Excellent, thanks for the tip. I actually set it up as a service called FortiVPN using instsrv.exe and srvany.exe from the Windows resource kit. Works great BUT you can' t use the Disconnect button in Forticlient to disconnect the VPN (it will automatically reconnect) - you must shut down the new FortiVPN service. Which is fine for my situation. BTW, where did you find the command line options for ipsec.exe?

someone posted something similar a while ago, which led me to the executable, and i played around from there. There is a command to stop the vpn, if its useful, its; ipsec quit Would you mind posting a howto on how you done it as a service, i can put it on my website then, for others. I tried to achieve it using some third party utils, but that costs money. A quick guide on how you done it would be great. Ideally, i would have really liked to be able to create a virtual dialup connection which runs these commands. Then people could use the " dial up networking" option thats on the initial login screen. So they could simply tick it upon logon. Dont suppose you have any idea on how to do that, do you ?

Please note that this hasn' t been tested in a production environment, so use this information at your own discretion. I don' t think it' s possible to use the Log on using Dialup networking option unless you use only PPTP or LT2P for your VPN. To get it working as a service, you need to: 1) get the instsrv.exe and srvany.exe files from Microsoft' s resource kits. (Support.cab on the Windows XP/2003 CDs, or you can download the resource kits from microsoft.com/download). 2) Copy these two files into the c:\program files\Fortinet\FortiClient folder. 3) Open a command prompt and type the following: instsrv FortiVPN " c:\program files\Fortinet\FortiClient\srvany.exe" This will create a new service called FortiVPN. 4) Next step is to add the command line options and specify which executable srvany should run. To do this, you need to edit the registry. Browse to the following key: HKLM\System\CurrentControlSet\Services\FortiVPN Add a new key called Parameters. Within this key, create two values as follows: Application (REG_SZ): c:\program files\fortinet\forticlient\ipsec.exe AppParameters (REG_SZ): -k VPNConnectionName Obviously you should replace " VPNConnectionName" with the name of your VPN connection. 5) At this point, you should be able to start the service and VPN should be established. Go into services to make sure it' s set to automatic. If you ever need to undo what we' ve done here, you can do the following: 1) stop the FortiVPN service 2) run this in a command prompt in the FortiClient folder: instsrv FortiVPN remove This command removes the service as well as cleans up the registry entries you created earlier. 3) delete the instsrv.exe and srvany.exe files from the FortiClient folder.

Oberon, You cant close the window, as if you do, it terminates the vpn connection. Thats why i had to use the start command to get it to run in the background instead. Only way to do it without a window is to start it as a service instead.

Your wish has now been granted it appears, the new version of forticlient can now be set to start at windows logon.

Geez, and after all that work to get it running as a service! I guess procrastination DOES pay off.

Oberon, in case you can' t use the new version, you can in fact have your VPN tunnel work the way you want it to AND the cmd prompt will not be visible. To do this, you simply need to create a vb script with the following: ------------------- Dim objwsh, x Set objwsh = CreateObject(" WScript.Shell" ) x = objwsh.Run (" c:\progra~1\fortinet\forticlient\ipsec.exe /k VPN_CONNECTION_NAME" ,0,false) set objwsh = Nothing ------------------- Remember to change " VPN_CONNECTION_NAME" with the name of your VPN connection. Save the file as StartVPN.vbs and then you can put a shortcut to it in your startup group, or simply double-click it to run it. What this does is starts an instance of ipsec.exe, but hides it. The " 0" argument specifies that it should start hidden, and the " false" argument specifies that the script should not wait for the program to finish before the script continues. If you open Task Manager, you' ll see ipsec.exe in the list of running processes. To disconnect, you can create a batch file that runs the following: c:\progra~1\fortinet\forticlient\ipsec.exe quit Alternatively, you can kill the ipsec.exe process in Task Manager. Note that when using this method to start the tunnel, the Disconnect button within the FortiClient will not work to quit the VPN tunnel, you must end the ipsec process. The script above works with RADIUS authentication as well. This was tested on an XP Pro workstation, but should work the same in Win2k. For more info on the .Run command, see http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/wsmthrun.asp Cheers, Steve.