Welcome to the Chocolatey Community Package Repository! The packages found in this section of the site are provided, maintained, and moderated by the community.
Moderation
Every version of each package undergoes a rigorous moderation process before it goes live that typically includes:
- Security, consistency, and quality checking
- Installation testing
- Virus checking through VirusTotal
- Human moderators who give final review and sign off
More detail at Security and Moderation.
Organizational Use
If you are an organization using Chocolatey, we want your experience to be fully reliable. Due to the nature of this publicly offered repository, reliability cannot be guaranteed. Packages offered here are subject to distribution rights, which means they may need to reach out further to the internet to the official locations to download files at runtime.
Fortunately, distribution rights do not apply for internal use. With any edition of Chocolatey (including the free open source edition), you can host your own packages and cache or internalize existing community packages.
Disclaimer
Your use of the packages on this site means you understand they are not supported or guaranteed in any way. Learn more...
- STEP1Package Review
- STEP2Integration Method
- STEP3Internal Repo Url
- STEP4Environment Setup
- STEP5Install Script
Step 1: Review Your Packages
Step 2: Choose Your Integration Method
- Generic
- Individual
- Ansible
- PS DSC
Step 3: Enter Your Internal Repository Url
(this should look similar to https://community.chocolatey.org/api/v2/)
Step 3: Copy Your Script or Download Config
Option 1: Copy Script
Option 2: Download Config
Step 4: Setup Your Environment
1. Ensure you are set for organizational deployment
Please see the organizational deployment guide
2. Get the package into your environment
Option 1: Cached Package (Unreliable, Requires Internet - Same As Community)
- Open Source or Commercial:
- Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to https://community.chocolatey.org/api/v2/. Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
-
You can also just download the packages and push them to a repository
Download Packages
Option 2: Internalized Package (Reliable, Scalable)
- Open Source
-
Download the packages:
Download Packages - Follow manual internalization instructions
-
- Package Internalizer (C4B)
- Run: (additional options)
- For package and dependencies run:
- Automate package internalization
- Run: (additional options)
Step 5: Copy Your Script
See options you can pass to upgrade.
See best practices for scripting.
Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.
If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:
If Applicable - Chocolatey Configuration/Installation
## 1. REQUIREMENTS ##### Here are the requirements necessary to ensure this is successful.### a. Internal/Private Cloud Repository Set Up ####### You'll need an internal/private cloud repository you can use. These are#### generally really quick to set up and there are quite a few options.#### Chocolatey Software recommends Nexus, Artifactory Pro, or ProGet as they#### are repository servers and will give you the ability to manage multiple#### repositories and types from one server installation.### b. Download Chocolatey Package and Put on Internal Repository ####### You need to have downloaded the Chocolatey package as well.#### Please see https://chocolatey.org/install#organization### c. Other Requirements ####### We initialize a few things that are needed by this script - there are no other requirements.$ErrorActionPreference = "Stop"#### Set TLS 1.2 (3072) as that is the minimum required by various up-to-date repositories.#### Use integers because the enumeration value for TLS 1.2 won't exist#### in .NET 4.0, even though they are addressable if .NET 4.5+ is#### installed (.NET 4.5 is an in-place upgrade).[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072#### We use this variable for future REST calls.$RequestArguments = @{ UseBasicParsing = $true}## 2. TOP LEVEL VARIABLES ##### a. Your internal repository url (the main one). ####### Should be similar to what you see when you browse#### to https://community.chocolatey.org/api/v2/$NugetRepositoryUrl = "INTERNAL REPO URL"### b. Internal Repository Credential ####### If required, add the repository access credential here# $NugetRepositoryCredential = [PSCredential]::new(# "username",# ("password" | ConvertTo-SecureString -AsPlainText -Force)# )# $RequestArguments.Credential = $NugetRepositoryCredential### c. Chocolatey nupkg download url ####### This url should result in an immediate download when you navigate to it$ChocolateyDownloadUrl = "$($NugetRepositoryUrl.TrimEnd('/'))/package/chocolatey.2.2.2.nupkg"### d. Chocolatey Central Management (CCM) ####### If using CCM to manage Chocolatey, add the following:#### i. Endpoint URL for CCM# $ChocolateyCentralManagementUrl = "https://chocolatey-central-management:24020/ChocolateyManagementService"#### ii. If using a Client Salt, add it here# $ChocolateyCentralManagementClientSalt = "clientsalt"#### iii. If using a Service Salt, add it here# $ChocolateyCentralManagementServiceSalt = "servicesalt"## 3. ENSURE CHOCOLATEY IS INSTALLED ##### Ensure Chocolatey is installed from your internal repository#### Download the Nupkg, appending .zip to the filename to handle archive cmdlet limitationsif (-not (Get-Command choco.exe -ErrorAction SilentlyContinue)) { $TempDirectory = Join-Path $env:Temp "chocolateyInstall" if (-not (Test-Path $TempDirectory -PathType Container)) { $null = New-Item -Path $TempDirectory -ItemType Directory } $DownloadedNupkg = Join-Path $TempDirectory "$(Split-Path $ChocolateyDownloadUrl -Leaf).zip" Invoke-WebRequest -Uri $ChocolateyDownloadUrl -OutFile $DownloadedNupkg @RequestArguments #### Extract the Nupkg, and run the chocolateyInstall script if (Get-Command Microsoft.PowerShell.Archive\Expand-Archive -ErrorAction SilentlyContinue) { Microsoft.PowerShell.Archive\Expand-Archive -Path $DownloadedNupkg -DestinationPath $TempDirectory -Force } else { # PowerShell versions <4.0 do not have this function available try { $shellApplication = New-Object -ComObject Shell.Application $zipPackage = $shellApplication.NameSpace($DownloadedNupkg) $destinationFolder = $shellApplication.NameSpace($TempDirectory) $destinationFolder.CopyHere($zipPackage.Items(), 0x10) } catch { Write-Warning "Unable to unzip package using built-in compression." throw $_ } } & $(Join-Path $TempDirectory "tools\chocolateyInstall.ps1")}if (-not (Get-Command choco.exe -ErrorAction SilentlyContinue)) { refreshenv}## 4. CONFIGURE CHOCOLATEY BASELINE ##### a. FIPS Feature ####### If you need FIPS compliance - make this the first thing you configure#### before you do any additional configuration or package installations# choco feature enable -n useFipsCompliantChecksums### b. Apply Recommended Configuration ####### Move cache location so Chocolatey is very deterministic about#### cleaning up temporary data and the location is secured to adminschoco config set --name cacheLocation --value C:\ProgramData\chocolatey\cache#### Increase timeout to at least 4 hourschoco config set --name commandExecutionTimeoutSeconds --value 14400#### Turn off download progress when running choco through integrationschoco feature disable --name showDownloadProgress### c. Sources ####### Remove the default community package repository sourcechoco source list --limitoutput | ConvertFrom-Csv -Header 'Name', 'Location' -Delimiter '|' | ForEach-Object { if ($_.Location -eq 'https://community.chocolatey.org/api/v2/') { choco source remove -n $_.Name }}#### Add internal default sources#### You could have multiple sources here, so we will provide an example#### of one using the remote repo variable here#### NOTE: This EXAMPLE may require changesif ($NugetRepositoryCredential) { choco source add --name ChocolateyInternal --source $NugetRepositoryUrl --user $NugetRepositoryCredential.UserName --password $NugetRepositoryCredential.GetNetworkCredential().Password --priority 1} else { choco source add --name ChocolateyInternal --source $NugetRepositoryUrl --priority 1}### b. Keep Chocolatey Up To Date ####### Keep chocolatey up to date based on your internal source#### You control the upgrades based on when you push an updated version#### to your internal repository.#### Note the source here is to the OData feed, similar to what you see#### when you browse to https://community.chocolatey.org/api/v2/choco upgrade chocolatey --confirm## 5. ENSURE CHOCOLATEY FOR BUSINESS ##### If you don't have Chocolatey for Business (C4B), you'll want to remove from here down.### a. Ensure The License File Is Installed ####### Create a license package using script from https://docs.chocolatey.org/en-us/how-tos/setup-offline-installation#exercise-4-create-a-package-for-the-licensechoco install chocolatey-license --source $NugetRepositoryUrl --confirm### b. Disable The Licensed Source ####### The licensed source cannot be removed, so it must be disabled.#### This must occur after the license has been set by the license package.if ("chocolatey-license" -in (choco list --localonly --limitoutput | ConvertFrom-Csv -Header "Name" -Delimiter "|").Name) { choco source disable --name chocolatey.licensed} else { Write-Warning "Not disabling 'chocolatey.licensed' feed, as Chocolatey-License has not been installed."}### c. Ensure Chocolatey Licensed Extension ####### You will have downloaded the licensed extension to your internal repository#### as you have disabled the licensed repository in step 5b.#### Ensure the chocolatey.extension package (aka Chocolatey Licensed Extension)if ("chocolatey-license" -in (choco list --localonly --limitoutput | ConvertFrom-Csv -Header "Name" -Delimiter "|").Name) { choco install chocolatey.extension --source $NugetRepositoryUrl --confirm} else { Write-Warning "Not installing 'chocolatey.extension', as Chocolatey-License has not been installed."}#### The Chocolatey Licensed Extension unlocks all of the following, which also have configuration/feature items available with them. You may want to visit the feature pages to see what you might want to also enable:#### - Package Builder - https://docs.chocolatey.org/en-us/features/paid/package-builder#### - Package Internalizer - https://docs.chocolatey.org/en-us/features/paid/package-internalizer#### - Package Synchronization (3 components) - https://docs.chocolatey.org/en-us/features/paid/package-synchronization#### - Package Reducer - https://docs.chocolatey.org/en-us/features/paid/package-reducer#### - Package Audit - https://docs.chocolatey.org/en-us/features/paid/package-audit#### - Package Throttle - https://docs.chocolatey.org/en-us/features/paid/package-throttle#### - CDN Cache Access - https://docs.chocolatey.org/en-us/features/paid/private-cdn#### - Branding - https://docs.chocolatey.org/en-us/features/paid/branding#### - Self-Service Anywhere (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/self-service-anywhere#### - Chocolatey Central Management (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/chocolatey-central-management#### - Other - https://docs.chocolatey.org/en-us/features/paid/### d. Ensure Self-Service Anywhere ####### If you have desktop clients where users are not administrators, you may#### to take advantage of deploying and configuring Self-Service anywherechoco feature disable --name showNonElevatedWarningschoco feature enable --name useBackgroundServicechoco feature enable --name useBackgroundServiceWithNonAdministratorsOnlychoco feature enable --name allowBackgroundServiceUninstallsFromUserInstallsOnlychoco config set --name allowedBackgroundServiceCommands --value "install,upgrade,uninstall"### e. Ensure Chocolatey Central Management ####### If you want to manage and report on endpoints, you can set up and configure### Central Management. There are multiple portions to manage, so you'll see### a section on agents here along with notes on how to configure the server### side components.if ($ChocolateyCentralManagementUrl) { choco install chocolatey-agent --source $NugetRepositoryUrl --confirm choco config set --name CentralManagementServiceUrl --value $ChocolateyCentralManagementUrl if ($ChocolateyCentralManagementClientSalt) { choco config set --name centralManagementClientCommunicationSaltAdditivePassword --value $ChocolateyCentralManagementClientSalt } if ($ChocolateyCentralManagementServiceSalt) { choco config set --name centralManagementServiceCommunicationSaltAdditivePassword --value $ChocolateyCentralManagementServiceSalt } choco feature enable --name useChocolateyCentralManagement choco feature enable --name useChocolateyCentralManagementDeployments}See docs at https://docs.ansible.com/ansible/latest/modules/win_chocolatey_module.html.
