Building a Silent Installation for SE VPN Client in Windows

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
JimG
Posts: 4
Joined: Tue Nov 01, 2016 8:29 pm

Building a Silent Installation for SE VPN Client in Windows

Post by JimG » Thu Aug 10, 2017 5:41 pm

I'm building a silent install to be used on Win7 and Win10. Like many Windows SW distribution systems, the one I'm uses installs from a service. This means the service is running under the Service Control Manager's credentials which are essentially the same as running as SYSTEM.

I have most of the install package working, but cannot get VPN vNICs created. I'm running CMD.EXE scripts with UAC disabled. In the unseen system session, I start the vpncmgr.exe app, import .vpn files and try to run vpncmd commands to build the VPN NICs. Everything works but the creation of the VPN NICs.

Here are the commands I'm using (for 32 bit systems):
"c:\program files\softether vpn client\vpncmd.exe" localhost /client /cmd:NicCreate VPN
"c:\program files\softether vpn client\vpncmd.exe" localhost /client /cmd:NicCreate VPN2

Both commands give Error code: 31 when attempted from within the software installation service on the client PC. All other commands work like /cmd:AccountImport.

The commands that fail run fine from the desktop when the vpncmgr program is running on the desktop as well. I've verified that I see an instance of vpncmgr.exe running in memory as SYSTEM, proving that vpncmgr.exe is started before the failing commands are attempted.

Does anyone have any idea what can be done to make VPN NIC?

Does anyone have a silent installation process for SE VPN Client?

If i get this working, I'll post it here. I can't believe this fantastic project has an installer that has to be run interactively. It makes widespread use of this project impossible.

This is something that has to be fixed in future releases.

Jim

JimG
Posts: 4
Joined: Tue Nov 01, 2016 8:29 pm

Re: Building a Silent Installation for SE VPN Client in Wind

Post by JimG » Sat Aug 19, 2017 5:51 pm

SoftEther VPN is a create piece of work. This forum...... Not so much - no responses to this question.

It's hard to believe no one has addressed making a silent installation for SoftEther VPN. Harder to believe is that the authors of the software didn't provide that out of the box. It seems like a logical requirement, given the nature of the software. VPNs are certainly more the staple of corporate users which is also where silent deployments are required.

OK, so I have a working solution that isn't great, but it works.

For my purposes, I need an installation that can be run by a software deployment service on a windows PC. Installation services tend to run under SYSTEM credentials. I could alter this but that could easily negatively impact execution/success of all the other software packages that already successfully install from that service. SoftEther VPN is one of many software packages this service has to install. So, I'm not willing to do that. We also need to understand that a Windows service starts before some portions of the OS. As a result, the environment and security context under which a service runs isn't the same as the fully booted OS. And this could explains some of the issues I'm seeing.

My initial installation approach was simple:
- copy all files and folders under the "SoftEther VPN Client" folder under "\Program Files" from a successfully installed client. I used Robocopy with the /mir switch.
- create the SEVPNCLIENT service and start it
- Start the vpnmgr program
- Once the vpnmgr is running, run some vpncmd commands to create VPN NICs and connections

The problem I ran into with this approach is that I could not get the VPN NIC creation commands to actually create a VPN NIC. Commands that worked fine from the desktop produced errors when run from a service.

As a result, I had to break the installation up into 2 parts. The first two steps, above, could be run from the installation service. The last two steps had to be run from the logon script, under a user's security context and profile. The negative of this approach is that when a 2nd logs in, the user side runs a 2nd time, even though the steps were already completed. I haven't test this, but I imagine the user has to be an administrator on the machine for the script to work.

Here's the Script run by the service :

IF EXIST "%programfiles(x86)%" goto 64BIT

set vpnclient="%systemdrive%\program files\softether vpn client\vpnclient.exe"
set vpnmgr="%systemdrive%\program files\softether vpn client\vpnmgr.exe"

goto out

:64BIT

set vpnclient="%systemdrive%\program files\softether vpn client\vpnclient_x64.exe"
set vpnmgr="%systemdrive%\program files\softether vpn client\vpnmgr.exe_x64"

:out

robocopy "\source\SoftEther VPN Client" "%programfiles%\SoftEther VPN Client" /mir

rem service
sc create SEVPNCLIENT binPath= "%programfiles%\SoftEther VPN Client\%vpncmd% /service" start= auto DisplayName= "SoftEther VPN Client"
sc description SEVPNCLIENT "This manages the Virtual Network Adapter device driver and connection service for the SoftEther VPN Client. When this service is stopped, it will not be possible to use SoftEther VPN Client on this computer to connect to a SoftEther VPN Server."

reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "SoftEther VPN Client Manager UI Helper" /d "\"%programfiles%\SoftEther VPN Client\%vpncmgr%\" /uihelp" /f
reg add "HKLM\SOFTWARE\SoftEther Project\VPN Command Line Utility" /v "InstalledVersion" /t REG_DWORD /d 0x25a2 /f

sc start SEVPNCLIENT

exit

Here's the script run by the user at login (note, since above reg add specifies the vpnmgr.exe program will start automatically at login, the script just waits for the program to show up in memory):

:search
tasklist|find "vpncmgr"
if %ERRORLEVEL% EQU 0 GOTO Cont
timeout /t 3
goto search

:Cont
timeout /t 5

IF EXIST "%programfiles(x86)%" goto 64BIT

set vpncmd="%systemdrive%\program files\softether vpn client\vpncmd.exe"

goto out

:64BIT

set vpncmd="%systemdrive%\program files\softether vpn client\vpncmd_x64.exe"

:out

rem Create virtual NICs
%vpncmd% localhost /client /cmd:NicCreate VPN
%vpncmd% localhost /client /cmd:NicCreate VPN2
%userupdatecmdpath%\nvspbind.exe /d neoadapter_vpn ms_tcpip6
%userupdatecmdpath%\nvspbind.exe /d neoadapter_vpn2 ms_tcpip6

rem Create VPN connections
%vpncmd% localhost /client /cmd:AccountDelete MyConnection1
%vpncmd% localhost /client /cmd:AccountImport source\MyConnection1.vpn
%vpncmd% localhost /client /CMD:AccountDelete MyConnection2
%vpncmd% localhost /client /CMD:AccountImport source\MyConnection2.vpn

I also have a means to run the script from the logon script only once for each user. This is done by putting something in the HKCU registry after the above script is completed or as an additional last line of the above script and checking for that value before the script is started from the actual logon script. I don't show these steps here because, in my installation, they aren't part part of these scripts.

I have no idea why the create VPN NIC step will not work when initiated by a windows service, even though I've demonstrated to myself that the vpnmgr program is in memory and running when the NICCreate commands are run. I may try to shell the last two step from the service, starting the process in a different user context with user profile loaded - or I may not. The above works for me.

JimG

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Building a Silent Installation for SE VPN Client in Wind

Post by thisjun » Thu Sep 14, 2017 6:37 am

>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "SoftEther VPN Client Manager UI Helper" /d "\"%programfiles%\SoftEther VPN Client\%vpncmgr%\" /uihelp" /f

This line is wrong.
You should write this.
>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "SoftEther VPN Client Manager UI Helper" /d "\"%programfiles%\SoftEther VPN Client\%vpnclient%\" /uihelp" /f

You can run "vpnclient_x64.exe /uihelp" from batch as login user.

Post Reply