirewall firewall delete rule name="VPN_RESOLUTION_OUTBOUND" netsh advfirewall firewall delete rule name="VPN_INTERNET_OUTBOUND" ::VPN Firewall Rules - This actually makes the rules, everything above was just to get the IP's out of the ovpn files automatically. ECHO. ECHO. ECHO Creating all scripts as necessary... netsh advfirewall firewall add rule name="ALL_LOCAL_OUTBOUND" dir=out action=allow remoteip=LocalSubnet netsh advfirewall firewall add rule name="VPN_RESOLUTION_OUTBOUND" dir=out action=allow remoteip=%vpnip% netsh advfirewall firewall add rule name="VPN_INTERNET_OUTBOUND" dir=out action=allow localip=10.4.0.0-10.9.255.255 And the execute for activation or deactivation of vpn script: @ECHO OFF SETLOCAL ENABLEDELAYEDEXPANSION SETLOCAL ENABLEEXTENSIONS SET vpndnsprimary=10.4.0.1 SET vpndnssecondary=10.5.0.1 ::Put the filename of your preferred OVPN server here. The filename can have spaces SET yourpreferredovpn= IF NOT DEFINED yourpreferredovpn ( FOR %%f IN ("C:\Program Files (x86)\OpenVPN\config\*.ovpn") DO ( SET /A n+=1 SET "file[!n!]=%%f" ) SET /A "rand=(n*%random%)/32768+1" SET yourpreferredovpn="!file[%rand%]!" ) SET apikey= ::Valid options are: disconnect,userinfo SET apiservice=disconnect ::Check what state the firewall is in (VPN ONLY or ALLOW ALL) FOR /F "tokens=2 delims=," %%a IN ('netsh advfirewall show allprofiles firewallpolicy') DO SET state=%%a IF "%state%" EQU "BlockOutbound" GOTO :VPN IF "%state%" EQU "AllowOutbound" GOTO :ALL IF "%state%" EQU "Ausgehend blockieren" GOTO :VPN IF "%state%" EQU "Ausgehend zulassen" GOTO :ALL ECHO %state% ECHO Your firewall state cannot be determined. Press any key to exit this script. PAUSE >NUL 2>NUL GOTO :EOF :VPN CHOICE /m "The firewall currently allows "ONLY" VPN traffic, do you wish to allow "ALL" traffic?" IF %ERRORLEVEL% EQU 1 ( ::This powershell command allows you to send an API request IF DEFINED APIKEY ( Powershell.exe -NoProfile -Command ^(New-Object System.Net.WebClient^).DownloadString^('https://airvpn.org/api/?key^=!apikey!^&service^=!apiservice!^&format^=text'^) ) taskkill /f /im openvpn* netsh advfirewall SET allprofiles firewallpolicy BlockInbound,AllowOutbound ::Identify all NIC's and set their DNS to DHCP FOR /F "tokens=2 delims=, skip=2" %%a IN ('"wmic nic where (netconnectionid like '%%') get netconnectionid,netconnectionstatus /format:csv"') DO ( netsh interface ip set dns "%%a" dhcp >NUL 2>NUL netsh interface set interface name="%%a" disable >NUL 2>NUL netsh interface set interface name="%%a" enable >NUL 2>NUL ) #ipconfig /release >NUL 2>NUL ipconfig /flushdns >NUL 2>NUL ) GOTO :EOF :ALL CHOICE /m "The firewall currently allows "ALL" traffic, do you wish to allow "ONLY" VPN traffic?" IF %ERRORLEVEL% EQU 1 ( netsh advfirewall set allprofiles firewallpolicy BlockInbound,BlockOutbound ::Identify all NIC's and set their DNS to the secure VPN DNS FOR /F "tokens=2 delims=, skip=2" %%a IN ('"wmic nic where (netconnectionid like '%%') get netconnectionid,netconnectionstatus /format:csv"') DO ( #ipconfig /release >NUL 2>NUL ipconfig /flushdns >NUL 2>NUL netsh interface ip set dns "%%a" static %vpndnsprimary% primary validate=no >NUL 2>NUL netsh interface ip add dns "%%a" %vpndnssecondary% index=2 validate=no >NUL 2>NUL netsh interface set interface name="%%a" disable >NUL 2>NUL netsh interface set interface name="%%a" enable >NUL 2>NUL ) START "" "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect "!yourpreferredovpn!" >NUL 2>NUL ) Cheers,db Quote Share this post Link to post
ovsienko 1 Posted ... Hello! I generated .ovpn file and also 2 .bat files, then i put them to my X:\Program Files\OpenVPN\config\ directory.after I execute first .bat file with admin option I got an error:This script cannot continue because it could not find the .ovpnfiles required in the same directory as this script. For reference the directory that this script is in is: .... I made file vpnip.txt with some digits\letters in it in same dir. After I start .bat file it doesn't delete it. What should I do? Win7 32bit. Quote Share this post Link to post
dbuero 10 Posted ... Please refer to the creation of the ovpn file on the first page of this guide: OVPN FILE CREATION STEPSYour .ovpn files need to be generated first.To do so you need to go to the Config Generator section of your AirVPN Client Area (This place is on THIS website, not a program) with the following boxes checked:-Advanced Mode (This has to be selected first so the next two can be visible)-Resolved hosts in .ovpn file-All servers for area region It is important that you have the "Resolve hosts in .ovpn file" option selected!!!Otherwise this whole thing does not work. Quote Share this post Link to post
Omniferum 9 Posted ... Nice to see my stuff is still helping people out. I've updated the main topic with clearer steps, and added some extra things thanks to: dbuero -German language support -Added a rudimentary bit of code that will select the highest bit version of ovpn you have (some people still install the 32-bit on x64 OS's) -Removed the ipconfig /release command (it was only ever there as a 'just in case' thing anyway) Any issues y'all can just let me know. 1 dbuero reacted to this Quote Share this post Link to post
tamitos 0 Posted ... If I use Network Lock in Airvpn software, do I need to use the above method? Quote Share this post Link to post