If Applicable - Chocolatey Configuration/Installation
## 1. REQUIREMENTS ##### Here are the requirements necessary to ensure this is successful.### a. Internal/Private Cloud Repository Set Up ####### You'll need an internal/private cloud repository you can use. These are#### generally really quick to set up and there are quite a few options.#### Chocolatey Software recommends Nexus, Artifactory Pro, or ProGet as they#### are repository servers and will give you the ability to manage multiple#### repositories and types from one server installation.### b. Download Chocolatey Package and Put on Internal Repository ####### You need to have downloaded the Chocolatey package as well.#### Please see https://chocolatey.org/install#organization### c. Other Requirements ####### i. chocolatey.chocolatey##### You will require the chocolatey.chocolatey collection to be installed##### on all machines using this playbook.##### Please see https://github.com/chocolatey/chocolatey-ansible/#installing-the-collection-from-ansible-galaxy- name: Install and Configure Chocolatey hosts: all## 2. TOP LEVEL VARIABLES ## vars:### a. Your internal repository url (the main one). ####### Should be similar to what you see when you browse#### to https://community.chocolatey.org/api/v2/ nuget_repository_url: INTERNAL REPO URL### b. Internal Repository Credential ####### If required, add the repository access credential here and#### uncomment lines with source_username and source_password below# nuget_repository_username: username# nuget_repository_password: password### c. Chocolatey Central Management (CCM) ####### If using CCM to manage Chocolatey, add the following:#### i. Endpoint URL for CCM# chocolatey_central_management_url: https://chocolatey-central-management:24020/ChocolateyManagementService#### ii. If using a Client Salt, add it here# chocolatey_central_management_client_salt: clientsalt#### iii. If using a Service Salt, add it here# chocolatey_central_management_service_salt: servicesalt## 3. ENSURE CHOCOLATEY IS INSTALLED ##### Ensure Chocolatey is installed from your internal repository tasks: - name: Install chocolatey win_chocolatey: name: chocolatey source: ""{{ nuget_repository_url }}"" # source_username: ""{{ nuget_repository_username }}"" # source_password: ""{{ nuget_repository_password }}""## 4. CONFIGURE CHOCOLATEY BASELINE ##### a. FIPS Feature ####### If you need FIPS compliance - make this the first thing you configure#### before you do any additional configuration or package installations# - name: Enable FIPS compliance# win_chocolatey_feature:# name: useFipsCompliantChecksums# state: enabled### b. Apply Recommended Configuration ####### Move cache location so Chocolatey is very deterministic about#### cleaning up temporary data and the location is secured to admins - name: Set the cache location win_chocolatey_config: name: cacheLocation state: present value: C:\ProgramData\chocolatey\cache#### Increase timeout to at least 4 hours - name: Set the command execution timeout win_chocolatey_config: name: commandExecutionTimeoutSeconds state: present value: 14400#### Turn off download progress when running choco through integrations - name: Disable showing download progress win_chocolatey_feature: name: showDownloadProgress state: disabled### c. Sources ####### Remove the default community package repository source - name: Remove Chocolatey Community Repository win_chocolatey_source: name: chocolatey state: absent#### Add internal default sources#### You could have multiple sources here, so we will provide an example#### of one using the remote repo variable here#### NOTE: This EXAMPLE may require changes - name: Add Internal Repository win_chocolatey_source: name: ChocolateyInternal state: present source: {{ nuget_repository_url }} # source_username: {{ nuget_repository_username }} # source_password: {{ nuget_repository_password }} priority: 1### b. Keep Chocolatey Up To Date ####### Keep chocolatey up to date based on your internal source#### You control the upgrades based on when you push an updated version#### to your internal repository.#### Note the source here is to the OData feed, similar to what you see#### when you browse to https://community.chocolatey.org/api/v2/ - name: Upgrade Chocolatey win_chocolatey: name: chocolatey state: latest## 5. ENSURE CHOCOLATEY FOR BUSINESS ##### If you don't have Chocolatey for Business (C4B), you'll want to remove from here down.### a. Ensure The License File Is Installed ####### Create a license package using script from https://docs.chocolatey.org/en-us/how-tos/setup-offline-installation#exercise-4-create-a-package-for-the-license - name: Install Chocolatey License win_chocolatey: name: chocolatey-license source: ChocolateyInternal state: latest### b. Disable The Licensed Source ####### The licensed source cannot be removed, so it must be disabled.#### This must occur after the license has been set by the license package. - name: Disable Chocolatey Community Repository win_chocolatey_source: name: chocolatey.licensed state: disabled### c. Ensure Chocolatey Licensed Extension ####### You will have downloaded the licensed extension to your internal repository#### as you have disabled the licensed repository in step 5b.#### Ensure the chocolatey.extension package (aka Chocolatey Licensed Extension) - name: Install Chocolatey Extension win_chocolatey: name: chocolatey.extension source: ChocolateyInternal state: latest#### The Chocolatey Licensed Extension unlocks all of the following, which also have configuration/feature items available with them. You may want to visit the feature pages to see what you might want to also enable:#### - Package Builder - https://docs.chocolatey.org/en-us/features/paid/package-builder#### - Package Internalizer - https://docs.chocolatey.org/en-us/features/paid/package-internalizer#### - Package Synchronization (3 components) - https://docs.chocolatey.org/en-us/features/paid/package-synchronization#### - Package Reducer - https://docs.chocolatey.org/en-us/features/paid/package-reducer#### - Package Audit - https://docs.chocolatey.org/en-us/features/paid/package-audit#### - Package Throttle - https://docs.chocolatey.org/en-us/features/paid/package-throttle#### - CDN Cache Access - https://docs.chocolatey.org/en-us/features/paid/private-cdn#### - Branding - https://docs.chocolatey.org/en-us/features/paid/branding#### - Self-Service Anywhere (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/self-service-anywhere#### - Chocolatey Central Management (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/chocolatey-central-management#### - Other - https://docs.chocolatey.org/en-us/features/paid/### d. Ensure Self-Service Anywhere ####### If you have desktop clients where users are not administrators, you may#### to take advantage of deploying and configuring Self-Service anywhere - name: Hide not-elevated warnings win_chocolatey_feature: name: showNonElevatedWarnings state: disabled - name: Use background mode for self-service win_chocolatey_feature: name: useBackgroundService state: enabled - name: Use background service for non-admins win_chocolatey_feature: name: useBackgroundServiceWithNonAdministratorsOnly state: enabled - name: Allow background uninstallation for user installs win_chocolatey_feature: name: allowBackgroundServiceUninstallsFromUserInstallsOnly state: enabled - name: Set allowed background service commands win_chocolatey_config: name: backgroundServiceAllowedCommands state: present value: install,upgrade,uninstall### e. Ensure Chocolatey Central Management ####### If you want to manage and report on endpoints, you can set up and configure### Central Management. There are multiple portions to manage, so you'll see### a section on agents here along with notes on how to configure the server### side components. - name: Install Chocolatey Agent when: chocolatey_central_management_url is defined win_chocolatey: name: chocolatey-agent source: ChocolateyInternal state: latest - name: Set the Central Management Service URL when: chocolatey_central_management_url is defined win_chocolatey_config: name: CentralManagementServiceUrl state: present value: {{ chocolatey_central_management_url }} - name: Set the Central Management Client Salt when: chocolatey_central_management_client_salt is defined win_chocolatey_config: name: centralManagementClientCommunicationSaltAdditivePassword state: present value: {{ chocolatey_central_management_client_salt }} - name: Set the Central Management Service Salt when: chocolatey_central_management_service_salt is defined win_chocolatey_config: name: centralManagementServiceCommunicationSaltAdditivePassword state: present value: {{ chocolatey_central_management_service_salt }} - name: Use Central Management when: chocolatey_central_management_url is defined win_chocolatey_feature: name: useChocolateyCentralManagement state: enabled - name: Use Central Management Deployments when: chocolatey_central_management_url is defined win_chocolatey_feature: name: useChocolateyCentralManagementDeployments state: enabledSee docs at https://docs.chef.io/resource_chocolatey_package.html.
