$openVpnExe = Get-Command openvpn -ErrorAction Silent

# If OpenVPN isn’t in the path, look for it in the standard locations.

if (!$openVpnExe) {

$openVpnLocations = @(

Join-Path $env:ProgramFiles “OpenVPN” | Join-Path -ChildPath “bin” | Join-Path -ChildPath “openvpn.exe”

Join-Path ${env:ProgramFiles(x86)} “OpenVPN” | Join-Path -ChildPath “bin” | Join-Path -ChildPath “openvpn.exe”

)

foreach ($path in $openVpnLocations) {

if (Test-Path $path) {

$openVpnExe = $path

break

}

}

}

if (!$openVpnExe) {

Write-Output “OpenVPN was not found on this system. Please install it or add it to your path.”

Write-Output “Download OpenVPN community version at https://openvpn.net/community-downloads/”

exit 1

}

$configContent = @”

client

script-security 2

remote server4945.dattobackup.com 50126

port 50126

proto udp

local 0.0.0.0

dev tap

persist-key

persist-tun

verb 5

keepalive 10 30

dev-type tap

route-gateway dhcp

cipher AES-128-GCM

ncp-ciphers AES-256-GCM:AES-128-GCM:AES-128-CBC

<ca>

—–BEGIN CERTIFICATE—–

MIIE2DCCA8CgAwIBAgIUZUrO9VNuZpRK5bLffO2VjENxLgwwDQYJKoZIhvcNAQEL

BQAwgZcxCzAJBgNVBAYTAlVTMRQwEgYDVQQIDAtDb25uZWN0aWN1dDEQMA4GA1UE

BwwHTm9yd2FsazETMBEGA1UECgwKRGF0dG8gSW5jLjENMAsGA1UECwwEQkNEUjER

MA8GA1UEAwwIQ2hhbmdlTWUxKTAnBgkqhkiG9w0BCQEWGkJDRFIuQmx1ZU9yYW5n

ZXNAZGF0dG8uY29tMB4XDTI2MDIxMzE2MTMzM1oXDTI3MDIxMzE2MTMzM1owgZcx

CzAJBgNVBAYTAlVTMRQwEgYDVQQIDAtDb25uZWN0aWN1dDEQMA4GA1UEBwwHTm9y

d2FsazETMBEGA1UECgwKRGF0dG8gSW5jLjENMAsGA1UECwwEQkNEUjERMA8GA1UE

AwwIQ2hhbmdlTWUxKTAnBgkqhkiG9w0BCQEWGkJDRFIuQmx1ZU9yYW5nZXNAZGF0

dG8uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzQWu3jlnTnR

M8Fcd/NTli6Run5qZgrRnMhHw9GAprQ8zM9TDAQbTeH20dSrCV+1cNj8U8AfDJ8e

SOfn/MXkmBabZUeowXhAbxzQJswZYE7aD4dIHvLiwlnVBcZJ2fHhy3kQF9BrEONA

23PSyc2kC4bAnJFQSeLuOnBCoM+t4BK0f4nXj8s0nCZmpmIikls4DbvqZovJ0z4k

AW9CweH2f+BvsVYRCJiRxXJnzTYvn45w4yCfwENryPlHnB0Wa11gQ92aqz4GyJ6T

iHSnyfnXJ6PdHOvBeHRdUlBog+POdl3ckdAdOpcTYoFCd4y4IEzFYQ7S4kQSh6Dx

AkkKinc1SQIDAQABo4IBGDCCARQwHQYDVR0OBBYEFIQY7H3dx4FSo58HfoB8dyuv

H3LrMIHXBgNVHSMEgc8wgcyAFIQY7H3dx4FSo58HfoB8dyuvH3LroYGdpIGaMIGX

MQswCQYDVQQGEwJVUzEUMBIGA1UECAwLQ29ubmVjdGljdXQxEDAOBgNVBAcMB05v

cndhbGsxEzARBgNVBAoMCkRhdHRvIEluYy4xDTALBgNVBAsMBEJDRFIxETAPBgNV

BAMMCENoYW5nZU1lMSkwJwYJKoZIhvcNAQkBFhpCQ0RSLkJsdWVPcmFuZ2VzQGRh

dHRvLmNvbYIUZUrO9VNuZpRK5bLffO2VjENxLgwwDAYDVR0TBAUwAwEB/zALBgNV

HQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAFuibnYPonLu9iMwGgNWi+UAyy0S