Staff 10014 Posted ... If I use Network Lock in Airvpn software, do I need to use the above method? Hello! No, in that case you don't need it and you must not use it. Kind regards Quote Share this post Link to post
ojj 0 Posted ... Hello,Would like to connect with the TOR option [vpn over tor] offered in preferences > protocols. If the Direct, protocol UDP, port 443 (*) will be chosen like it requires in this instructions and the rest-of instructions will be followed just the same,will the TOR option work? Or what modifications to existing instructions need be made for it to work? Thank you for the support Quote Share this post Link to post
Staff 10014 Posted ... Hello,Would like to connect with the TOR option [vpn over tor] offered in preferences > protocols. If the Direct, protocol UDP, port 443 (*) will be chosen like it requires in this instructions and the rest-of instructions will be followed just the same,will the TOR option work? Or what modifications to existing instructions need be made for it to work? Thank you for the support Hello, Tor proxy (just like any socks or http proxy) does not support UDP. OpenVPN will necessarily work in TCP. Please see also https://airvpn.org/tor Kind regards Quote Share this post Link to post
ojj 0 Posted ... How do you suggest correcting an existing DNS leak when using the vpn over tor option with the AirVPN client. Thanks for quick reply. Hello,Would like to connect with the TOR option [vpn over tor] offered in preferences > protocols. If the Direct, protocol UDP, port 443 (*) will be chosen like it requires in this instructions and the rest-of instructions will be followed just the same,will the TOR option work? Or what modifications to existing instructions need be made for it to work? Thank you for the support Hello, Tor proxy (just like any socks or http proxy) does not support UDP. OpenVPN will necessarily work in TCP. Please see also https://airvpn.org/tor Kind regards Quote Share this post Link to post
elroy 2 Posted ... Hi there, I've followed the instructions carefully and keep getting the problem of not being able to find the .ovpn files (even though they are in the folder). When generating the .ovpn files I can't see the option to select All servers for area region. Any help much appreciated Quote Share this post Link to post
Guest Posted ... Check this https://airvpn.org/topic/14341-config-generator-resolve-all-ips/?p=28172 Hi there, I've followed the instructions carefully and keep getting the problem of not being able to find the .ovpn files (even though they are in the folder). When generating the .ovpn files I can't see the option to select All servers for area region. Any help much appreciated Quote Share this post Link to post
elroy 2 Posted ... So just to check then... Until the ""All servers for area region" option is back, the instructions contained in this topic won't work? Is there a workaround? Quote Share this post Link to post
Omniferum 9 Posted ... The script still works with the Config Generator without the "All servers for area region" option. All that did was provide you with all the IP's in fewer config files, which they can't do anymore as you can only have so many IP's in one config file. Quote Share this post Link to post
Omniferum 9 Posted ... Added extra measures to ensure DNS stuff (in case windows command stuff up from interference from something else) Quote Share this post Link to post
Omniferum 9 Posted ... Decided to overhaul the script. It is now 1 script instead of 2 and only need you to put your .ovpn files into your OpenVPN installation for it to work. Quote Share this post Link to post
Omniferum 9 Posted ... The script will now auto-resolve the host ip and format your .ovpn accordingly. Quote Share this post Link to post
migbot 0 Posted ... Thanks Omniferum!!! Great new script, I much prefer it over the older ones I had been using for a few years. I have one small issue: No matter how many times I run the script, I always see this message: ********************************************************************Could not find IP addresses some, or all, of your .ovpn file(s) Would you like this script to automatically format your .ovpn files? REQUIRES INTERNET CONNECTION********************************************************************[Y,N]? If I type Y, then I have the following message: (N just ends the script with no modifications to system) A backup of "C:\Program Files\OpenVPN\config\AirVPN_America_UDP-443.ovpn" already exists, do you wish to overwrite it?[Y,N]? If I type Y, then it overwrites and moves on to the next 30 .OVPNs I have in the folder. If I type N, then it just moves on in the same fashion, but without overwriting. The point is: I have to type Y or N to 30 ovpns. (Which is just a mild annoyance I guess...) I have followed the instructions for generating the ovpns, but it still says they need formatting. Either way, they shouldn't need formatting after the first time anyway, right? Thanks again!!! Quote Share this post Link to post
Omniferum 9 Posted ... I have tweaked the backup function so you don't actually have to press Y or N. There is an error in my script that I have fixed (was something I never really tested properly). Use the updated script in the first post. Quote Share this post Link to post