See Also
SASE vs. VPN: What’s the difference?The Best VPN Services for 2024De beste VPN tjenestene for Norge 2023The best VPN service in 2024If Applicable - Chocolatey Configuration/Installation
## 1. REQUIREMENTS ##### Here are the requirements necessary to ensure this is successful.### a. Internal/Private Cloud Repository Set Up ####### You'll need an internal/private cloud repository you can use. These are#### generally really quick to set up and there are quite a few options.#### Chocolatey Software recommends Nexus, Artifactory Pro, or ProGet as they#### are repository servers and will give you the ability to manage multiple#### repositories and types from one server installation.### b. Download Chocolatey Package and Put on Internal Repository ####### You need to have downloaded the Chocolatey package as well.#### Please see https://chocolatey.org/install#organization### c. Other Requirements ####### The Chocolatey resources are available with any recent version of Chef.#### We utilise the Chocolatey recipe to install the Chocolatey binaries.include_recipe "chocolatey"## 2. TOP LEVEL VARIABLES ##### a. Your internal repository url (the main one). ####### Should be similar to what you see when you browse#### to https://community.chocolatey.org/api/v2/NugetRepositoryUrl = "INTERNAL REPO URL"### b. Internal Repository Credential ####### If required, add the repository access credential here# NugetRepositoryUsername = "username"# NugetRepositoryPassword = "password"### c. Chocolatey nupkg download url ####### This url should result in an immediate download when you navigate to it in#### a web browserChocolateyNupkgUrl = "INTERNAL REPO URL/package/chocolatey.2.2.2.nupkg",### d. Chocolatey Central Management (CCM) ####### If using CCM to manage Chocolatey, add the following:#### i. Endpoint URL for CCM# ChocolateyCentralManagementUrl = "https://chocolatey-central-management:24020/ChocolateyManagementService"#### ii. If using a Client Salt, add it here# ChocolateyCentralManagementClientSalt = "clientsalt"#### iii. If using a Service Salt, add it here# ChocolateyCentralManagementServiceSalt = "servicesalt"## 3. ENSURE CHOCOLATEY IS INSTALLED ##### Ensure Chocolatey is installed from your internal repositorynode['chocolatey']['install vars'] = { 'chocolateyDownloadUrl' => "#{ChocolateyNupkgUrl}",}## 4. CONFIGURE CHOCOLATEY BASELINE ##### a. FIPS Feature ####### If you need FIPS compliance - make this the first thing you configure#### before you do any additional configuration or package installations# chocolatey_feature 'useFipsCompliantChecksums' do# action :enable# end### b. Apply Recommended Configuration ####### Move cache location so Chocolatey is very deterministic about#### cleaning up temporary data and the location is secured to adminschocolatey_config 'cacheLocation' do value 'C:\ProgramData\chocolatey\cache'end#### Increase timeout to at least 4 hourschocolatey_config 'commandExecutionTimeoutSeconds' do value '14400'end#### Turn off download progress when running choco through integrationschocolatey_feature 'showDownloadProgress' do action :disableend### c. Sources ####### Remove the default community package repository sourcechocolatey_source 'chocolatey' do action :removeend#### Add internal default sources#### You could have multiple sources here, so we will provide an example#### of one using the remote repo variable here#### NOTE: This EXAMPLE may require changeschocolatey_source 'ChocolateyInternal' do source "#{NugetRepositoryUrl}" priority 1 action :addendexecute 'ChocolateyInternal' do command "choco source add --name ChocolateyInternal -s #{NugetRepositoryUrl} -u=#{NugetRepositoryUsername} -p=#{NugetRepositoryPassword} --priority=1" only_if { NugetRepositoryUsername != nil || NugetRepositoryPassword != nil }end### b. Keep Chocolatey Up To Date ####### Keep chocolatey up to date based on your internal source#### You control the upgrades based on when you push an updated version#### to your internal repository.#### Note the source here is to the OData feed, similar to what you see#### when you browse to https://community.chocolatey.org/api/v2/chocolatey_package 'chocolatey' do action :upgrade source "#{NugetRepositoryUrl}"end## 5. ENSURE CHOCOLATEY FOR BUSINESS ##### If you don't have Chocolatey for Business (C4B), you'll want to remove from here down.### a. Ensure The License File Is Installed ####### Create a license package using script from https://docs.chocolatey.org/en-us/how-tos/setup-offline-installation#exercise-4-create-a-package-for-the-licensechocolatey_package 'chocolatey-license' do action :install source "#{NugetRepositoryUrl}"end### b. Disable The Licensed Source ####### The licensed source cannot be removed, so it must be disabled.#### This must occur after the license has been set by the license package.chocolatey_source 'chocolatey.licensed' do action :disableend### c. Ensure Chocolatey Licensed Extension ####### You will have downloaded the licensed extension to your internal repository#### as you have disabled the licensed repository in step 5b.#### Ensure the chocolatey.extension package (aka Chocolatey Licensed Extension)chocolatey_package 'chocolatey.extention' do action install source "#{NugetRepositoryUrl}"end#### The Chocolatey Licensed Extension unlocks all of the following, which also have configuration/feature items available with them. You may want to visit the feature pages to see what you might want to also enable:#### - Package Builder - https://docs.chocolatey.org/en-us/features/paid/package-builder#### - Package Internalizer - https://docs.chocolatey.org/en-us/features/paid/package-internalizer#### - Package Synchronization (3 components) - https://docs.chocolatey.org/en-us/features/paid/package-synchronization#### - Package Reducer - https://docs.chocolatey.org/en-us/features/paid/package-reducer#### - Package Audit - https://docs.chocolatey.org/en-us/features/paid/package-audit#### - Package Throttle - https://docs.chocolatey.org/en-us/features/paid/package-throttle#### - CDN Cache Access - https://docs.chocolatey.org/en-us/features/paid/private-cdn#### - Branding - https://docs.chocolatey.org/en-us/features/paid/branding#### - Self-Service Anywhere (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/self-service-anywhere#### - Chocolatey Central Management (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/chocolatey-central-management#### - Other - https://docs.chocolatey.org/en-us/features/paid/### d. Ensure Self-Service Anywhere ####### If you have desktop clients where users are not administrators, you may#### to take advantage of deploying and configuring Self-Service anywherechocolatey_feature 'showNonElevatedWarnings' do action :disableendchocolatey_feature 'useBackgroundService' do action :enableendchocolatey_feature 'useBackgroundServiceWithNonAdministratorsOnly' do action :enableendchocolatey_feature 'allowBackgroundServiceUninstallsFromUserInstallsOnly' do action :enableendchocolatey_config 'backgroundServiceAllowedCommands' do value 'install,upgrade,uninstall'end### e. Ensure Chocolatey Central Management ####### If you want to manage and report on endpoints, you can set up and configure### Central Management. There are multiple portions to manage, so you'll see### a section on agents here along with notes on how to configure the server### side components.chocolatey_package 'chocolatey-agent' do action install source "#{NugetRepositoryUrl}" # user "#{NugetRepositoryUsername}" # password "#{NugetRepositoryPassword}" only_if { ChocolateyCentralManagementUrl != nil }endchocolatey_config 'CentralManagementServiceUrl' do value "#{ChocolateyCentralManagementUrl}" only_if { ChocolateyCentralManagementUrl != nil }endchocolatey_config 'centralManagementClientCommunicationSaltAdditivePassword' do value "#{ChocolateyCentralManagementClientSalt}" only_if { ChocolateyCentralManagementClientSalt != nil }endchocolatey_config 'centralManagementServiceCommunicationSaltAdditivePassword' do value "#{ChocolateyCentralManagementServiceSalt}" only_if { ChocolateyCentralManagementServiceSalt != nil }endchocolatey_feature 'useChocolateyCentralManagement' do action :enable only_if { ChocolateyCentralManagementUrl != nil }endchocolatey_feature 'useChocolateyCentralManagementDeployments' do action :enable only_if { ChocolateyCentralManagementUrl != nil }endRequires cChoco DSC Resource. See docs at https://github.com/chocolatey/cChoco.
If Applicable - Chocolatey Configuration/Installation
#requires -Modules cChoco## 1. REQUIREMENTS ##### Here are the requirements necessary to ensure this is successful.### a. Internal/Private Cloud Repository Set Up ####### You'll need an internal/private cloud repository you can use. These are#### generally really quick to set up and there are quite a few options.#### Chocolatey Software recommends Nexus, Artifactory Pro, or ProGet as they#### are repository servers and will give you the ability to manage multiple#### repositories and types from one server installation.### b. Download Chocolatey Package and Put on Internal Repository ####### You need to have downloaded the Chocolatey package as well.#### Please see https://chocolatey.org/install#organization### c. Other Requirements ####### i. Requires chocolatey\cChoco DSC module to be installed on the machine compiling the DSC manifest#### NOTE: This will need to be installed before running the DSC portion of this scriptif (-not (Get-Module cChoco -ListAvailable)) { $null = Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force if (($PSGallery = Get-PSRepository -Name PSGallery).InstallationPolicy -ne "Trusted") { Set-PSRepository -Name PSGallery -InstallationPolicy Trusted } Install-Module -Name cChoco if ($PSGallery.InstallationPolicy -ne "Trusted") { Set-PSRepository -Name PSGallery -InstallationPolicy $PSGallery.InstallationPolicy }}#### ii. Requires a hosted copy of the install.ps1 script##### This should be available to download without authentication.##### The original script can be found here: https://community.chocolatey.org/install.ps1Configuration ChocolateyConfig {## 2. TOP LEVEL VARIABLES ## param(### a. Your internal repository url (the main one). ####### Should be similar to what you see when you browse#### to https://community.chocolatey.org/api/v2/ $NugetRepositoryUrl = "INTERNAL REPO URL",### b. Chocolatey nupkg download url ####### This url should result in an immediate download when you navigate to it in#### a web browser $ChocolateyNupkgUrl = "INTERNAL REPO URL/package/chocolatey.2.2.2.nupkg",### c. Internal Repository Credential ####### If required, add the repository access credential here# $NugetRepositoryCredential = [PSCredential]::new(# "username",# ("password" | ConvertTo-SecureString -AsPlainText -Force)# ),### d. Install.ps1 URL#### The path to the hosted install script: $ChocolateyInstallPs1Url = "https://community.chocolatey.org/install.ps1"### e. Chocolatey Central Management (CCM) ####### If using CCM to manage Chocolatey, add the following:#### i. Endpoint URL for CCM# $ChocolateyCentralManagementUrl = "https://chocolatey-central-management:24020/ChocolateyManagementService",#### ii. If using a Client Salt, add it here# $ChocolateyCentralManagementClientSalt = "clientsalt",#### iii. If using a Service Salt, add it here# $ChocolateyCentralManagementServiceSalt = "servicesalt" ) Import-DscResource -ModuleName PSDesiredStateConfiguration Import-DscResource -ModuleName cChoco Node 'localhost' {## 3. ENSURE CHOCOLATEY IS INSTALLED ##### Ensure Chocolatey is installed from your internal repository Environment chocoDownloadUrl { Name = "chocolateyDownloadUrl" Value = $ChocolateyNupkgUrl } cChocoInstaller installChocolatey { DependsOn = "[Environment]chocoDownloadUrl" InstallDir = Join-Path $env:ProgramData "chocolatey" ChocoInstallScriptUrl = $ChocolateyInstallPs1Url }## 4. CONFIGURE CHOCOLATEY BASELINE ##### a. FIPS Feature ####### If you need FIPS compliance - make this the first thing you configure#### before you do any additional configuration or package installations# cChocoFeature featureFipsCompliance {# FeatureName = "useFipsCompliantChecksums"# }### b. Apply Recommended Configuration ####### Move cache location so Chocolatey is very deterministic about#### cleaning up temporary data and the location is secured to admins cChocoConfig cacheLocation { DependsOn = "[cChocoInstaller]installChocolatey" ConfigName = "cacheLocation" Value = "C:\ProgramData\chocolatey\cache" }#### Increase timeout to at least 4 hours cChocoConfig commandExecutionTimeoutSeconds { DependsOn = "[cChocoInstaller]installChocolatey" ConfigName = "commandExecutionTimeoutSeconds" Value = 14400 }#### Turn off download progress when running choco through integrations cChocoFeature showDownloadProgress { DependsOn = "[cChocoInstaller]installChocolatey" FeatureName = "showDownloadProgress" Ensure = "Absent" }### c. Sources ####### Remove the default community package repository source cChocoSource removeCommunityRepository { DependsOn = "[cChocoInstaller]installChocolatey" Name = "chocolatey" Ensure = "Absent" }#### Add internal default sources#### You could have multiple sources here, so we will provide an example#### of one using the remote repo variable here.