Amazon Great Offers

October 08, 2013

OpenVPN Server Windows 7 Installation

Objective

Install OpenVPN Server on Windows 7 machine.
I have followed the tutorial from OpenVPN community. https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide

Pre-requisites

Disable the Windows Firewall (OR) Enable an Inbound Rule for the port 1194 [2]

Download and Installation

  • Download OpenVPN Server. http://openvpn.net/release/ (Get the latest Version executable based on time)
  • Install the downloaded .exe by running with Administrator privileges
  • Specify the path to a folder which doesn’t have spaces on path.
    • Example:-

      • C:\OpenVPN [Use] [I am installing in this directory and throughout this post, I will be referring this as default OpenVPN installed directory]
      • C:\Program Files (x86) [Don’t use]
  • Navigate to OpenVPN installed directory
  • Go to config folder
  • Create a file with name server.ovpn
  • Paste the content as specified below
  • Go to Network Connections in Windows 7 [Control Panel\Network and Internet\Network Connections]
  • Rename TAP-Win32 Adapter to “MyTap” as described in server.ovpn [Names should match in both server.ovpn and Adapter name]
  •    1: port 1194 #change to any port you see fit. The client needs to use the same port

       2: proto udp #switch to tcp if you wish to use a tcp connection, the client needs to use the same protocol. udp gives better performance

       3: dev tun

       4: dev-node MyTap #name of your TAP interface.

       5: server 10.8.0.0 255.255.255.0 #This may need modification as dictated by Internet Connection Settings. This is the default for ICS on Windows 7.

       6:  

       7: ca "C:\\OpenVPN\\easy-rsa\\keys\\ca.crt"

       8: cert "C:\\OpenVPN\\easy-rsa\\keys\\server.crt"

       9: key "C:\\OpenVPN\\easy-rsa\\keys\\server.key"  # This file should be kept secret

      10: dh "C:\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"

      11: ifconfig-pool-persist ipp.txt

      12:  

      13: push "redirect-gateway def1" #tells all Internet traffic to go through the tunnel

      14: push "dhcp-option DNS 208.67.222.222" #OpenDNS servers, makes it easy to check if the tunnel is working properly

      15: push "dhcp-option DNS 208.67.220.220"

      16: keepalive 10 120

      17: comp-lzo #compression for better network performance. Disable if your server isn't powerful enough. Needs to be included in both server and client configs if you use it.

      18: persist-key

      19: persist-tun

      20: status openvpn-status.log

      21: verb 3



Certificates and Keys Creation

Initial Configuration

  • Open command prompt with Administrator privileges

  • Navigate to OpenVPN directory

  • cd C:\OpenVPN\easy-rsa\

  • run init-config.bat
    • C:\OpenVPN\easy-rsa> init-config

  • Open vars.bat

    • C:\OpenVPN\easy-rsa> notepad vars.bat

  • Change the HOME variable to your path
    • HOME=C:\OpenVPN\easy-rsa

  • Change country, province, City, Org, email

  • You can add KEY_NAME=your-name and KEY_OU=VPNer

  • Run the vars.bat file
    • C:\OpenVPN\easy-rsa> vars

  • Run the clean-all.bat file
    • C:\OpenVPN\easy-rsa> clean-all

Creating Certificates and Keys


Your Own Certificate Authority Generation

  • Open command prompt with Administrator privileges

  • Navigate to OpenVPN directory

  • cd C:\OpenVPN\easy-rsa\

  • run build-ca.bat

    • C:\OpenVPN\easy-rsa> build-ca

    • Accept the defaults and give Common Name as your-company CA

    • Ex:- OpenVPN-CA


Server Certificate and Key Generation

  • Open command prompt with Administrator privileges

  • Navigate to OpenVPN directory

  • cd C:\OpenVPN\easy-rsa\

  • run build-key-server.bat file

    • C:\OpenVPN\easy-rsa> build-key-server server

    • Enter common name as “server” since your command line input parameter is “server”

    • Sign Certificate: accept with ‘y’

    • Commit: accept with ‘y’


Client Certificate and Key Generation

  • Open command prompt with Administrator privileges

  • Navigate to OpenVPN directory

  • cd C:\OpenVPN\easy-rsa\

  • run build-key.bat file

    • C:\OpenVPN\easy-rsa> build-key client-name

    • Ex:- build-key my-laptop

    • Enter common name as “my-laptop” since your command line input parameter is “my-laptop”

 Key Exchange Certificate(Diffie-Hellman)

  • Open command prompt with Administrator privileges

  • Navigate to OpenVPN directory

  • cd C:\OpenVPN\easy-rsa\

  • run build-dh.bat file

    • C:\OpenVPN\easy-rsa> build-dh

Send Server Certificates and Keys to Client


Send the following files to client
  1. ca.crt

  2. client-name.crt

  3. client-name.key

All these files will be stored in C:\OpenVPN\easy-rsa\keys


Common Errors and Resolution

  • openvpn unable to write 'random state'
    • Change the HOME variable path to absolute path in vars.bat file

    • Ex: HOME=C:\OpenVPN\easy-rsa

  • openvpn server directive network/netmask combination is invalid
    • Give IP address as 10.8.0.0 in server.ovpn

  • TapAdapter not found

    • Go to Network Connections in Windows 7 [Control Panel\Network and Internet\Network Connections]
    • Rename TAP-Win32 Adapter to “MyTap” as described in server.ovpn [Names should match in both server.ovpn and Adapter name]


Run OpenVPN GUI

  • Start->All Programs->OpenVPN->OpenVPN GUI

  • It will come to status bar as notification icon [Default: bottom]

  • Rightclick on OpenVPN GUI and click on “Connect”

  • It should display proper log, if any error please search in Google and openvpn forums

References


https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide

http://blog.defron.org/2013/01/openvpn-server-on-windows.html

Please send your feedback and comments to psrdotcom@gmail.com

Blogger Labels: OpenVPN,Server,Installation,Objective,Install,machine,tutorial,Easy_Windows_Guide,requisites,Disable,Firewall,Enable,Inbound,Rule,port,Download,Version,Administrator,privileges,Specify,path,folder,spaces,Example,directory,Program,Files,Navigate,Create,Paste,Network,Connections,Control,Panel,Internet,Rename,Adapter,MyTap,client,needs,connection,protocol,performance,node,interface,modification,gateway,traffic,option,OpenDNS,compression,status,Creation,Initial,Configuration,Open,notepad,Change,HOME,province,KEY_NAME,KEY_OU,VPNer,Certificate,Generation,Accept,Common,Name,Enter,parameter,Sign,Commit,laptop,Exchange,Diffie,Hellman,Send,Resolution,directive,combination,Give,TapAdapter,Start,notification,icon,Default,bottom,Rightclick,Connect,error,Google,Certificates,Errors,forums,References,wiki,config,ovpn,dhcp,init,vars
Post a Comment

Featured Post

Java Introdcution

Please send your review and feedback to psrdotcom@gmail.com