A few times a day I use the script below to connect to a free VPN named https://www.freeopenvpn.org/
It's open to everyone without needing to create an account.
So this script, if improved, would greatly benefit everyone using it.
Most of freeopenvpn setup is static, but the password changes constantly.
Config: USA_freeopenvpn_tcp.ovpn (the contents change about twice a year)
Username: freeopenvpn (this remains the same for years)
Password/PIN: This 9-digit number changes a few times a day
For the username and password, I usually add this line to the config files:
for %f in (*.ovpn) do type C:\freeopenvpn\freeopenvpninclude.txt >> %f
Where the "freeopenvpninclude.txt" file contains this single line:
auth-user-pass C:\\freeopenvpn\\freeopenvpnauthuserpass.txt
And where the "freeopenvpnauthurserpass.txt" file contains two lines:
freeopenvpn
123456789
Where nothing changes quickly except that one 9-digit password above.
I don't use the OpenVPN GUI since I connect to the VPN via
doubleclicking the batch file below, whose last line is
what skirts around the Windows UAC popups (yes, I know, if you
don't like that part, just uncomment the part above it then),
and I don't feel like typing the VPN password each time which
is the second point of having the script (instead of the OpenVPN GUI).
Here's the current short script which, if the username/password
is already set, will work for anyone without need for user input.
RUN-ONLY BATCH SCRIPT:
@echo off
set configfile=USA_freeopenvpn_tcp.ovpn
REM set configfile=USA_freeopenvpn_udp.ovpn
set configcmd=C:\Program Files\OpenVPN\bin\openvpn.exe
set configdir=C:\freeopenvpn\config\
REM %configcmd% %configdir%%configfile%
c:\windows\system32\runas.exe /user:administrator /savecred "%configcmd% %configdir%%configfile%"
But a few times a day, the 9-digit password changes so user input
is required. To do that, I run this setup-and-run script instead.
SETUP-AND-RUN BATCH SCRIPT:
@echo off
echo "Append the username/password to all freeopenvpn ovpn config files"
echo "auth-user-pass C:\\freeopenvpn\\freeopenvpnauthuserpass.txt"
pause
echo "Get the latest 9-digit password from https://www.freeopenvpn.org/premium.php"
"C:\Users\username\AppData\Local\Epic Privacy Browser\Application\epic.exe" "https://www.freeopenvpn.org/premium.php" &
set /p user_input=Enter 9-digit password here"
echo %user_input%
REM it might be nice to count the number of digits to ensure it's 9 in number
pause
echo "Paste that latest 9-digit password into the freeopenvpnauthuserpass.txt file"
C:\Windows\notepad.exe "C:\\freeopenvpn\\freeopenvpnauthuserpass.txt" &
pause
cd C:\\freeopenvpn\
set configfile=USA_freeopenvpn_tcp.ovpn
REM set configfile=USA_freeopenvpn_udp.ovpn
set configcmd=C:\Program Files\OpenVPN\bin\openvpn.exe
set configdir=C:\freeopenvpn\config\
REM %configcmd% %configdir%%configfile%
c:\windows\system32\runas.exe /user:administrator /savecred "%configcmd% %configdir%%configfile%"
The reason this is posted is to help others connect to the same free freeopenvpn VPN service without needing to invoke the OpenVPN GUI.
While I'm well aware that some people won't like that it bypasses
UAC, all they have to do to NOT bypass UAC is uncomment the
penultimate line and comment out the last line so that's not where improvements are going to be found (unless you have a better solution,
which, yes, I know, involves shortcuts & the Windows task manager).
But that's complicated.
This is simple.
And I'm not worried about my kids or my dog accessing my computer.
If you can improve this file (other than the UAC part), then that
would be useful to thousands of people since it works for everyone.