#### NOTE: This EXAMPLE may require changes cChocoSource addInternalSource { DependsOn = "[cChocoInstaller]installChocolatey" Name = "ChocolateyInternal" Source = $NugetRepositoryUrl Credentials = $NugetRepositoryCredential Priority = 1 }### b. Keep Chocolatey Up To Date ####### Keep chocolatey up to date based on your internal source#### You control the upgrades based on when you push an updated version#### to your internal repository.#### Note the source here is to the OData feed, similar to what you see#### when you browse to https://community.chocolatey.org/api/v2/ cChocoPackageInstaller updateChocolatey { DependsOn = "[cChocoSource]addInternalSource", "[cChocoSource]removeCommunityRepository" Name = "chocolatey" AutoUpgrade = $true }## 5. ENSURE CHOCOLATEY FOR BUSINESS ##### If you don't have Chocolatey for Business (C4B), you'll want to remove from here down.### a. Ensure The License File Is Installed ####### Create a license package using script from https://docs.chocolatey.org/en-us/how-tos/setup-offline-installation#exercise-4-create-a-package-for-the-license cChocoPackageInstaller chocolateyLicense { DependsOn = "[cChocoPackageInstaller]updateChocolatey" Name = "chocolatey-license" }### b. Disable The Licensed Source ####### The licensed source cannot be removed, so it must be disabled.#### This must occur after the license has been set by the license package. Script disableLicensedSource { DependsOn = "[cChocoPackageInstaller]chocolateyLicense" GetScript = { $Source = choco source list --limitoutput | ` ConvertFrom-Csv -Delimiter '|' -Header Name, Source, Disabled | ` Where-Object Name -eq "chocolatey.licensed" return @{ Result = if ($Source) { [bool]::Parse($Source.Disabled) } else { Write-Warning "Source 'chocolatey.licensed' was not present." $true # Source does not need disabling } } } SetScript = { $null = choco source disable --name "chocolatey.licensed" } TestScript = { $State = [ScriptBlock]::Create($GetScript).Invoke() return $State.Result } }### c. Ensure Chocolatey Licensed Extension ####### You will have downloaded the licensed extension to your internal repository#### as you have disabled the licensed repository in step 5b.#### Ensure the chocolatey.extension package (aka Chocolatey Licensed Extension) cChocoPackageInstaller chocolateyLicensedExtension { DependsOn = "[Script]disableLicensedSource" Name = "chocolatey.extension" }#### The Chocolatey Licensed Extension unlocks all of the following, which also have configuration/feature items available with them. You may want to visit the feature pages to see what you might want to also enable:#### - Package Builder - https://docs.chocolatey.org/en-us/features/paid/package-builder#### - Package Internalizer - https://docs.chocolatey.org/en-us/features/paid/package-internalizer#### - Package Synchronization (3 components) - https://docs.chocolatey.org/en-us/features/paid/package-synchronization#### - Package Reducer - https://docs.chocolatey.org/en-us/features/paid/package-reducer#### - Package Audit - https://docs.chocolatey.org/en-us/features/paid/package-audit#### - Package Throttle - https://docs.chocolatey.org/en-us/features/paid/package-throttle#### - CDN Cache Access - https://docs.chocolatey.org/en-us/features/paid/private-cdn#### - Branding - https://docs.chocolatey.org/en-us/features/paid/branding#### - Self-Service Anywhere (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/self-service-anywhere#### - Chocolatey Central Management (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/chocolatey-central-management#### - Other - https://docs.chocolatey.org/en-us/features/paid/### d. Ensure Self-Service Anywhere ####### If you have desktop clients where users are not administrators, you may#### to take advantage of deploying and configuring Self-Service anywhere cChocoFeature hideElevatedWarnings { DependsOn = "[cChocoPackageInstaller]chocolateyLicensedExtension" FeatureName = "showNonElevatedWarnings" Ensure = "Absent" } cChocoFeature useBackgroundService { DependsOn = "[cChocoPackageInstaller]chocolateyLicensedExtension" FeatureName = "useBackgroundService" Ensure = "Present" } cChocoFeature useBackgroundServiceWithNonAdmins { DependsOn = "[cChocoPackageInstaller]chocolateyLicensedExtension" FeatureName = "useBackgroundServiceWithNonAdministratorsOnly" Ensure = "Present" } cChocoFeature useBackgroundServiceUninstallsForUserInstalls { DependsOn = "[cChocoPackageInstaller]chocolateyLicensedExtension" FeatureName = "allowBackgroundServiceUninstallsFromUserInstallsOnly" Ensure = "Present" } cChocoConfig allowedBackgroundServiceCommands { DependsOn = "[cChocoFeature]useBackgroundService" ConfigName = "backgroundServiceAllowedCommands" Value = "install,upgrade,uninstall" }### e. Ensure Chocolatey Central Management ####### If you want to manage and report on endpoints, you can set up and configure### Central Management. There are multiple portions to manage, so you'll see### a section on agents here along with notes on how to configure the server### side components. if ($ChocolateyCentralManagementUrl) { cChocoPackageInstaller chocolateyAgent { DependsOn = "[cChocoPackageInstaller]chocolateyLicensedExtension" Name = "chocolatey-agent" } cChocoConfig centralManagementServiceUrl { DependsOn = "[cChocoPackageInstaller]chocolateyAgent" ConfigName = "CentralManagementServiceUrl" Value = $ChocolateyCentralManagementUrl } if ($ChocolateyCentralManagementClientSalt) { cChocoConfig centralManagementClientSalt { DependsOn = "[cChocoPackageInstaller]chocolateyAgent" ConfigName = "centralManagementClientCommunicationSaltAdditivePassword" Value = $ChocolateyCentralManagementClientSalt } } if ($ChocolateyCentralManagementServiceSalt) { cChocoConfig centralManagementServiceSalt { DependsOn = "[cChocoPackageInstaller]chocolateyAgent" ConfigName = "centralManagementServiceCommunicationSaltAdditivePassword" Value = $ChocolateyCentralManagementServiceSalt } } cChocoFeature useCentralManagement { DependsOn = "[cChocoPackageInstaller]chocolateyAgent" FeatureName = "useChocolateyCentralManagement" Ensure = "Present" } cChocoFeature useCentralManagementDeployments { DependsOn = "[cChocoPackageInstaller]chocolateyAgent" FeatureName = "useChocolateyCentralManagementDeployments" Ensure = "Present" } } }}# If working this into an existing configuration with a good method for$ConfigData = @{ AllNodes = @( @{ NodeName = "localhost" PSDscAllowPlainTextPassword = $true } )}try { Push-Location $env:Temp $Config = ChocolateyConfig -ConfigurationData $ConfigData Start-DscConfiguration -Path $Config.PSParentPath -Wait -Verbose -Force} finally { Pop-Location}Requires Puppet Chocolatey Provider module. See docs at https://forge.puppet.com/puppetlabs/chocolatey.
If Applicable - Chocolatey Configuration/Installation
## 1. REQUIREMENTS ##### Here are the requirements necessary to ensure this is successful.### a. Internal/Private Cloud Repository Set Up ####### You'll need an internal/private cloud repository you can use. These are#### generally really quick to set up and there are quite a few options.#### Chocolatey Software recommends Nexus, Artifactory Pro, or ProGet as they#### are repository servers and will give you the ability to manage multiple#### repositories and types from one server installation.### b. Download Chocolatey Package and Put on Internal Repository ####### You need to have downloaded the Chocolatey package as well.#### Please see https://chocolatey.org/install#organization### c. Other Requirements ####### i. Requires puppetlabs/chocolatey module#### See https://forge.puppet.com/puppetlabs/chocolatey## 2. TOP LEVEL VARIABLES ##### a. Your internal repository url (the main one). ####### Should be similar to what you see when you browse#### to https://community.chocolatey.org/api/v2/$_repository_url = 'INTERNAL REPO URL'### b. Chocolatey nupkg download url ####### This url should result in an immediate download when you navigate to it in#### a web browser$_choco_download_url = 'INTERNAL REPO URL/package/chocolatey.2.2.2.nupkg'### c. Chocolatey Central Management (CCM) ####### If using CCM to manage Chocolatey, add the following:#### i. Endpoint URL for CCM# $_chocolatey_central_management_url = 'https://chocolatey-central-management:24020/ChocolateyManagementService'#### ii. If using a Client Salt, add it here# $_chocolatey_central_management_client_salt = "clientsalt"#### iii. If using a Service Salt, add it here# $_chocolatey_central_management_service_salt = 'servicesalt'## 3. ENSURE CHOCOLATEY IS INSTALLED ##### Ensure Chocolatey is installed from your internal repository### Note: `chocolatey_download_url is completely different than normal### source locations. This is directly to the bare download url for the### chocolatey.nupkg, similar to what you see when you browse to### https://community.chocolatey.org/api/v2/package/chocolateyclass {'chocolatey': chocolatey_download_url => $_choco_download_url, use_7zip => false,}## 4. CONFIGURE CHOCOLATEY BASELINE ##### a. FIPS Feature ####### If you need FIPS compliance - make this the first thing you configure#### before you do any additional configuration or package installations#chocolateyfeature {'useFipsCompliantChecksums':# ensure => enabled,#}### b. Apply Recommended Configuration ####### Move cache location so Chocolatey is very deterministic about#### cleaning up temporary data and the location is secured to adminschocolateyconfig {'cacheLocation': value => 'C:\ProgramData\chocolatey\cache',}#### Increase timeout to at least 4 hourschocolateyconfig {'commandExecutionTimeoutSeconds': value => '14400',}#### Turn off download progress when running choco through integrationschocolateyfeature {'showDownloadProgress': ensure => disabled,}### c. Sources ####### Remove the default community package repository sourcechocolateysource {'chocolatey': ensure => absent, location => 'https://community.chocolatey.org/api/v2/',}#### Add internal default sources#### You could have multiple sources here, so we will provide an example#### of one using the remote repo variable here#### NOTE: This EXAMPLE requires changeschocolateysource {'internal_chocolatey': ensure => present, location => $_repository_url, priority => 1, username => 'optional', password => 'optional,not ensured', bypass_proxy => true, admin_only => false, allow_self_service => false,}### b. Keep Chocolatey Up To Date ####### Keep chocolatey up to date based on your internal source#### You control the upgrades based on when you push an updated version#### to your internal repository.#### Note the source here is to the OData feed, similar to what you see#### when you browse to https://community.chocolatey.org/api/v2/package {'chocolatey': ensure => latest, provider => chocolatey, source => $_repository_url,}## 5. ENSURE CHOCOLATEY FOR BUSINESS ##### If you don't have Chocolatey for Business (C4B), you'll want to remove from here down.