ZbYtKdrQkFT9fuJ724lsc/sKTwN+Ch2bo/7Ds88NWDS0rQu6g2r5PQQsyzJFWpFo

sghm5EsSXMjPR7UHFpOf2u6kvDnIqhr8sofXfuX8mk4vha1V3D9v7CQawQgQC+oc

ENX97REmquAg0DKS24Ak6LDe01LCe+lqUvHUhwpk4ZWRjchg8Ci0godMVC3DnEmW

N+z3PjDG3edEjIX0ykSIoFkTJgx+GxIE1Swj2Bupr05d19fUXR+Lu+9wA/bFXE6U

LEjjETesp5CWYzPB7ekILrPK2jQYefU5nWZAofVivRzWimn0CnmqdfZH6m8=

—–END CERTIFICATE—–

</ca>

<cert>

Certificate:

Data:

Version: 3 (0x2)

Serial Number:

8f:0e:aa:30:d0:b6:dd:50:e0:70:f2:72:80:0e:52:9d

Signature Algorithm: sha256WithRSAEncryption

Issuer: C=US, ST=Connecticut, L=Norwalk, O=Datto Inc., OU=BCDR, CN=ChangeMe/emailAddress=BCDR.BlueOranges@datto.com

Validity

Not Before: Feb 13 16:17:38 2026 GMT

Not After : Feb 13 16:17:38 2027 GMT

Subject: C=US, ST=Connecticut, L=Norwalk, O=Datto Inc., OU=BCDR, CN=Test/emailAddress=BCDR.BlueOranges@datto.com

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

RSA Public-Key: (2048 bit)

Modulus:

00:98:ab:41:16:73:a0:ee:91:5d:f3:61:1f:89:d2:

b6:80:35:2a:ee:c6:f0:9a:3a:90:a0:58:89:0c:a9:

86:75:9e:b1:3b:35:6e:b7:78:ab:e4:e6:b4:8a:29:

5a:5e:99:44:fc:a1:ab:b7:5a:3e:d3:5b:38:23:db:

fc:41:9c:ac:1e:e3:95:95:03:5d:8d:59:84:0d:61:

a7:54:52:e3:ad:84:e2:8d:e9:93:b0:db:a6:eb:23:

02:1d:15:0e:a0:ee:81:d7:da:f3:0b:be:1b:87:f8:

89:28:db:3e:79:2b:3a:47:89:51:b1:fa:7f:27:be:

4a:38:0f:12:89:6a:43:38:d7:8c:6d:03:e0:1d:4c:

da:1d:f7:a5:97:2b:f8:9c:aa:8c:10:9f:ed:14:f7:

28:c2:06:99:7b:e8:e8:f9:7e:d3:29:29:93:ca:f3:

27:8e:23:6b:8b:73:f3:d6:1a:29:55:aa:5d:7a:3c:

f1:38:22:a7:aa:7f:6b:39:09:39:13:17:0f:f4:94:

f5:e7:5d:51:ca:27:5b:0a:90:23:7d:78:77:24:af:

46:4f:05:8c:1e:44:18:95:48:aa:67:c1:31:a8:5a:

03:bd:eb:46:39:38:15:8e:f8:44:2d:6a:9c:d0:0d:

28:6b:92:2b:22:6a:51:88:dd:42:7b:3e:b0:31:ac:

20:7d

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

X509v3 Subject Key Identifier:

02:76:60:A7:FB:9A:76:7A:D2:F8:34:EB:C6:44:A6:46:76:CB:47:00

X509v3 Authority Key Identifier:

keyid:84:18:EC:7D:DD:C7:81:52:A3:9F:07:7E:80:7C:77:2B:AF:1F:72:EB

DirName:/C=US/ST=Connecticut/L=Norwalk/O=Datto Inc./OU=BCDR/CN=ChangeMe/emailAddress=BCDR.BlueOranges@datto.com

serial:65:4A:CE:F5:53:6E:66:94:4A:E5:B2:DF:7C:ED:95:8C:43:71:2E:0C

X509v3 Extended Key Usage:

TLS Web Client Authentication

X509v3 Key Usage:

Digital Signature

Signature Algorithm: sha256WithRSAEncryption

08:3c:43:a3:bd:cf:5a:8b:be:54:70:a9:7d:85:7e:b0:58:de:

c5:42:49:77:99:69:7d:ab:06:02:c1:e3:23:fd:6e:11:60:cb:

5e:01:74:3c:58:d1:75:84:c8:6c:de:b1:b0:71:6a:ad:a5:fd:

3c:7f:83:be:4a:40:fc:a1:2c:6c:53:39:ac:9f:4f:33:05:46:

88:79:37:7c:55:a8:93:05:57:93:5f:da:ad:25:64:41:29:fb:

32:7c:87:7a:ea:1d:5d:40:b0:51:d8:82:8c:f7:fe:f1:dd:f3:

5c:a7:75:d8:cf:07:41:a6:3a:0b:9d:68:ec:ff:ac:2d:57:cf:

cf:0a:05:bd:c3:58:17:10:b9:0b:e5:d6:5f:06:10:a4:e0:d3:

97:b2:46:5d:52:e1:68:a4:8c:15:81:85:37:2e:9d:34:95:55:

b6:5f:a4:19:fd:0f:6e:ec:c2:ea:6a:57:68:98:08:c5:fa:06:

40:6b:44:30:20:db:37:71:1e:af:1a:53:d4:b1:0d:46:28:15:

31:6e:66:62:f1:89:e1:b0:e3:61:5f:5a:5f:e0:85:04:5a:e7:

fd:7c:19:5f:91:44:7b:6e:ea:d4:a0:6f:74:06:2a:d3:e1:26:

44:ec:49:80:68:27:dd:00:2e:6b:8b:3c:e1:ad:ad:f4:af:ed:

ca:06:4f:07

—–BEGIN CERTIFICATE—–

MIIE4zCCA8ugAwIBAgIRAI8OqjDQtt1Q4HDycoAOUp0wDQYJKoZIhvcNAQELBQAw

gZcxCzAJBgNVBAYTAlVTMRQwEgYDVQQIDAtDb25uZWN0aWN1dDEQMA4GA1UEBwwH

Tm9yd2FsazETMBEGA1UECgwKRGF0dG8gSW5jLjENMAsGA1UECwwEQkNEUjERMA8G

A1UEAwwIQ2hhbmdlTWUxKTAnBgkqhkiG9w0BCQEWGkJDRFIuQmx1ZU9yYW5nZXNA

ZGF0dG8uY29tMB4XDTI2MDIxMzE2MTczOFoXDTI3MDIxMzE2MTczOFowgZMxCzAJ

BgNVBAYTAlVTMRQwEgYDVQQIDAtDb25uZWN0aWN1dDEQMA4GA1UEBwwHTm9yd2Fs

azETMBEGA1UECgwKRGF0dG8gSW5jLjENMAsGA1UECwwEQkNEUjENMAsGA1UEAwwE

VGVzdDEpMCcGCSqGSIb3DQEJARYaQkNEUi5CbHVlT3Jhbmdlc0BkYXR0by5jb20w

ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYq0EWc6DukV3zYR+J0raA

NSruxvCaOpCgWIkMqYZ1nrE7NW63eKvk5rSKKVpemUT8oau3Wj7TWzgj2/xBnKwe

45WVA12NWYQNYadUUuOthOKN6ZOw26brIwIdFQ6g7oHX2vMLvhuH+Iko2z55KzpH

iVGx+n8nvko4DxKJakM414xtA+AdTNod96WXK/icqowQn+0U9yjCBpl76Oj5ftMp

KZPK8yeOI2uLc/PWGilVql16PPE4Iqeqf2s5CTkTFw/0lPXnXVHKJ1sKkCN9eHck

r0ZPBYweRBiVSKpnwTGoWgO960Y5OBWO+EQtapzQDShrkisialGI3UJ7PrAxrCB9

AgMBAAGjggEqMIIBJjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQCdmCn+5p2etL4NOvG

