杜兰特2014集锦:配置Openvpn-gui开机后自动运行和连接，并解决openvpn-gui图标不变化和不能connect的问题

安装并配置好Openvpn
1、修改注册表HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN-GUI
allow_service=1，service_only＝1，silent_connection＝1，show_balloon＝1，show_script_window＝1

      silent_connection＝1是为了使openvpn在启动后不弹出窗口，通常必须设置。service_only、llow_service、show_script_window及show_balloon可根据个人喜好设置，其具体意义见方法二的附图。我通常设置service_only=1, show_balloon=2，这样openvpn只以服务方式运行，而且每次重新连接时都会有提示。
2、增加HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Run\Openvpn

"C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe"

     这样可使openvpn-gui在用户登录后运行。

3、运行services.msc，修改OpenVPN Service服务为自动启动，使openvpn在开机后自动连接（即使用户未登录）。

     若在系统启动后立即登录windows，可能会使openvpn-gu在openvpn service启动之前运行，这样会导致openvpn-gui的tray icon不能根据连接情况变化，而且菜单中的connet等项目不可用。如果出现这种情况，可等openvpn服务启动后，在openvpn-gui菜单上选exit退出，然后重新运行openvpn-gui即可解决。

方法二：

1、修改注册表HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN-GUI
llow_service=0

2、在注册表中增加HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OpenVPN

"C:\\Program Files\\OpenVPN\\bin\\openvpn-gui-1.0.3.exe --connect client.ovpn"

还可使用其他选项，以覆盖注册表中open-gui的相关设置，可用openvpn-gui --help查看有哪些选项，如下：

上图中的option参数在注册表中均有对应项目。

 方法一用户不登录openvpn也会启动，方法二必须在用户登录到windows之后才会生效。

如果openvpn启动后连接不上，可能是防火墙设置问题，参见下文：

OpenVPN Notes -- Firewall on the Windows client

In general, it's a good idea to always protect a VPN client or server with a firewall.

The important points for setting up firewalling on a Windows system running OpenVPN are:

1. Make sure that your connection to the internet is always firewalled, especially when you are running a VPN. VPNs create trusted relationships between geographically disparate networks, and if any network on the VPN is compromised by a virus or worm, the exploit has the potential of jumping across the VPN and infecting other machines.
2. You can enable firewalling on a given network adapter by going to Control Panel -> Network Connections, right-click on the icon that represents your link to the internet, select "Properties", go the the "Advanced" tab, and enable "Internet Connection Firewall".
3. If you are running OpenVPN as a server on a Windows machine, you will need to configure your firewall to allow incoming clients to connect to OpenVPN's port number which is "UDP 1194" by default.
4. In general, running OpenVPN as a client doesn't require any special firewall configuration, provided you use the --ping option to preserve the state of the OpenVPN connection in the firewall.
5. In general, you don't need to enable firewalling on the TAP-Win32 adapter. Once an IP packet appears to be "coming in" on the TAP-Win32 adapter, it has already been decrypted and authenticated by OpenVPN, even though the connection between OpenVPN peers might transit an untrusted network such as the internet.
6. One case where you might want to firewall the TAP-Win32 adapter is if you are connecting to an untrusted machine, or a machine which will route or bridge your connection with an untrusted network.

     win7将网络分为家庭网络、办公网络、公共网络三个类别，对每个类别可以单独设置防火墙策略，使用openvpn时要注意目前电脑工作在哪个网络下，并检查防火墙是否允许openvpn的数据包通过。