### a. Ensure The License File Is Installed ####### Create a license package using script from https://docs.chocolatey.org/en-us/guides/organizations/organizational-deployment-guide#exercise-4-create-a-package-for-the-license# TODO: Add resource for installing/ensuring the chocolatey-license packagepackage {'chocolatey-license': ensure => latest, provider => chocolatey, source => $_repository_url,}### b. Disable The Licensed Source ####### The licensed source cannot be removed, so it must be disabled.#### This must occur after the license has been set by the license package.## Disabled sources still need all other attributes until## https://tickets.puppetlabs.com/browse/MODULES-4449 is resolved.## Password is necessary with user, but not ensurable, so it should not## matter what it is set to here. If you ever do get into trouble here,## the password is your license GUID.chocolateysource {'chocolatey.licensed': ensure => disabled, priority => '10', user => 'customer', password => '1234', require => Package['chocolatey-license'],}### c. Ensure Chocolatey Licensed Extension ####### You will have downloaded the licensed extension to your internal repository#### as you have disabled the licensed repository in step 5b.#### Ensure the chocolatey.extension package (aka Chocolatey Licensed Extension)package {'chocolatey.extension': ensure => latest, provider => chocolatey, source => $_repository_url, require => Package['chocolatey-license'],}#### The Chocolatey Licensed Extension unlocks all of the following, which also have configuration/feature items available with them. You may want to visit the feature pages to see what you might want to also enable:#### - Package Builder - https://docs.chocolatey.org/en-us/features/paid/package-builder#### - Package Internalizer - https://docs.chocolatey.org/en-us/features/paid/package-internalizer#### - Package Synchronization (3 components) - https://docs.chocolatey.org/en-us/features/paid/package-synchronization#### - Package Reducer - https://docs.chocolatey.org/en-us/features/paid/package-reducer#### - Package Audit - https://docs.chocolatey.org/en-us/features/paid/package-audit#### - Package Throttle - https://docs.chocolatey.org/en-us/features/paid/package-throttle#### - CDN Cache Access - https://docs.chocolatey.org/en-us/features/paid/private-cdn#### - Branding - https://docs.chocolatey.org/en-us/features/paid/branding#### - Self-Service Anywhere (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/self-service-anywhere#### - Chocolatey Central Management (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/chocolatey-central-management#### - Other - https://docs.chocolatey.org/en-us/features/paid/### d. Ensure Self-Service Anywhere ####### If you have desktop clients where users are not administrators, you may#### to take advantage of deploying and configuring Self-Service anywherechocolateyfeature {'showNonElevatedWarnings': ensure => disabled,}chocolateyfeature {'useBackgroundService': ensure => enabled,}chocolateyfeature {'useBackgroundServiceWithNonAdministratorsOnly': ensure => enabled,}chocolateyfeature {'allowBackgroundServiceUninstallsFromUserInstallsOnly': ensure => enabled,}chocolateyconfig {'backgroundServiceAllowedCommands': value => 'install,upgrade,uninstall',}### e. Ensure Chocolatey Central Management ####### If you want to manage and report on endpoints, you can set up and configure### Central Management. There are multiple portions to manage, so you'll see### a section on agents here along with notes on how to configure the server### side components.if $_chocolatey_central_management_url { package {'chocolatey-agent': ensure => latest, provider => chocolatey, source => $_repository_url, require => Package['chocolatey-license'], } chocolateyconfig {'CentralManagementServiceUrl': value => $_chocolatey_central_management_url, } if $_chocolatey_central_management_client_salt { chocolateyconfig {'centralManagementClientCommunicationSaltAdditivePassword': value => $_chocolatey_central_management_client_salt, } } if $_chocolatey_central_management_service_salt { chocolateyconfig {'centralManagementClientCommunicationSaltAdditivePassword': value => $_chocolatey_central_management_client_salt, } } chocolateyfeature {'useChocolateyCentralManagement': ensure => enabled, require => Package['chocolatey-agent'], } chocolateyfeature {'useChocolateyCentralManagementDeployments': ensure => enabled, require => Package['chocolatey-agent'], }}Need Help? View our docs or file an issue.
There is already a version of this package in your Script Builder
| Current Version | New Version |
|---|---|
Downloads:
894,467
Downloads of v 2.5.4:
407
Last Update:
16 Feb 2022
Package Maintainer(s):
- dgalbraith
Software Author(s):
- OpenVPN Technologies
- Inc
Tags:
openvpn vpn tunnel ssl
- Software Specific:
- Software Site
- Software Source
- Software License
- Software Docs
- Software Mailing List
- Software Issues
- Package Specific:
- Package Source
- Package outdated?
- Package broken?
- Contact Maintainers
- Contact Site Admins
- Software Vendor?
- Report Abuse
- Download
OpenVPN - Open Source SSL VPN Solution
This is not the latest version of OpenVPN - Open Source SSL VPN Solution available.
1 2 3
2.5.4 | Updated: 16 Feb 2022
- Software Specific:
- Software Site
- Software Source
- Software License
- Software Docs
- Software Mailing List
- Software Issues
- Package Specific:
- Package Source
- Package outdated?
- Package broken?
- Contact Maintainers
- Contact Site Admins
- Software Vendor?
- Report Abuse
- Download
Downloads:
894,467
Downloads of v 2.5.4:
407
Maintainer(s):
- dgalbraith
Software Author(s):
- OpenVPN Technologies
- Inc
Tags:
openvpn vpn tunnel ssl
This is not the latest version of OpenVPN - Open Source SSL VPN Solution available.
1
2
3
All Checks are Passing
3 Passing Tests
Show Checks
Show Checks
Validation Testing Passed
Verification Testing Passed
Scan Testing Successful:
No detections found in any package files
Details
- Generic
- Individual
- Ansible
- PS DSC
Learn More
Deployment Method: Individual Install, Upgrade, & Uninstall
- Install
- Upgrade
- Uninstall
To install OpenVPN - Open Source SSL VPN Solution, run the following command from the command line or from PowerShell:
>
To upgrade OpenVPN - Open Source SSL VPN Solution, run the following command from the command line or from PowerShell:
>
To uninstall OpenVPN - Open Source SSL VPN Solution, run the following command from the command line or from PowerShell:
>
Deployment Method:
NOTE
This applies to both open source and commercial editions of Chocolatey.
1. Enter Your Internal Repository Url
(this should look similar to https://community.chocolatey.org/api/v2/)
2. Setup Your Environment
1. Ensure you are set for organizational deployment
Please see the organizational deployment guide
2. Get the package into your environment
Option 1: Cached Package (Unreliable, Requires Internet - Same As Community)
- Open Source or Commercial:
- Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to https://community.chocolatey.org/api/v2/. Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
- You can also just download the package and push it to a repository Download
Option 2: Internalized Package (Reliable, Scalable)
- Open Source
-
Download the package:
Download - Follow manual internalization instructions
-
- Package Internalizer (C4B)
- Run: (additional options)
choco download openvpn --internalize --version=2.5.4 --source=https://community.chocolatey.org/api/v2/ - For package and dependencies run:
choco push --source="'INTERNAL REPO URL'" - Automate package internalization
- Run: (additional options)
3. Copy Your Script
choco upgrade openvpn -y --source="'INTERNAL REPO URL'" --version="'2.5.4'" [other options]See options you can pass to upgrade.
See best practices for scripting.
Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.
If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:
choco upgrade openvpn -y --source="'INTERNAL REPO URL'" --version="'2.5.4'" $exitCode = $LASTEXITCODEWrite-Verbose "Exit code was $exitCode"$validExitCodes = @(0, 1605, 1614, 1641, 3010)if ($validExitCodes -contains $exitCode) { Exit 0}Exit $exitCode- name: Install openvpn win_chocolatey: name: openvpn version: '2.5.4' source: INTERNAL REPO URL state: presentSee docs at https://docs.ansible.com/ansible/latest/modules/win_chocolatey_module.html.
chocolatey_package 'openvpn' do action :install source 'INTERNAL REPO URL' version '2.5.4'endSee docs at https://docs.chef.io/resource_chocolatey_package.html.
cChocoPackageInstaller openvpn{ Name = "openvpn" Version = "2.5.4" Source = "INTERNAL REPO URL"}Requires cChoco DSC Resource. See docs at https://github.com/chocolatey/cChoco.
package { 'openvpn': ensure => '2.5.4', provider => 'chocolatey', source => 'INTERNAL REPO URL',}Requires Puppet Chocolatey Provider module. See docs at https://forge.puppet.com/puppetlabs/chocolatey.
4. If applicable - Chocolatey configuration/installation
See infrastructure management matrix for Chocolatey configuration elements and examples.
Package Approved
This package was approved as a trusted package on 17 Feb 2022.
Description
OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide
range of configurations, including remote access, site-to-site VPNs, Wi-Fi security,
and enterprise-scale remote access solutions with load balancing, failover, and
fine-grained access-controls.
Features
- Tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port
- Configure a scalable, load-balanced VPN server farm using one or more machines which can handle thousands of dynamic connections from incoming VPN clients
- Use all of the encryption, authentication, and certification features of the SSL library to protect your private network traffic as it transits the internet
- Use any cipher, key size, or HMAC digest (for datagram integrity checking) supported by the SSL library
- Choose between static-key based conventional encryption or certificate-based public key encryption
- Use static, pre-shared keys or TLS-based dynamic key exchange
- Use real-time adaptive link compression and traffic-shaping to manage link bandwidth utilization
- Tunnel networks whose public endpoints are dynamic such as DHCP or dial-in clients
- Tunnel networks through connection-oriented stateful firewalls without having to use explicit firewall rules
- Tunnel networks over NAT
- Create secure ethernet bridges using virtual tap devices
- Control OpenVPN using a GUI
Package Parameters
If any package parameters are supplied no defaults will be used - only supplied parameters will be applied. The
following package parameter can be set:
/InstallDir- install OpenVPN to the specified folder/AddToDesktop- add a desktop shortcut for the OpenVPN GUI/NoStartMenu- do not create start menu entries for OpenVPN/Gui- install the OpenVPN GUI by Mathias Sundman/OnLogon- launch the OpenVPN GUI on user logon/Service- install OpenVPN service wrappers/EasyRsa- install EasyRSA 3 scripts for X509 certificate management/TapDriver- install the TAP-Windows driver (NDIS6)/WintunDriver- install the layer 3 TUN driver for Windows/Documentation- install the OpenVPN documentation/OpenSSL- install OpelSSL utilities for generating public/private key pairs/SampleConfig- install OpenVPN client/server configuration examples
eg. choco install -y openvpn --package-parameters="/InstallDir=C:\Tools\OpenVPN /AddToDesktop /Gui /OnLogon /EasyRsa /TapDriver /WintunDriver /OpenSSL"
An installation with no parameters specified will use the same defaults as the installer other than creating a desktop shortcut:
choco install -y openvpn --package-parameters="/Gui /OnLogon /TapDriver /WintunDriver /Documentation /OpenSSL /SampleConfig"
To have Chocolatey remember parameters on upgrade, be sure to set choco feature enable -n=useRememberedArgumentsForUpgrades.
