Bobcares

Setup OpenVPN on Windows Server – How we do it

by | Feb 23, 2021

Wondering how to setup OpenVPN on a Windows server? We can help you with it.

Here at Bobcares, we have seen several such Windows-related errors as part of our Server Management Services for web hosts and online service providers.

Today we’ll see how to install and configure OpenVPN on Windows.

 

How to setup OpenVPN on Windows

Now let’s take a look at how our Support Engineers set up the OpenVPN on Windows.

 

Section 1 – Installing OpenVPN

Download and Install OpenVPN

On a Windows server, first, we download the Windows installer and then run it on our Windows server. Once that completes, we begin the configuration portion of the setup.

 

Configuration, Certificates, and Keys

Step 1: Change Directory

1. First, we open the Start menu and go to “Windows System” and then right-click on “Command Prompt” >> “More” >> select “Run as Administrator.”

2. Next, we right-click the menu item “Command Prompt”.

3. On the “User Account Control” pop-up window, we click “Yes” to accept the program to make changes this the server.

4. Then we browse to the following folder location using the cd command in the administrative command prompt.

cd C:\Program Files\OpenVPN\easy-rsa

 

Step 2: Configure OpenVPN Server

1. We can begin the OpenVPN configuration by typing the following command.

init-config

2. Next, we open the “vars.bat” file in the notepad text editor.

notepad vars.bat

3. Then, we edit the below lines switching the “US”, “CA,” settings that are consistent with the business’ location.

set KEY_COUNTRY=US
set KEY_PROVINCE=CA
set KEY_CITY=SanFrancisco
set KEY_ORG=OpenVPN
set KEY_EMAIL=mail@host.domain

4. We then save the file and exit Notepad.

5. Next, we will run the following commands.

vars
clean-all

 

Step 3: Create Certificates and Keys

1. In order to create the Certificate Authority (CA) certificate and key, we run the following command.

build-ca

2. This will prompt to enter the country, state, and city. These options will also have default values, which appear within brackets. For the “Common Name,” the most beneficial choice is to choose a unique name to distinguish the company.

Certificate Authority “OpenVPN-CA”:
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:OpenVPN-CA
Email Address [mail@host.domain]:

3. Next, we initiate the server’s certificate and key using this command:

build-key-server server
  • Enter the “Common Name” as “server” when prompted
  • When prompted to sign the certificate, enter “y”
  • When prompted to commit, enter “y”

 

Step 4: Create Client/Server Certificates and Keys

1. First, we create our keys using the following command.

C:\Program Files\OpenVPN\easy-rsa>build-key-server.bat

2. For each client that will be connecting to the server, we must choose a unique name to identify that user’s computer, such as “bob-laptop” in the example below.

build-key bob-laptop

3. Next, when prompted, we enter the “Common Name” as the name we have chosen for the client’s cert/key. We will repeat this step for every client computer that is going to connect to the VPN.

C:\Program Files\OpenVPN\easy-rsa>build-key bob-laptop

4. Now, we generate the “Diffie Hellman” parameters using the build-dh command. This step is necessary to set up the encryption model.

C:\Program Files\OpenVPN\easy-rsa>build-dh.bat

5. Next, we will generate a shared secret key (which is required when using tls-auth)

“C:\Program Files\OpenVPN\bin\openvpn.exe” –genkey –secret “C:\Program Files\OpenVPN\easy-rsa\keys\ta.key”

 

Section 2 – Configure OpenVPN

OpenVPN provides sample configuration data. We can find it using the start menu: Start Menu >> All Programs >> OpenVPN >> OpenVPN Sample Configuration Files

Configure Server

Step 1: Copy/Edit Files

Let us begin by copying the sample “server configuration” file over to the easy-rsa folder. Here is the command and its output:

copy “C:\Program Files\OpenVPN\sample-config\server.ovpn” “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn”

copy “C:\Program Files\OpenVPN\easy-rsa” “C:\Program files\OpenVPN\bin\openvpn.exe” –genkey –secret

copy “C:\Program Files\OpenVPN\easy-rsa\keys\ta.key” “C:\Program Files\OpenVPN\easy-rsa”

copy “C:\Program Files\OpenVPN\sample-config\server.ovpn” “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn” 1 file(s) copied.

2. Next, we will edit the server.ovpn file.

notepad “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn

3. Now, we locate the following lines within the file:

ca – ca.crt
cert – server.crt
key – server.key
dh – dh2048.pem

Then edit them as follows:

ca “C:\\Program Files\\OpenVPN\config\ca.crt”
cert “C:\\Program Files\OpenVPN\config\server.crt”
key “C:\\Program Files\OpenVPN\config\server.key”
dh “C:\\Program Files\OpenVPN\config\dh2048.pem”

4. Finally, we save and close the file.

 

Step 2: Client Config Files

1. First, we begin by copying the sample “server configuration” file over to the easy-rsa folder. Here is the command and its output:

copy “C:\Program Files\OpenVPN\sample-config\server.ovpn” “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn”
C:\Program Files\OpenVPN\easy-rsa “C:\Program files\OpenVPN\bin\openvpn.exe” –genkey –secret “C:\Program Files\OpenVPN\easy-rsa\keys\ta.key”
C:\Program Files\OpenVPN\easy-rsa copy “C:\Program Files\OpenVPN\sample-config\server.ovpn” “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn”
1 file(s) copied.
C:\Program Files\OpenVPN\easy-rsa

2. Next, we will need to edit the server.ovpn file.

notepad “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn”

3. Now, we locate the following lines within the file:

ca ca.crt
cert server.crt
key server.key
dh dh2048.pem

Then we edit them as follows:

ca “C:\\Program Files\OpenVPN\config\ca.crt”
cert “C:\\Program Files\OpenVPN\config\server.crt”
key “C:\\Program Files\OpenVPN\config\server.key”
dh “C:\\Program Files\OpenVPN\config\dh2048.pem”

4. Finally, we save and close the file.

 

Configure Client

Step 1: Copy Files

1. Now we can copy the following files on the client from C:\Program Files\OpenVPN\easy-rsa\keys\ toC:\Program Files\OpenVPN\config\ on the server using the robocopy command:

-ca.crt
-ta.key
-dh2048.pem
-server.crt
-server.key
-server.ovpn
robocopy “C:\Program Files\OpenVPN\easy-rsa\keys\ ” “C:\Program Files\OpenVPN\config\”

2. Now, we can copy the following files on the server from C:\Program Files\OpenVPN\easy-rsa\keys\ to C:\Program Files\OpenVPN\config\ for each client that will be using the VPN (e.g., bob-laptop in this example)

-ca.crt
-ta.key
-bob-laptop.crt
-bob-laptop.key
-bob-laptop.ovpn
robocopy “C:\Program Files\OpenVPN\easy-rsa\keys\ ” “C:\Program Files\OpenVPN\config\ ” ca.crt ta.key dh2048.pem server.crt server.key server.ovpn

 

Starting OpenVPN 

Next, on both the server and the client, we need to run OpenVPN from: Start Menu >> All Programs >> OpenVPN >> OpenVPN GUI

Finally, we double-click the icon which appears in the system tray to start the connection. The subsequent dialog box will close upon an effective start.

[Still not able to install and configure OpenVPN on Windows? – We are here to help you]

 

Conclusion

Today, we saw how our Support Engineers setup OpenVPN on windows.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF