Setting up an OpenVPN server on Windows
This is a step-by-step guide on how to configure an Open VPN server on Windows operating systems and connect clients to the created virtual private network.
Download & Installation of OpenVPN Server
Download and install the OpenVPN server on your operating system. Make sure all features will be installed while installing VPN server.
When installing OpenVPN on the sever you need to choose manual installation because default installation will skip the necessary features.
There are two features that required to create Open VPN server are OpenVPN service and OpenSSL.
To configure the OpenVPN server, You need to use the command line. Remember to open a command prompt with administrative privileges.
First, you need to navigate to the easy rsa directory of OpenVPN. To navigate this directory please use the below command in CMD.
cd "C:\Program Files\OpenVPN\easy-rsa"
Next, you run the file EasyRSA-Start.bat located in easy-rsa directory.
EasyRSA-Start.bat
We start configuring OpenVPN with the initialization command.
./easyrsa init-pki
Now you create a neccsary files for open VPN
./easyrsa build-ca nopass
OpenVPN server will need four files included ca.rt, server.crt. server.key, dh.pem. These commands to generate the certificate and key files for the server.
./easyrsa build-server-full server nopass
Now we will create a file dh.pem, which encrypts the data by following command.
./easyrsa gen-dh
We need below mentioned files that need to be copied to the config, and config auto folder C:\Program Files\ OpenVPN\config & C:\Program Files\ OpenVPN\config auto
1. C:\Program Files\ OpenVPN\easyrsa\pki\ca.crt
2. C:\Program Files\ OpenVPN\easyrsa\pki\dh.pem
3. C:\Program Files\ OpenVPN\easyrsa\pki\Issued\server.crt
4. C:\Program Files\ OpenVPN\easyrsa\pki\private\sever.key
Next, Open a notepad with administrative rights and create a text file with the content as below:
=====================
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.20.30.0 255.255.255.0
push "redirect-gateway def1"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
====================
Please note that the list of the file names in above content to must match of the files that we created in the previous steps:
Next, save the file with the ovpn extension and save it in the config auto folder of OpenVPN (e.g server.ovpn). You can refer to the below directory.
C:\Program Files\ OpenVPN\config auto
Allow OpenVPN to window firewall
You need to allow port 1194 UDP protocol to bypass windows firewall. If you don't know how to allow port. You can refer to this knowledgebase of How to Open/Close port on WIndows Server.
Enable Internet Connection Sharing (ICS) in Server Window
First you need to set Routinf and Remote Access service as Automatic. Please folloe below steps:
- Start -> Right-click My Computer -> Manage
- Services
- Right-click Routing and Remote Access -> Properties -> Automatic
- Right-click Routing and Remote Access -> Start
You have now enabled and started the routing and remote access service.
Next,
Please follow below steps to enable your ICS.
- Control Panel
- Network and Sharing Center
- Local Area Connection
- Properties
- Sharing
- Tick the box "Allow other network users to connect through this computer's Internet connection"
- From the drop-down list select "Local Area Connection 2", or whatever is the connection name of your TAP server connection.
Enable IP Routing
find the directory HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters. In the right part of the window, find the IPEnableRouter variable, double-click into the value editing window and change it to 1, thereby allowing addressing on the VPS.
Restart the OpenVPN Service
The last step on the OpenVPN server is to restart the OpenVPN service with the comman as below:
net stop openvpnservice
net start openvpnservice
Create a Client of OpenVPN
We return to the command window to create the neccesary files for the OpenVPN client by following client.
./easybuild-client-full client01 nopass
On the OpenVPN client, we need three files including ca.rt, client01.crt and client.key. After run the command we need to copy these files to any specific folder for cilent usage.
We need the below-mentioned files that need to be copied and send these file openVPN cilent so that it can connect to the openVPN server.
1. C:\Program Files\ OpenVPN\easyrsa\pki\ca.crt
2. C:\Program Files\ OpenVPN\easyrsa\pki\Issued\client01.crt
3. C:\Program Files\ OpenVPN\easyrsa\pki\private\client01.key
You have many ways to send these files like email, cloud transfer etc. Through this method you can create multiple clients.
Configure OpenVPN client
You can download and install the OpenVPN server on your operating system. But when you installing you just need to choose the default setting.
Next, you need to navigate C:\Program FIles\OpenVPN\config . You can copy the cilent files that you send previously to client and paste it into config folder on client system. FIles including ca.crt, client01.crt, and client01.key.
Next, Open a notepad with administrative rights and create a text file with the content as below:
===================
client
dev tun
proto udp
remote your_domain/IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client01.crt
key client01.key
comp-lzo
verb 3
=============
In above text, you need to enter your server IP/Domain. For example: remote 192.168.X.X 1194
Please note that the list of the file names in above content to must match of the files that we created in the previous steps:
Next, save the file with the ovpn extension and save it in the config auto folder of OpenVPN (e.g client.ovpn). You can refer to the below directory.
C:\Program Files\ OpenVPN\config
After saving the files you need to start your client VPN as below screenshot:
In taskbar, you can see a openVPN client icon, right click on this icon and click on connect button you will see below window.
After some moments, You can connect to your OpenVPN server. Thank you for reading.