RKZGdstHADCB1wYDVR0jBIHPMIHMgBSEGOx93ceBUqOfB36AfHcrrx9y66GBnaSB

mjCBlzELMAkGA1UEBhMCVVMxFDASBgNVBAgMC0Nvbm5lY3RpY3V0MRAwDgYDVQQH

DAdOb3J3YWxrMRMwEQYDVQQKDApEYXR0byBJbmMuMQ0wCwYDVQQLDARCQ0RSMREw

DwYDVQQDDAhDaGFuZ2VNZTEpMCcGCSqGSIb3DQEJARYaQkNEUi5CbHVlT3Jhbmdl

c0BkYXR0by5jb22CFGVKzvVTbmaUSuWy33ztlYxDcS4MMBMGA1UdJQQMMAoGCCsG

AQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEACDxDo73PWou+

VHCpfYV+sFjexUJJd5lpfasGAsHjI/1uEWDLXgF0PFjRdYTIbN6xsHFqraX9PH+D

vkpA/KEsbFM5rJ9PMwVGiHk3fFWokwVXk1/arSVkQSn7MnyHeuodXUCwUdiCjPf+

8d3zXKd12M8HQaY6C51o7P+sLVfPzwoFvcNYFxC5C+XWXwYQpODTl7JGXVLhaKSM

FYGFNy6dNJVVtl+kGf0PbuzC6mpXaJgIxfoGQGtEMCDbN3EerxpT1LENRigVMW5m

YvGJ4bDjYV9aX+CFBFrn/XwZX5FEe27q1KBvdAYq0+EmROxJgGgn3QAua4s84a2t

9K/tygZPBw==

—–END CERTIFICATE—–

</cert>

<key>

—–BEGIN PRIVATE KEY—–

MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCYq0EWc6DukV3z

YR+J0raANSruxvCaOpCgWIkMqYZ1nrE7NW63eKvk5rSKKVpemUT8oau3Wj7TWzgj

2/xBnKwe45WVA12NWYQNYadUUuOthOKN6ZOw26brIwIdFQ6g7oHX2vMLvhuH+Iko

2z55KzpHiVGx+n8nvko4DxKJakM414xtA+AdTNod96WXK/icqowQn+0U9yjCBpl7

6Oj5ftMpKZPK8yeOI2uLc/PWGilVql16PPE4Iqeqf2s5CTkTFw/0lPXnXVHKJ1sK

kCN9eHckr0ZPBYweRBiVSKpnwTGoWgO960Y5OBWO+EQtapzQDShrkisialGI3UJ7

PrAxrCB9AgMBAAECggEABET3xUG3DKzmiHWdHOzWWzgBaxuHo3yDSmSncoH0J2po

cOwx3DIk9noILvvwkcguAHWh+Hbu3ljE9WXDxG719kgtiPUG4vrPoVMri4Vk5heb

AVZ4oZ/G53j7aGZMGi6JVYjDNr8ahH8sEMcu1FMj5le9/+DuOOWOrEopncuptRdw

9itngeyjW03aQH7pI971TAUPHmCKrD+S19StI5/3sF8SN7+7JQHmKVd5/DBR+1th

Fofw4AEa8lb6pX+6o0X8c6zIIDdBI7E6wuKwtRJM96A6BxmtUCjoz0cl0pm8G/CH

QJGh4CFXdrb7Y6PAaDBIR/FNadDh0WLtTNFb1foP4QKBgQDXTQC+3Sk7h+MQg7Vn

S94pbn8SAc2Bd06saRPvgS1CV8OGB7MaDdRSo/vdXO4hSkWrWuf2CrOpblFsSFZg

GwJT0l6K9aYogGPV8As8uk7qM5eOCllUorom3yyvQaRQk/65DW2dJr5VLxGcwwud

CgWMknKzSPROqq0p/+cN9KQ4YQKBgQC1h1MtW1tHJ3V6Yh2bXkOLY2WYJEk/0VYa

EGtzKOUqGvBuGQV4tTT9ARTMhjCDJfytGz4ETJ68Yh0GzONMNJSUyn7M3FxshFfe

EG8ZJotJapZ+XBxJqfOd8lFTN8Y/ccirgnJ+Zd6fb936ruZX4rUqmvz8tEyukWYp

NZWhbFytnQKBgHrr6tYN3OGxJpGiMOrF5RRQktoMD3GwVUmYQJqIbPeotegK81WX

ubZpC36J9ScqiXZY04ClAYhlhLVG45HBOeXzgKjjsTcEfnuBrljAoheS1x9whyoM

Mi3JU3DIEHE03cR3hzKnERn/YpXWwgWp2Bs27aewqlNTnMQS568PEsdhAoGARbb3

8bZhIr17t4mQ10dnZ1PAA6MD4pdxmsbtjSeKgxYfehjv6gClnfjZVQbAAM4I8S5C

LgKC/9QqU59CN9UFrvLpqaGDeUWGPUlQcXdFDOf7bgHP91ZmsiUKqIwF/f2j1IJf

mD1lNxQOSyT6X4w4iWlGeYKA5JYAhxkGIx1rpl0CgYAO7lxUAw7GSjsXCBikmYYx

vt4FWJx9ji3AigJ4biNk9Flx8mM+jJZoqyAQDX1OefvGyOlZg42Nwkvh2OXqp1Tk

V6CPrpX1CP7Z/r0urDDHc42kh5lbJSxtqUDflQoDw3s5EqBwIT7GM+qOgG/NuIEK

JS4s1anbKurk8IEapLfkkg==

—–END PRIVATE KEY—–

</key>

“@

Write-Output “Creating connection file…”

# OpenVPN 2.3 and earlier doesn’t support GCM, so update the

# config to use CBC. The server will negotiate a fallback.

$openVpnVersion = & $openVpnExe –version

if ($openVpnVersion -match ‘2\.[0-3]\.[0-9]+’) {

$configContent = $configContent -replace ‘AES-128-GCM’,’AES-128-CBC’

# OpenVPN 2.3 doesn’t know about ncp-ciphers

$configContent = $configContent -replace ‘ncp-ciphers .*’,”

}

$configFile = Join-Path $env:TEMP “client.ovpn”

$configContent | Out-File -Encoding ASCII -File $configFile

if ($Args.Length -gt 0 -and $Args[0].ToLower() -eq ‘-extract’) {

Write-Output “Created OpenVPN config file ‘$configFile'”

exit 0

}

Write-Output “Starting OpenVPN…”

& $openVpnExe $configFile

Write-Output “Cleaning up temporary files…”

Remove-Item $configFile