OpenVPN configuration for Tunnelbear

Maybe you’ve used Tunnelbear, maybe you have an alternative, but in any case it’s a competitively priced VPN with servers in many countries and an anonymous proxy. If you’re using it, maybe you’ve wondered like me, if you can do away with the GUI in Windows, or automate it as a service when booting, dunno. This is a process much like the Linux one suggested in their official page, with a couple of steps added.
Tunnelbear publishes some configuration files at this page, as outlined in their guide which you need to download and unzip somewhere, but what they don’t explain there is that you also need their OpenVPN private key, found here. In any case, there should be a long list of ovpn files corresponding to the countries where they’ve got servers, and you need to edit whichever ones you’re going to use since they won’t work out of the box. Here’s an example file exactly as unzipped:

Now as it is, the OpenVPN client will complain about an unrecognized option on line 19, keysize, but deleting the line will work. Even still, it complains you can’t use cert without key, so add a line after cert reading key PrivateKey.key. Now for convenience, I made a text file called tb-auth.key containing my login data from Tunnelbear, email and password, each in a single line and added tb-auth.key after auth-user-pass like so auth-user-pass tb-auth.key, which will autolog you and is necessary if you are installing OpenVPN as a service (the GUI will just ask for your credentials, but will use the credentials there if provided). This file goes in the same folder as the ovpn file and the PrivateKey.key file. This was suggested by a now archived old Archlinux tutorial. Your finished file should look like this:

Next step, you need to install an OpenVPN client, I used the one at https://openvpn.net/client/, which installed quickly. After agreeing to their terms, you reach a window asking for the configuration URL with a tab that lets you use a file instead. Go there and we’ll use the file we configured earlier. Once you browse to it, the details will auto fill and you can just hit connect. This has the advantage of using a GUI where you can click on whichever profile you want, switching servers easily. I’d rather have it run automatically, it’s why I did away with the Tunnelbear app, so let’s head to the next step:
The OpenVPN client supports starting as a service which we can configure on an elevated command line. Open it up then cd “%ProgramFiles%OpenVPN Connect”, where you can install it with ovpnconnector.exe install, and choose a profile with ovpnconnector.exe set-config profile <FULL_PATH_AND_FILENAME_TO_PROFILE.OVPN>. If you feel like it, you could make a bat file to switch profiles and put it in your desktop, kinda like:

Be warned that batch file gives no other success indication, and the service still needs to be started, and it likely needs to run as admin. So after choosing a server, you need to start the service like so: ovpnconnector.exe start, or you could probably add that to the batch file earlier like

If the service has been started already sometime, that line would be redundant and you’d just need to switch your server config, so whatever. Optionally, you can choose a log file location with ovpnconnector.exe set-config log <FULL_PATH_AND_FILENAME_TO_LOGFILE.LOG>, or else it will write it to the OpenVPN folder by default. That’s it. Now the OpenVPN client is running as a service, and you should be protected, the service autostarting on boot.