Jump to content
Sign in to follow this  

OpenVPN disconnect signal via Telnet

Recommended Posts


Hi, guys, I want to share my findings and hard work with the community.

I wanted to disconnect an OpenVPN connection. There're two options. Option 1: kill process openvpn.exe. Option 2: send 'signal SIGTERM' (graceful exit).
Let's work option 2. I need to start openvpn.exe with '--management IP port' option to enable the management interface.
Because I want my script to interact and know all the status messages, I need to access stdin/stdout streams.

My first idea was to use Windows Telnet client. (You have to install it via Control Panel > Windows Features). AutoIt manages correctly the I/O streams with Run(), $STDIN_CHILD + $STDOUT_CHILD options, and StdoutRead, StdinWrite functions. I can start a console with Run(@ComSpec & " /k telnet") and interact till the Telnet> prompt, but after sending the 'open localhost 7505' command, the stream stops responding.
After hours trying, I learned that Windows Telnet can't redirect (pipe output) stdin/stdout. Here's an explanation: http://comp.terminals.narkive.com/oHwvdYmf/hang-crash-in-plink-with-windows-telnet-server

I delved into this forum looking for telnet info. First suggestion was to use an alternative program called 'Console Telnet' http://consoletelnet.sourceforge.net/, and use the script by 'Chimp' Also '?do=embed' frameborder='0' data-embedContent>>
I tried ConsoleTelnet directly (standalone exe) but, after connecting to OpenVPN, the console stops the keyboard input. (I don't know what strange configuration I'm missing.)
Then I tried the script. It connects, but then no more data can be sent.
Update: I tested the ConsoleTelnet + script with a public telnet server and it worked. Finally, I found out that the problem was with the termination characters! Keep in mind that some servers (localhost Windows) require @CRLF. If you just send a @CR, it will hang. So the correction is: StdinWrite(pid, "cmd" & @CRLF).
Remember to edit config file 'telnet.ini' and enable option Telnet_Redir=1.

Desperated, I opted for the quick-and-dirty workaround of reading the console by copying to the clipboard. Send("!{SPACE}ES") Send("{ENTER}").
But I wasn't willing to give up, and continued my research. I tried third-party consoles dtelnet.sourceforge and console.sourceforge, but cannot redirect stdin/stdout. Finally I stumbled upon plink.exe (a command-line interface to the PuTTY back end). http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
plink -raw -P 7505 localhost
But it happened as with ConsoleTelnet: keyboard input stucks after connection to OpenVPN. I even tried with netcat. It works as standalone (netcat localhost 7505) but there's a problem with I/O stream piping with AutoIt.

After an exhausting day, I finally decided to give TCP a try. And it worked! with just a few lines of code.
Here is the minimalistic version. You should add more code to watch for errors.

$Socket = TCPConnect("", 7505)
;ConsoleWrite(TCPRecv($Socket, 500))
TCPSend($Socket, "signal SIGTERM" & @CRLF)
;ConsoleWrite(TCPRecv($Socket, 500))

Here is the connection snippet.

$cmd = 'openvpn --config "C:\Program Files (x86)\OpenVPN\config\myconfig.ovpn" --remote 443 --management localhost 7505'
$pid = Run(@ComSpec & " /c " & $cmd, "", @SW_HIDE, $STDOUT_CHILD)
Local $line
While 1
    $line = StdoutRead($pid)
    If @error Then ExitLoop
    If StringInStr($line, "Initialization Sequence Completed") Then ExitLoop
If ProcessExists($pid) Then
    ProcessWaitClose($pid, 5)

I hope this info will be useful for someone, somewhere, sometime.

  • Like 1
  • Thanks 1

Share this post

Link to post
Share on other sites

Awesome! This post is really fricken old, but it is exactly what I needed! Thank you sir!

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this