Documentation
- For detailed information on OpenVPN, including examples, see the man page,
the WIKI or the community resources - For a sample VPN configuration, see http://openvpn.net/howto.html
Notes
- The 32-bit version of OpenVPN will not run in a 64-bit environment and the installation will fail if forced with
--forceX86 - This package is automatically updated using the Chocolatey Automatic Package Update Model (AU).
If you find it is out of date by more than a day or two, please contact the maintainer(s) and let them know the package is no longer updating correctly.
Files
legal\LICENSE.txt
OpenVPN (TM) -- An Open Source VPN daemonCopyright (C) 2002-2021 OpenVPN Inc <[emailprotected]>This distribution contains multiple components, someof which fall under different licenses. By using OpenVPNor any of the bundled components enumerated below, youagree to be bound by the conditions of the license foreach respective component.OpenVPN trademark----------------- "OpenVPN" is a trademark of OpenVPN IncOpenVPN license:---------------- OpenVPN is distributed under the GPL license version 2 (see Below). Special exception for linking OpenVPN with OpenSSL: In addition, as a special exception, OpenVPN Inc gives permission to link the code of this program with the OpenSSL library (or with modified versions of OpenSSL that use the same license as OpenSSL), and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.LZO license:------------ LZO is Copyright (C) Markus F.X.J. Oberhumer, and is licensed under the GPL. Special exception for linking OpenVPN with both OpenSSL and LZO: Hereby I grant a special exception to the OpenVPN project (http://openvpn.net/) to link the LZO library with the OpenSSL library (http://www.openssl.org). Markus F.X.J. OberhumerTAP-Win32/TAP-Win64 Driver license:----------------------------------- This device driver was inspired by the CIPE-Win32 driver by Damion K. Wilson. The source and object code of the TAP-Win32/TAP-Win64 driver is Copyright (C) 2002-2018 OpenVPN Inc, and is released under the GPL version 2.Windows DDK Samples:-------------------- The Windows binary distribution includes devcon.exe, a Microsoft DDK sample which is redistributed under the terms of the DDK EULA.NSIS License:------------- Copyright (C) 2002-2003 Joost Verburg This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any distribution.OpenSSL License:---------------- The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact [emailprotected]./* ==================================================================== * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * [emailprotected]. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * ([emailprotected]). This product includes software written by Tim * Hudson ([emailprotected]). * */ Original SSLeay License -----------------------/* Copyright (C) 1995-1998 Eric Young ([emailprotected]) * All rights reserved. * * This package is an SSL implementation written * by Eric Young ([emailprotected]). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson ([emailprotected]). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young ([emailprotected])" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson ([emailprotected])" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */GNU Public License (GPL)------------------------ OpenVPN, LZO, and the TAP-Win32 distributions are licensed under the GPL version 2 (see COPYRIGHT.GPL). In the Windows binary distribution of OpenVPN, the GPL is reproduced below. GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away yourfreedom to share and change it. By contrast, the GNU General PublicLicense is intended to guarantee your freedom to share and change freesoftware--to make sure the software is free for all its users. ThisGeneral Public License applies to most of the Free SoftwareFoundation's software and to any other program whose authors commit tousing it. (Some other Free Software Foundation software is covered bythe GNU Lesser General Public License instead.) You can apply it toyour programs, too. When we speak of free software, we are referring to freedom, notprice. Our General Public Licenses are designed to make sure that youhave the freedom to distribute copies of free software (and charge forthis service if you wish), that you receive source code or can get itif you want it, that you can change the software or use pieces of itin new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbidanyone to deny you these rights or to ask you to surrender the rights.These restrictions translate to certain responsibilities for you if youdistribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whethergratis or for a fee, you must give the recipients all the rights thatyou have. You must make sure that they, too, receive or can get thesource code. And you must show them these terms so they know theirrights. We protect your rights with two steps: (1) copyright the software, and(2) offer you this license which gives you legal permission to copy,distribute and/or modify the software. Also, for each author's protection and ours, we want to make certainthat everyone understands that there is no warranty for this freesoftware. If the software is modified by someone else and passed on, wewant its recipients to know that what they have is not the original, sothat any problems introduced by others will not reflect on the originalauthors' reputations. Finally, any free program is threatened constantly by softwarepatents. We wish to avoid the danger that redistributors of a freeprogram will individually obtain patent licenses, in effect making theprogram proprietary. To prevent this, we have made it clear that anypatent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution andmodification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which containsa notice placed by the copyright holder saying it may be distributedunder the terms of this General Public License. The "Program", below,refers to any such program or work, and a "work based on the Program"means either the Program or any derivative work under copyright law:that is to say, a work containing the Program or a portion of it,either verbatim or with modifications and/or translated into anotherlanguage. (Hereinafter, translation is included without limitation inthe term "modification".) Each licensee is addressed as "you".Activities other than copying, distribution and modification are notcovered by this License; they are outside its scope. The act ofrunning the Program is not restricted, and the output from the Programis covered only if its contents constitute a work based on theProgram (independent of having been made by running the Program).Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program'ssource code as you receive it, in any medium, provided that youconspicuously and appropriately publish on each copy an appropriatecopyright notice and disclaimer of warranty; keep intact all thenotices that refer to this License and to the absence of any warranty;and give any other recipients of the Program a copy of this Licensealong with the Program.You may charge a fee for the physical act of transferring a copy, andyou may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portionof it, thus forming a work based on the Program, and copy anddistribute such modifications or work under the terms of Section 1above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)These requirements apply to the modified work as a whole. Ifidentifiable sections of that work are not derived from the Program,and can be reasonably considered independent and separate works inthemselves, then this License, and its terms, do not apply to thosesections when you distribute them as separate works. But when youdistribute the same sections as part of a whole which is a work basedon the Program, the distribution of the whole must be on the terms ofthis License, whose permissions for other licensees extend to theentire whole, and thus to each and every part regardless of who wrote it.Thus, it is not the intent of this section to claim rights or contestyour rights to work written entirely by you; rather, the intent is toexercise the right to control the distribution of derivative orcollective works based on the Program.In addition, mere aggregation of another work not based on the Programwith the Program (or with a work based on the Program) on a volume ofa storage or distribution medium does not bring the other work underthe scope of this License. 3. You may copy and distribute the Program (or a work based on it,under Section 2) in object code or executable form under the terms ofSections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)The source code for a work means the preferred form of the work formaking modifications to it. For an executable work, complete sourcecode means all the source code for all modules it contains, plus anyassociated interface definition files, plus the scripts used tocontrol compilation and installation of the executable. However, as aspecial exception, the source code distributed need not includeanything that is normally distributed (in either source or binaryform) with the major components (compiler, kernel, and so on) of theoperating system on which the executable runs, unless that componentit*elf accompanies the executable.If distribution of executable or object code is made by offeringaccess to copy from a designated place, then offering equivalentaccess to copy the source code from the same place counts asdistribution of the source code, even though third parties are notcompelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Programexcept as expressly provided under this License. Any attemptotherwise to copy, modify, sublicense or distribute the Program isvoid, and will automatically terminate your rights under this License.However, parties who have received copies, or rights, from you underthis License will not have their licenses terminated so long as suchparties remain in full compliance. 5. You are not required to accept this License, since you have notsigned it. However, nothing else grants you permission to modify ordistribute the Program or its derivative works. These actions areprohibited by law if you do not accept this License. Therefore, bymodifying or distributing the Program (or any work based on theProgram), you indicate your acceptance of this License to do so, andall its terms and conditions for copying, distributing or modifyingthe Program or works based on it. 6. Each time you redistribute the Program (or any work based on theProgram), the recipient automatically receives a license from theoriginal licensor to copy, distribute or modify the Program subject tothese terms and conditions. You may not impose any furtherrestrictions on the recipients' exercise of the rights granted herein.You are not responsible for enforcing compliance by third parties tothis License. 