It turns out there's something called Limited User Account (LUA)
which is a lock the remains when UAC is turned down. Apparently
there's now a setting in the UAC window for it, but I don't see it
on my system. Yet it's an easy Registry hack:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
Add a 32-bit dword value named EnableLUA, if it's not there. Set the
value to 0. Reboot. Drag-drop then works and it seems to stop the
nags. I'm guessing that setting would save you from problems in your
code. But if you want LUA handcuffs then just leave the code as is.
What does it matter, really? You're only elevating for that occasion.
This looked like an interesting way to use OpenVPN.
I'm having a problem with the SETUP-AND-RUN BATCH SCRIPT.
I modified the URL that displays the password to https://www.freeopenvpn.org/premium.php?cntid=USA&lang=en.
The original URL redirected to https://www.freeopenvpn.org/.
If the browser window is not already open, the user input will not work.
If it is open, it works fine.
Do you know the reason for that?
On Wed, 21 Feb 2024 03:40:56 -0600, AllanH wrote:
If the browser window is not already open, the user input will not work.
If it is open, it works fine.
Do you know the reason for that?
See above. It worked fine for me whether or not the browser was already
open. I used the Epic Privacy Browser but I don't see how that matters.
https://cdn.epicbrowser.com/v120/mini_installer.exe
Since it's a universal script, maybe someone else can check it as I've been using these batch methods for freeopenvpn so long I forget all the Windows switches I had to flip in order to turn Windows (which is a graphical user interface) into a batch user interface (see my other post in this thread).
Having said that, thank you for eliminating one keystroke.
There are two others we can figure out how to remove maybe together.
1. At the beginning, check if the authuserpass is already added,
and if not, add it automatically (but this only is needed once
every few months, and there are only one or two config files involved).
2. When getting the password, after typing it, I echo it and then
I copy it into my clipboard and then when the editing window
comes up, I paste it into that Notepad (or vim) editing window.
But it would be nice to just wipe out the existing password
in the two-line file to automatically put this new password in.
Or... just replace the password authuserpass within the actual
config file which will be run at the end of the script.
There were three extra button pushes, where you eliminated one.
So those are the only two extra button pushes left to eliminate.
REM %configcmd% %configdir%%configfile%
c:\windows\system32\runas.exe /user:administrator /savecred "%configcmd% %configdir%%configfile%"
Runas commandrunas /user:localadmin cmd.exe <<
Runas savecredrunas /user:localadmin /savecred cmd.exe <<
C:\Program Files\RunasRob\runasrob.exe C:\path\application.exe <<
| There are about a dozen Windows 10 tricks involved but the end
| result is simply duplicating in batch what you already do manually.
Wow. I was impressed with myself for making Proton VPN work. :)
But I'm fortunate that I don't need it. I only used it once because
I was on hotel wifi.
Test3: With the web browser NOT already open, run it again.
Well, that worked perfectly. It brought up the browser & to the right page.
| There are about a dozen Windows 10 tricks involved but the end
| result is simply duplicating in batch what you already do manually.
Wow. I was impressed with myself for making Proton VPN work. :)
But I'm fortunate that I don't need it. I only used it once because
I was on hotel wifi.
What other creeping elegance could improve this for everyone out there?
I appreciate your detailed reply.
I have a little experience with batch files, but not much experience with VPN Clients.
I tried the batch file with both of my Chromium-based browsers, with the same result.
The user input would work if the browsers were open and would not if they were not open.
I don't know what the problem would be.
Does the last line of your batch file that executes openvpn.exe display anything?
Since it didn't for me, I didn't think it worked correctly.
One reason I may not continue with OpenVPN is it caused an issue
with connecting to my Wi-Fi after a reboot.
It's not the type of software I would use very often.
| I would think the batch scripts would work for any free VPN outfit.
|
Maybe. I don't know a lot about this.
It sounds like Bill is using some kind of super-safe service.
Proton was just a GUI requiring a couple of clicks, as I recall.
There'd be nothing to need a script for.
The OP isn't using the GUI. He's just clicking on his batch script.
