Wondering how to setup OpenVPN on a Windows server? We can help you with it.
Here at Bobcares, we have seen several such Windows-related errors as part of our Server Management Services for web hosts and online service providers.
Today we’ll see how to install and configure OpenVPN on Windows.
How to setup OpenVPN on Windows
Now let’s take a look at how our Support Engineers set up the OpenVPN on Windows.
Section 1 – Installing OpenVPN
Download and Install OpenVPN
On a Windows server, first, we download the Windows installer and then run it on our Windows server. Once that completes, we begin the configuration portion of the setup.
Configuration, Certificates, and Keys
Step 1: Change Directory
1. First, we open the Start menu and go to “Windows System” and then right-click on “Command Prompt” >> “More” >> select “Run as Administrator.”
2. Next, we right-click the menu item “Command Prompt”.
3. On the “User Account Control” pop-up window, we click “Yes” to accept the program to make changes this the server.
4. Then we browse to the following folder location using the cd command in the administrative command prompt.
cd C:\Program Files\OpenVPN\easy-rsa
Step 2: Configure OpenVPN Server
1. We can begin the OpenVPN configuration by typing the following command.
init-config2. Next, we open the “vars.bat” file in the notepad text editor.
notepad vars.bat3. Then, we edit the below lines switching the “US”, “CA,” settings that are consistent with the business’ location.
set KEY_COUNTRY=US set KEY_PROVINCE=CA set KEY_CITY=SanFrancisco set KEY_ORG=OpenVPN set KEY_EMAIL=mail@host.domain
4. We then save the file and exit Notepad.
5. Next, we will run the following commands.
vars
clean-all
Step 3: Create Certificates and Keys
1. In order to create the Certificate Authority (CA) certificate and key, we run the following command.
build-ca2. This will prompt to enter the country, state, and city. These options will also have default values, which appear within brackets. For the “Common Name,” the most beneficial choice is to choose a unique name to distinguish the company.
Certificate Authority “OpenVPN-CA”: Country Name (2 letter code) [US]: State or Province Name (full name) [CA]: Locality Name (eg, city) [SanFrancisco]: Organization Name (eg, company) [OpenVPN]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server’s hostname) []:OpenVPN-CA Email Address [mail@host.domain]:
3. Next, we initiate the server’s certificate and key using this command:
build-key-server server- Enter the “Common Name” as “server” when prompted
- When prompted to sign the certificate, enter “y”
- When prompted to commit, enter “y”
Step 4: Create Client/Server Certificates and Keys
1. First, we create our keys using the following command.
C:\Program Files\OpenVPN\easy-rsa>build-key-server.bat2. For each client that will be connecting to the server, we must choose a unique name to identify that user’s computer, such as “bob-laptop” in the example below.
build-key bob-laptop3. Next, when prompted, we enter the “Common Name” as the name we have chosen for the client’s cert/key. We will repeat this step for every client computer that is going to connect to the VPN.
C:\Program Files\OpenVPN\easy-rsa>build-key bob-laptop4. Now, we generate the “Diffie Hellman” parameters using the build-dh command. This step is necessary to set up the encryption model.
C:\Program Files\OpenVPN\easy-rsa>build-dh.bat5. Next, we will generate a shared secret key (which is required when using tls-auth)
“C:\Program Files\OpenVPN\bin\openvpn.exe” –genkey –secret “C:\Program Files\OpenVPN\easy-rsa\keys\ta.key”
Section 2 – Configure OpenVPN
OpenVPN provides sample configuration data. We can find it using the start menu: Start Menu >> All Programs >> OpenVPN >> OpenVPN Sample Configuration Files
Configure Server
Step 1: Copy/Edit Files
Let us begin by copying the sample “server configuration” file over to the easy-rsa folder. Here is the command and its output:
copy “C:\Program Files\OpenVPN\sample-config\server.ovpn” “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn” copy “C:\Program Files\OpenVPN\easy-rsa” “C:\Program files\OpenVPN\bin\openvpn.exe” –genkey –secret copy “C:\Program Files\OpenVPN\easy-rsa\keys\ta.key” “C:\Program Files\OpenVPN\easy-rsa” copy “C:\Program Files\OpenVPN\sample-config\server.ovpn” “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn” 1 file(s) copied.
2. Next, we will edit the server.ovpn file.
notepad “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn3. Now, we locate the following lines within the file:
ca – ca.crt cert – server.crt key – server.key dh – dh2048.pem
Then edit them as follows:
ca “C:\\Program Files\\OpenVPN\config\ca.crt” cert “C:\\Program Files\OpenVPN\config\server.crt” key “C:\\Program Files\OpenVPN\config\server.key” dh “C:\\Program Files\OpenVPN\config\dh2048.pem”
4. Finally, we save and close the file.
Step 2: Client Config Files
1. First, we begin by copying the sample “server configuration” file over to the easy-rsa folder. Here is the command and its output:
copy “C:\Program Files\OpenVPN\sample-config\server.ovpn” “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn” C:\Program Files\OpenVPN\easy-rsa “C:\Program files\OpenVPN\bin\openvpn.exe” –genkey –secret “C:\Program Files\OpenVPN\easy-rsa\keys\ta.key” C:\Program Files\OpenVPN\easy-rsa copy “C:\Program Files\OpenVPN\sample-config\server.ovpn” “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn” 1 file(s) copied. C:\Program Files\OpenVPN\easy-rsa
2. Next, we will need to edit the server.ovpn file.
notepad “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn”3. Now, we locate the following lines within the file:
ca ca.crt cert server.crt key server.key dh dh2048.pem
Then we edit them as follows:
ca “C:\\Program Files\OpenVPN\config\ca.crt” cert “C:\\Program Files\OpenVPN\config\server.crt” key “C:\\Program Files\OpenVPN\config\server.key” dh “C:\\Program Files\OpenVPN\config\dh2048.pem”
4. Finally, we save and close the file.
Configure Client
Step 1: Copy Files
1. Now we can copy the following files on the client from C:\Program Files\OpenVPN\easy-rsa\keys\ toC:\Program Files\OpenVPN\config\ on the server using the robocopy command:
-ca.crt -ta.key -dh2048.pem -server.crt -server.key -server.ovpn
robocopy “C:\Program Files\OpenVPN\easy-rsa\keys\ ” “C:\Program Files\OpenVPN\config\”2. Now, we can copy the following files on the server from C:\Program Files\OpenVPN\easy-rsa\keys\ to C:\Program Files\OpenVPN\config\ for each client that will be using the VPN (e.g., bob-laptop in this example)
-ca.crt -ta.key -bob-laptop.crt -bob-laptop.key -bob-laptop.ovpn
robocopy “C:\Program Files\OpenVPN\easy-rsa\keys\ ” “C:\Program Files\OpenVPN\config\ ” ca.crt ta.key dh2048.pem server.crt server.key server.ovpn
Starting OpenVPN
Next, on both the server and the client, we need to run OpenVPN from: Start Menu >> All Programs >> OpenVPN >> OpenVPN GUI
Finally, we double-click the icon which appears in the system tray to start the connection. The subsequent dialog box will close upon an effective start.
[Still not able to install and configure OpenVPN on Windows? – We are here to help you]
Conclusion
Today, we saw how our Support Engineers setup OpenVPN on windows.
0 Comments