7. If, as a consequence of a court judgment or allegation of patentinfringement or for any other reason (not limited to patent issues),conditions are imposed on you (whether by court order, agreement orotherwise) that contradict the conditions of this License, they do notexcuse you from the conditions of this License. If you cannotdistribute so as to satisfy simultaneously your obligations under thisLicense and any other pertinent obligations, then as a consequence youmay not distribute the Program at all. For example, if a patentlicense would not permit royalty-free redistribution of the Program byall those who receive copies directly or indirectly through you, thenthe only way you could satisfy both it and this License would be torefrain entirely from distribution of the Program.If any portion of this section is held invalid or unenforceable underany particular circ*mstance, the balance of the section is intended toapply and the section as a whole is intended to apply in othercirc*mstances.It is not the purpose of this section to induce you to infringe anypatents or other property right claims or to contest validity of anysuch claims; this section has the sole purpose of protecting theintegrity of the free software distribution system, which isimplemented by public license practices. Many people have madegenerous contributions to the wide range of software distributedthrough that system in reliance on consistent application of thatsystem; it is up to the author/donor to decide if he or she is willingto distribute software through any other system and a licensee cannotimpose that choice.This section is intended to make thoroughly clear what is believed tobe a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted incertain countries either by patents or by copyrighted interfaces, theoriginal copyright holder who places the Program under this Licensemay add an explicit geographical distribution limitation excludingthose countries, so that distribution is permitted only in or amongcountries not thus excluded. In such case, this License incorporatesthe limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versionsof the General Public License from time to time. Such new versions willbe similar in spirit to the present version, but may differ in detail toaddress new problems or concerns.Each version is given a distinguishing version number. If the Programspecifies a version number of this License which applies to it and "anylater version", you have the option of following the terms and conditionseither of that version or of any later version published by the FreeSoftware Foundation. If the Program does not specify a version number ofthis License, you may choose any version ever published by the Free SoftwareFoundation. 10. If you wish to incorporate parts of the Program into other freeprograms whose distribution conditions are different, write to the authorto ask for permission. For software which is copyrighted by the FreeSoftware Foundation, write to the Free Software Foundation; we sometimesmake exceptions for this. Our decision will be guided by the two goalsof preserving the free status of all derivatives of our free software andof promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTYFOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHENOTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIESPROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSEDOR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OFMERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK ASTO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THEPROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITINGWILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/ORREDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISINGOUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITEDTO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BYYOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHERPROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THEPOSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatestpossible use to the public, the best way to achieve this is to make itfree software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safestto attach them to the start of each source file to most effectivelyconvey the exclusion of warranty; and each file should have at leastthe "copyright" line and a pointer to where the full notice is found. <one line to give the program's name and a brief idea of what it does.> Copyright (C) <year> <name of author> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.Also add information on how to contact you by electronic and paper mail.If the program is interactive, make it output a short notice like thiswhen it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.The hypothetical commands `show w' and `show c' should show the appropriateparts of the General Public License. Of course, the commands you use maybe called something other than `show w' and `show c'; they could even bemouse-clicks or menu items--whatever suits your program.You should also get your employer (if you work as a programmer) or yourschool, if any, to sign a "copyright disclaimer" for the program, ifnecessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. <signature of Ty Coon>, 1 April 1989 Ty Coon, President of ViceThis General Public License does not permit incorporating your program intoproprietary programs. If your program is a subroutine library, you mayconsider it more useful to permit linking proprietary applications with thelibrary. If this is what you want to do, use the GNU Lesser GeneralPublic License instead of this License.legal\VERIFICATION.txt
VERIFICATIONVerification is intended to assist the Chocolatey moderators and communityin verifying that this package's contents are trustworthy.The application has been downloaded from the official distribution and canbe verified by:1. Go to the binary distribution page https://openvpn.net/community-downloadsand download the installer OpenVPN-2.5.4-I604-x86.msi orOpenVPN-2.5.4-I604-amd64.msi using the relevant links on the page.Alternatively the installers can be downloaded directly from https://swupdate.OpenVPN-2.5.4-I604-x86.msi https://swupdate.OpenVPN-2.5.4-I604-amd64.msi2. The installers can be validated by comparing checksums - Use powershell function 'Get-Filehash' - Get-Filehash -algorithm sha512 OpenVPN-2.5.4-I604-x86.msi - Use chocolatey utility 'checksum.exe' - checksum -t sha512 -f OpenVPN-2.5.4-I604-x86.msi File32: OpenVPN-2.5.4-I604-x86.msi Type32: sha512 Checksum32: BEEE8D54C650F939756F01E66F6D47ED3DB3187B6390C920F318C48CF203D48DCEA81728818ABE0D9A17D4883AB26913EF81145F0B9D2D93D88C91C467C0BD9C - Use powershell function 'Get-Filehash' - Get-Filehash -algorithm sha512 OpenVPN-2.5.4-I604-amd64.msi - Use chocolatey utility 'checksum.exe' - checksum -t sha512 -f OpenVPN-2.5.4-I604-amd64.msi File64: OpenVPN-2.5.4-I604-amd64.msi Type64: sha512 Checksum64: 070FDB24AFD3A49751CAA7966C03715FE33636B34621BCA2FAF8F93FF3827D3D63B026348A5BE210C90A5EB9241C3233E20CCF3154B1760F76B731D361B4D061Contents of file LICENSE.txt is obtained from https://openvpn.net/licensetools\chocolateyInstall.ps1
$ErrorActionPreference = 'Stop'$toolsDir = Split-Path -parent $MyInvocation.MyCommand.Definition$file32 = Join-Path $toolsDir 'OpenVPN-2.5.4-I604-x86.msi'$file64 = Join-Path $toolsDir 'OpenVPN-2.5.4-I604-amd64.msi'$silentArgs = '/qn /norestart'$pp = Get-PackageParameters$addToDesktop = $false$noStartMenu = $false$local = @()if ($pp.count -gt 0) { $pp.GetEnumerator() | foreach-object { switch ($_.name) { 'Gui' { Write-Verbose('The OpenVPN GUI by Mathias Sundman will be installed') $local += 'OpenVPN.GUI' } 'GuiOnLogon' { Write-Verbose('The OpenVPN GUI will be launched on User logon') $local += 'OpenVPN.GUI.OnLogon' } 'Service' { Write-Verbose('Background service wrapper (openvpnsrv2.exe) will be installed') $local += 'OpenVPN.Service' } 'EasyRsa' { Write-Verbose('EasyRSA3 X.509 certificate management scripts will be installed') $local += 'EasyRSA' } 'TapDriver' { Write-Verbose('The TAP-Windows driver (NDIS-6) will be installed') $local += 'Drivers.TAPWindows6' } 'WintunDriver' { Write-Verbose('The layer 3 TUN driver will be installed') $local += 'Drivers.Wintun' } 'Documentation' { Write-Verbose('OpenVPN documentation will be installed') $local += 'OpenVPN.Documentation' } 'OpenSsl' { Write-Verbose('OpenSSL utilities for generating pubic/private key pairs wil be installed') $local += 'OpenSSL' } 'SampleConfig' { Write-Verbose('Client/server configuration examples will be installed') $local += 'OpenVPN.SampleCfg' } 'InstallDir' { Write-Verbose("$env:ChocolateyPackageName will be installed to $pp.InstallDir") $local += " /INSTALLDIR=`"$($pp.InstallDir)`"" } 'AddToDesktop' { Write-Verbose('A shortcut for the OpenVPN GUI will be left on the desktop') $addToDesktop = $true } 'NoStartMenu' { Write-Verbose('The start menu folder for OpenVPN will be removed') $noStartMenu = $true } Default { Write-Verbose("Unknown parameter $_ will be ignored") } } }} else { Write-Verbose('No parameters supplied - constructing a default parameter set') $local = @('OpenVPN.GUI','OpenVPN.Documentation','OpenVPN.SampleCfg','OpenVPN','OpenVPN.GUI.OnLogon','Drivers.TAPWindows6','Drivers','Drivers.Wintun')}$silentArgs += " ADDLOCAL=`"{0}`"" -f ($local -join ",")$packageArgs = @{ PackageName = $env:ChocolateyPackageName FileType = 'msi' File = $file32 File64 = $file64 SilentArgs = $silentArgs ValidExitCodes = @(0, 3010, 1641)}Install-ChocolateyInstallPackage @packageArgs# the desktop shortcut for the OpenVPN GUI is added by default on install - remove unless retention has been specified with /AddToDesktopif (-not $addToDesktop) { $desktopPath = [Environment]::GetFolderPath('CommonDesktopDirectory') $shortcutPath = "$desktopPath\OpenVPN GUI.lnk" if (Test-Path -Path $shortcutPath) { Write-Verbose("Removing desktop shortcut $shortcutPath") Remove-Item $shortcutPath -ErrorAction SilentlyContinue -Force | Out-Null }}# the start menu folder for OpenVPN is added by default on install - remove if /NoStartMenu has been specifedif ($noStartMenu) { $startMenuPath = [Environment]::GetFolderPath('CommonPrograms') $openVpnFolderPath = "$startMenuPath\OpenVPN" if (Test-Path -Path $openVpnFolderPath) { Write-Verbose("Removing start menu folder $openVpnFolderPath") Remove-Item $openVpnFolderPath -Recurse -ErrorAction SilentlyContinue -Force | Out-Null }}tools\helpers.ps1