The advantage is that he can mix and match any number of servers as these config files can be a mix and match of a dozen different VPN services.
All he needs from the various VPN services are the text config files.
With his methods, you can connect to thousands of free VPNs at any time.
Thanks for the explanation. This is mostly new to me. Sorry
to be thick, but I'm still confused about how it all works. If I'm understanding correctly, openVPN is the software commonly used
for the actual data transfer between servers, as well as between
client and server.
VPN is a masking service offered by mostly commercial
servers that offer to let you connect to them as a pass-through
in order to prevent tracking of your location and to encrypt your
web activities. Most such servers charge for the service.
Freeopenvpn seems to be some kind of non-profit running on
donations, providing free VPN service.
Thus, the scripts are about avoiding software rather than using
a different kind of VPN setup. I don't see any advantage there,
but to each their own.
Is all that about right? Yet freeopenvpn is not listed on any
sites that run articles such as "The Top VPN services of 2024".
I feel like I'm missing a piece of the puzzle here.
I tried downloading a config file from freeopenvpn. I see a long
base-64 key. So the deal is that one must install the openVPN client,
then that uses the downloaded .ovpn keys? So you're using
freeopenvpn as a service and skipping the GUI? But I assume
the script doesn't obviate the need to use some kind of
server -- free or paid. It's just bypassing a GUI?
Then, what are all the various server options in different countries?
Are those all non-profits, like the way that universities often
host Linux packages?
In other words, if I set up free Proton it shows me a list of
server options in different countries. In freeopenvpn presumably
you pick one such server, download the key, then feed that to
the openVPN software, and away you go. I'm curious about the
financial aspect. And how the client service relates to the various
server choices.
With email, for example, you either pay money for the server
access or you pay in spyware (as with gmail, yahoo, etc).
I'm curious how this works with VPN. Your link says to watch out for
free VPN because it's sleazy spyware. But then they recommend
some free VPNs. So, something like freeopenvpn -- is that a
politically motivated, non-profit, legit free VPN server? Or is it reasonable to assume they're selling data to pay the bills? Their
website is very limited in terms of information.
And what exactly does the VPN service provide? The first jump
into the network of VPN servers? That seems to imply that unlike
email, VPN communication itself is mainly provided by non-profits.
I wonder what percentage of those with a VPN client use it all the time.
From what I know of them, there is usually a tradeoff with a much lower connection speed.
On Fri, 23 Feb 2024 02:45:39 -0600, AllanH <nospam@unokix.invalid> wrote
I wonder what percentage of those with a VPN client use it all the time.
From what I know of them, there is usually a tradeoff with a much lower
connection speed.
Depends on the use model of course, like everything else you do.
If you need high anonymity, the loss of connection speed of the
tor browser bundle might be worth the inevitable cost in speed.
But some things don't matter if you lose a bit of speed doing them.
An example is posting to usenet where you only need to be on the VPN
service for a few seconds to send and then you can disconnect after that.
Another example is setting up a new account for something like protonmail which won't allow you to use Tor to set up that account but you can use Tor after you've already set up the account. They never know your real IP.
Another example is downloading torrents of course, where in that case
you'll be connected for a half hour or so while you're using the VPN,
but this saves you from getting a notice from your ISP from the DMCA.
For those who are on the same VPN all day every day, I don't think there is any utility in the batch scripts listed in this thread. They're more useful for those who connect and disconnect when they do things, for example,
let's say they want to run a google search using native Chrome, they might not want that search to be archived to their IP address.
1. Click the batch file (and it chooses a random VPN IP address).
2. Start Chrome and run that google search.
3. Tap F4 to kill the random IP address.
It slightly slows down the google search but that's the only drawback.
The advantage is Google doesn't know that it's your IP address this way.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 297 |
Nodes: | 16 (2 / 14) |
Uptime: | 00:43:18 |
Calls: | 6,666 |
Calls today: | 4 |
Files: | 12,212 |
Messages: | 5,335,396 |