Objective
Install OpenVPN Server on Windows 7 machine.I have followed the tutorial from OpenVPN community. https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide
Pre-requisites
Disable the Windows Firewall (OR) Enable an Inbound Rule for the port 1194 [2]Download and Installation
- Download OpenVPN Server. http://openvpn.net/release/ (Get the latest Version executable based on time)
- Install the downloaded .exe by running with Administrator privileges
- Specify the path to a folder which doesn’t have spaces on path.
-
Example:-
- C:\OpenVPN [Use] [I am installing in this directory and throughout this post, I will be referring this as default OpenVPN installed directory]
- C:\Program Files (x86) [Don’t use]
-
- Navigate to OpenVPN installed directory
- Go to config folder
- Create a file with name server.ovpn
- Paste the content as specified below
- Go to Network Connections in Windows 7 [Control Panel\Network and Internet\Network Connections]
- Rename TAP-Win32 Adapter to “MyTap” as described in server.ovpn [Names should match in both server.ovpn and Adapter name]
1: port 1194 #change to any port you see fit. The client needs to use the same port
2: proto udp #switch to tcp if you wish to use a tcp connection, the client needs to use the same protocol. udp gives better performance
3: dev tun
4: dev-node MyTap #name of your TAP interface.
5: server 10.8.0.0 255.255.255.0 #This may need modification as dictated by Internet Connection Settings. This is the default for ICS on Windows 7.
6:
7: ca "C:\\OpenVPN\\easy-rsa\\keys\\ca.crt"
8: cert "C:\\OpenVPN\\easy-rsa\\keys\\server.crt"
9: key "C:\\OpenVPN\\easy-rsa\\keys\\server.key" # This file should be kept secret
10: dh "C:\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"
11: ifconfig-pool-persist ipp.txt
12:
13: push "redirect-gateway def1" #tells all Internet traffic to go through the tunnel
14: push "dhcp-option DNS 208.67.222.222" #OpenDNS servers, makes it easy to check if the tunnel is working properly
15: push "dhcp-option DNS 208.67.220.220"
16: keepalive 10 120
17: comp-lzo #compression for better network performance. Disable if your server isn't powerful enough. Needs to be included in both server and client configs if you use it.
18: persist-key
19: persist-tun
20: status openvpn-status.log
21: verb 3
Certificates and Keys Creation
Initial Configuration
- Open command prompt with Administrator privileges
- Navigate to OpenVPN directory
- cd C:\OpenVPN\easy-rsa\
- run init-config.bat
- C:\OpenVPN\easy-rsa> init-config
- Open vars.bat
- C:\OpenVPN\easy-rsa> notepad vars.bat
- Change the HOME variable to your path
- HOME=C:\OpenVPN\easy-rsa
- Change country, province, City, Org, email
- You can add KEY_NAME=your-name and KEY_OU=VPNer
- Run the vars.bat file
- C:\OpenVPN\easy-rsa> vars
- Run the clean-all.bat file
- C:\OpenVPN\easy-rsa> clean-all
Creating Certificates and Keys
Your Own Certificate Authority Generation
- Open command prompt with Administrator privileges
- Navigate to OpenVPN directory
- cd C:\OpenVPN\easy-rsa\
- run build-ca.bat
- C:\OpenVPN\easy-rsa> build-ca
- Accept the defaults and give Common Name as your-company CA
- Ex:- OpenVPN-CA
Server Certificate and Key Generation
- Open command prompt with Administrator privileges
- Navigate to OpenVPN directory
- cd C:\OpenVPN\easy-rsa\
- run build-key-server.bat file
- C:\OpenVPN\easy-rsa> build-key-server server
- Enter common name as “server” since your command line input parameter is “server”
- Sign Certificate: accept with ‘y’
- Commit: accept with ‘y’
Client Certificate and Key Generation
- Open command prompt with Administrator privileges
- Navigate to OpenVPN directory
- cd C:\OpenVPN\easy-rsa\
- run build-key.bat file
- C:\OpenVPN\easy-rsa> build-key client-name
- Ex:- build-key my-laptop
- Enter common name as “my-laptop” since your command line input parameter is “my-laptop”
Key Exchange Certificate(Diffie-Hellman)
- Open command prompt with Administrator privileges
- Navigate to OpenVPN directory
- cd C:\OpenVPN\easy-rsa\
- run build-dh.bat file
- C:\OpenVPN\easy-rsa> build-dh
Send Server Certificates and Keys to Client
Send the following files to client
- ca.crt
- client-name.crt
- client-name.key
All these files will be stored in C:\OpenVPN\easy-rsa\keys
Common Errors and Resolution
- openvpn unable to write 'random state'
- Change the HOME variable path to absolute path in vars.bat file
- Ex: HOME=C:\OpenVPN\easy-rsa
- openvpn server directive network/netmask combination is invalid
- Give IP address as 10.8.0.0 in server.ovpn
- TapAdapter not found
- Go to Network Connections in Windows 7 [Control Panel\Network and Internet\Network Connections]
- Rename TAP-Win32 Adapter to “MyTap” as described in server.ovpn [Names should match in both server.ovpn and Adapter name]
Run OpenVPN GUI
- Start->All Programs->OpenVPN->OpenVPN GUI
- It will come to status bar as notification icon [Default: bottom]
- Rightclick on OpenVPN GUI and click on “Connect”
- It should display proper log, if any error please search in Google and openvpn forums
References
https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide
http://blog.defron.org/2013/01/openvpn-server-on-windows.html
Please send your feedback and comments to psrdotcom@gmail.com
Blogger Labels: OpenVPN,Server,Installation,Objective,Install,machine,tutorial,Easy_Windows_Guide,requisites,Disable,Firewall,Enable,Inbound,Rule,port,Download,Version,Administrator,privileges,Specify,path,folder,spaces,Example,directory,Program,Files,Navigate,Create,Paste,Network,Connections,Control,Panel,Internet,Rename,Adapter,MyTap,client,needs,connection,protocol,performance,node,interface,modification,gateway,traffic,option,OpenDNS,compression,status,Creation,Initial,Configuration,Open,notepad,Change,HOME,province,KEY_NAME,KEY_OU,VPNer,Certificate,Generation,Accept,Common,Name,Enter,parameter,Sign,Commit,laptop,Exchange,Diffie,Hellman,Send,Resolution,directive,combination,Give,TapAdapter,Start,notification,icon,Default,bottom,Rightclick,Connect,error,Google,Certificates,Errors,forums,References,wiki,config,ovpn,dhcp,init,vars
No comments:
Post a Comment