Function Test-PgpSignature() { <# .SYNOPSIS Test the signature of a file using the public key fingerprint and signature provided. .DESCRIPTION Test-PgpSignature is a Powershell function to test the signature of a file against a supplied public key fingerprint. The public key matching the supplied fingerprint is retrieved from the keys.openpgp.org key server and the file signature validated using GPG. .PARAMETER Fingerprint The fingerprint of the PGP public key to be used to check the signature. .PARAMETER SignatureFile The path and file name to the signature file. .PARAMETER FileName (optional) GPG does not require a filename if the signatureFile has the original file name. Where a fileName is not specifed the .asc suffix from the signature file. .EXAMPLE PS C:\> Test-PgpSignature -Fingerprint 'F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7' -SignatureFile 'openvpn-install-2.4.11-I601-Win10.exe.asc' Retrieve the public key with the fingerprint 'F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7' and use it to test the file openvpn-install-2.4.11-I601-Win10.exe with the signature 'openvpn-install-2.4.11-I601-Win10.exe.asc'. #> [CmdletBinding()] Param( [parameter(Position = 0, Mandatory = $true, ValueFromPipeline = $true, HelpMessage = 'The fingerprint of the PGP public key to be used to check the signature')] [ValidateNotNullOrEmpty()] [String] $Fingerprint, [parameter(Position = 1, Mandatory = $true, ValueFromPipeline = $true, HelpMessage = 'The file contining the signature to be used for validation')] [ValidateNotNullOrEmpty()] [String] $SignatureFile, [parameter(Position = 2, Mandatory = $false, ValueFromPipeline = $true, HelpMessage = 'The file to be validated using the public key matching the fingerptint and supplied signature')] [ValidateNotNullOrEmpty()] [String] $FileName ) process { # Get-Command throws an error message but continues execution, ask to # continue without message at all. if (-not (Get-Command 'gpg.exe' -ErrorAction SilentlyContinue)) { throw "Unable to find the GnuPG executable 'gpg.exe'." } if (-not (Test-Path "$signatureFile")) { throw "Unable to find the PGP signature file '$SignatureFile'." } if ($FileName -and -not (Test-Path "$FileName")) { throw "Unable to find the file '$FileName'." } $parent = [System.IO.Path]::GetTempPath() [string] $name = [System.Guid]::NewGuid() $tempDirKeyring = Join-Path $parent $name New-Item -ItemType Directory -Path $tempDirKeyring | Out-Null $psi = New-object System.Diagnostics.ProcessStartInfo $psi.CreateNoWindow = $true $psi.UseShellExecute = $false $psi.RedirectStandardOutput = $true $psi.RedirectStandardError = $true $psi.FileName = 'gpg.exe' $process = New-Object System.Diagnostics.Process $process.StartInfo = $psi Write-Verbose "Importing PGP key with fingerprint '$Fingerprint' in the temporary keyring ($tempDirKeyring\pubring.gpg)..." if ($env:ChocolateyEnvironmentDebug -eq 'true' -or $env:ChocolateyEnvironmentVerbose -eq 'true') { $psi.Arguments = "-v --homedir `"$tempDirKeyring`" --keyserver keys.openpgp.org --recv-keys $Fingerprint" } else { $psi.Arguments = "--homedir `"$tempDirKeyring`" --keyserver hkps://keys.openpgp.org:443 --recv-keys $Fingerprint" } $process.Start() | Out-Null $process.WaitForExit() Write-Verbose($process.StandardOutput.ReadToEnd()) Write-Verbose($process.StandardError.ReadToEnd()) # if (-not ($process.ExitCode -eq 0)) { # throw "Unable to import PGP key with fingerprint $Fingerprint into the temporary keyring ($tempDirKeyring\pubring.gpg)." # } Write-Verbose "Validating file with signature found in '$SignatureFile'..." if ($env:ChocolateyEnvironmentDebug -eq 'true' -or $env:ChocolateyEnvironmentVerbose -eq 'true') { $psi.Arguments = "-v --homedir `"$tempDirKeyring`" --verify `"$SignatureFile`"" } else { $psi.Arguments = "-v --homedir `"$tempDirKeyring`" --verify `"$SignatureFile`"" } Write-Verbose('Validating using signature ' + $SignatureFile) $process = New-Object System.Diagnostics.Process $process.StartInfo = $psi $process.Start() | Out-Null $process.WaitForExit() Write-Verbose($process.StandardOutput.ReadToEnd()) Write-Verbose($process.StandardError.ReadToEnd()) if (-not ($process.ExitCode -eq 0)) { $validFile = $false } else { $validFile = $true } return $validFile }}import-module au$ErrorActionPreference = 'STOP'$domain = 'https://build.openvpn.net'$releases = "${domain}/downloads/releases/"$toolsDir = Split-Path -parent $MyInvocation.MyCommand.Definition$openvpnInstallerUrl = 'https://build.openvpn.net/downloads/releases/latest/openvpn-install-latest-stable.exe'$openvpnInstallerPgpSignatureUrl = 'https://build.openvpn.net/downloads/releases/latest/openvpn-install-latest-stable.exe.asc'function au_BeforeUpdate { $client = New-Object System.Net.WebClient if ($Latest.Stream -eq '2.4') { $Latest.Url32 = $Latest.URLWin7 Get-RemoteFiles -Purge -NoSuffix -Algorithm 'sha512' $Latest.ChecksumWin7 = $Latest.Checksum32 $client.DownloadFile('{0}/$Latest.FileName32', $toolsDir) $Latest.Url32 = $Latest.URLWin10 Get-RemoteFiles -Purge -NoSuffix -Algorithm 'sha512' $Latest.ChecksumWin10 = $Latest.Checksum32 } else { Get-RemoteFiles -Purge -NoSuffix -Algorithm 'sha512' }}function global:au_SearchReplace { @{ }}function GetStreams() { param($releaseUrls) $streams = @{ } $releaseUrls | Foreach-Object { if ($_.href -match 'OpenVPN-[^\d]*(?=\d)(?<Version>(.+)(?=-I601)).+(exe|msi)$') { $url = $releases + $_.href $version = Get-Version($Matches.Version -replace '_','-') $versionTwoPart = $version -replace '([\d]+\.[\d]+).*',"`$1" if ($null -eq $streams.item($versionTwoPart)) { $stream = @{ URL32 = $null; URL64 = $null; Version = $null } $streams.Add($versionTwoPart, $stream) } else { $stream = $streams.Item($versionTwoPart) } if ($version -ge $stream.Version) { $stream.Version = $version if ($url -match 'i686|x86\.') { $stream.URL32 = $url } elseif ($url -match 'x86_64|amd64') { $stream.URL64 = $url } elseif ($versionTwoPart -eq '2.4') { # special handling for 2.4 as there are Win7 (Windows 7/8/8.1/Server 2012r2) and Win10 (Windows 10/Server 2016/Server 2019) installers if ($url -match 'win7' ) { $stream.URL32 = $url } elseif ($url -match 'win10') { $stream.Url64 = $url } } if ($null -ne $stream.Url32 -and $stream.Url32 -ne '') { $stream.FileName32 = $stream.Url32 -split '/' | select-object -last 1 } if ($null -ne $stream.Url64 -and $stream.Url64 -ne '') { $stream.FileName64 = $stream.Url64 -split '/' | select-object -last 1 } } } } return $streams}function global:au_GetLatest { $downloadPage = Invoke-WebRequest -UseBasicParsing -Uri $releases return @{ Streams = GetStreams $downloadPage.Links }}update -ChecksumFor none -NoReadme -NoCheckUrltools\OpenVPN-2.5.4-I604-amd64.msi
md5: EADC4F9AD2A4E80506FC06C4C6AE845A | sha1: 89A72EAA4C5E3EFBE90A6B6EF18F09B1705D8AA7 | sha256: AFF73B39A2A5BACDEF096E1E89F9714FB32E302274BAA12D5500578A21C0D1A6 | sha512: 070FDB24AFD3A49751CAA7966C03715FE33636B34621BCA2FAF8F93FF3827D3D63B026348A5BE210C90A5EB9241C3233E20CCF3154B1760F76B731D361B4D061tools\OpenVPN-2.5.4-I604-x86.msi
md5: C4FD11DF3BD1A407CCDD45AC5FD0B691 | sha1: C641F546ADD5FF4791F77969BFE7F2EA69E1737E | sha256: F2DDD41956C0950008199DFED741E6C0C7167BC3D63EB3AC1D8FA726A013D037 | sha512: BEEE8D54C650F939756F01E66F6D47ED3DB3187B6390C920F318C48CF203D48DCEA81728818ABE0D9A17D4883AB26913EF81145F0B9D2D93D88C91C467C0BD9CVirus Scan Results
Log in or click on link to see number of positives.
- openvpn.2.5.4.nupkg (238459578d7a) - ## / 62
- OpenVPN-2.5.4-I604-amd64.msi (aff73b39a2a5) - ## / 57
- OpenVPN-2.5.4-I604-x86.msi (f2ddd41956c0) - ## / 58
In cases where actual malware is found, the packages are subject to removal. Software sometimes has false positives. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution).
Chocolatey Pro provides runtime protection from possible malware.
Version History
| Add to Builder | Version | Downloads | Last Updated | Status |
|---|---|---|---|---|
| OpenVPN - Open Source SSL VPN Solution 2.6.9.001 | 11672 | Tuesday, February 13, 2024 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.6.8.001 | 54303 | Saturday, November 18, 2023 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.6.7.001 | 15998 | Friday, November 10, 2023 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.6.6.001 | 56011 | Friday, August 18, 2023 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.6.5.001 | 41717 | Friday, June 16, 2023 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.6.4.001 | 33318 | Saturday, May 13, 2023 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.6.3.003 | 15596 | Friday, April 28, 2023 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.6.3.001 | 16006 | Friday, April 14, 2023 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.6.2.001 | 17432 | Tuesday, March 28, 2023 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.6.1.001 | 17161 | Friday, March 10, 2023 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.6.0.005 | 13421 | Tuesday, February 28, 2023 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.6.0.004 | 7947 | Saturday, February 25, 2023 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.6.0 | 22969 | Friday, January 27, 2023 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.5.8 | 49534 | Thursday, November 3, 2022 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.5.7 | 73296 | Wednesday, June 1, 2022 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.5.6 | 37145 | Thursday, March 17, 2022 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.5.5 | 16771 | Thursday, February 17, 2022 | Approved | |
| OpenVPN - Open Source SSL VPN Solution 2.5.4 | 407 | Wednesday, February 16, 2022 | Approved | |
| OpenVPN 2.4.7 | 215151 | Saturday, March 23, 2019 | Approved | |
| OpenVPN 2.4.6.20190116 | 12940 | Sunday, January 20, 2019 | Approved | |
| OpenVPN 2.4.6.20180710 | 93521 | Tuesday, July 10, 2018 | Approved | |
| OpenVPN 2.4.6 | 4808 | Monday, June 25, 2018 | Approved | |
| OpenVPN 2.4.5 | 491 | Monday, June 25, 2018 | Approved | |
| OpenVPN 2.4.4 | 24068 | Tuesday, October 3, 2017 | Approved | |
| OpenVPN 2.4.3 | 7811 | Thursday, June 22, 2017 | Approved | |
| OpenVPN 2.4.2 | 3516 | Friday, May 26, 2017 | Approved | |
| OpenVPN 2.4.1 | 2555 | Saturday, May 13, 2017 | Approved | |
| OpenVPN Community 2.4.0 | 6821 | Sunday, January 8, 2017 | Approved | |
| OpenVPN Community 2.3.13.20161120 | 3141 | Sunday, November 20, 2016 | Approved | |
| OpenVPN Community 2.3.13 | 3244 | Monday, November 7, 2016 | Approved | |
| OpenVPN Community 2.3.11 | 5265 | Monday, June 20, 2016 | Approved | |
| OpenVPN Community for Windows (incl. OpenVPN GUI) 2.3.10 | 2853 | Monday, January 11, 2016 | Approved | |
| OpenVPN 2.3.6 | 4419 | Thursday, December 18, 2014 | Approved | |
| openvpn 2.3.2 | 1695 | Tuesday, July 16, 2013 | Approved | |
| openvpn 2.2.2.20130718 | 545 | Thursday, July 18, 2013 | Approved | |
| openvpn 2.2.2 | 621 | Thursday, July 18, 2013 | Approved |
Copyright
Copyright (C) 2002-2021 OpenVPN Inc
Release Notes
Dependencies
-
- chocolatey-core.extension (≥ 1.3.5.1)
Discussion for the OpenVPN - Open Source SSL VPN Solution Package
Ground Rules:
- This discussion is only about OpenVPN - Open Source SSL VPN Solution and the OpenVPN - Open Source SSL VPN Solution package. If you have feedback for Chocolatey, please contact the Google Group.
- This discussion will carry over multiple versions. If you have a comment about a particular version, please note that in your comments.
- The maintainers of this Chocolatey Package will be notified about new comments that are posted to this Disqus thread, however, it is NOT a guarantee that you will get a response. If you do not hear back from the maintainers after posting a message below, please follow up by using the link on the left side of this page or follow this link to contact maintainers. If you still hear nothing back, please follow the package triage process.
- Tell us what you love about the package or OpenVPN - Open Source SSL VPN Solution, or tell us what needs improvement.
- Share your experiences with the package, or extra configuration or gotchas that you've found.
- If you use a url, the comment will be flagged for moderation until you've been whitelisted. Disqus moderated comments are approved on a weekly schedule if not sooner. It could take between 1-5 days for your comment to show up.
