Bobcares

Setup OpenVPN on Windows Server – How we do it

by | Feb 23, 2021

Wondering how to setup OpenVPN on a Windows server? We can help you with it.

Here at Bobcares, we have seen several such Windows-related errors as part of our Server Management Services for web hosts and online service providers.

Today we’ll see how to install and configure OpenVPN on Windows.

 

How to setup OpenVPN on Windows

Now let’s take a look at how our Support Engineers set up the OpenVPN on Windows.

 

Section 1 – Installing OpenVPN

Download and Install OpenVPN

On a Windows server, first, we download the Windows installer and then run it on our Windows server. Once that completes, we begin the configuration portion of the setup.

 

Configuration, Certificates, and Keys

Step 1: Change Directory

1. First, we open the Start menu and go to “Windows System” and then right-click on “Command Prompt” >> “More” >> select “Run as Administrator.”

2. Next, we right-click the menu item “Command Prompt”.

3. On the “User Account Control” pop-up window, we click “Yes” to accept the program to make changes this the server.

4. Then we browse to the following folder location using the cd command in the administrative command prompt.

cd C:\Program Files\OpenVPN\easy-rsa

 

Step 2: Configure OpenVPN Server

1. We can begin the OpenVPN configuration by typing the following command.

init-config

2. Next, we open the “vars.bat” file in the notepad text editor.

notepad vars.bat

3. Then, we edit the below lines switching the “US”, “CA,” settings that are consistent with the business’ location.

set KEY_COUNTRY=US
set KEY_PROVINCE=CA
set KEY_CITY=SanFrancisco
set KEY_ORG=OpenVPN
set KEY_EMAIL=mail@host.domain

4. We then save the file and exit Notepad.

5. Next, we will run the following commands.

vars
clean-all

 

Step 3: Create Certificates and Keys

1. In order to create the Certificate Authority (CA) certificate and key, we run the following command.

build-ca

2. This will prompt to enter the country, state, and city. These options will also have default values, which appear within brackets. For the “Common Name,” the most beneficial choice is to choose a unique name to distinguish the company.

Certificate Authority “OpenVPN-CA”:
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:OpenVPN-CA
Email Address [mail@host.domain]:

3. Next, we initiate the server’s certificate and key using this command:

build-key-server server
  • Enter the “Common Name” as “server” when prompted
  • When prompted to sign the certificate, enter “y”
  • When prompted to commit, enter “y”

 

Step 4: Create Client/Server Certificates and Keys

1. First, we create our keys using the following command.

C:\Program Files\OpenVPN\easy-rsa>build-key-server.bat

2. For each client that will be connecting to the server, we must choose a unique name to identify that user’s computer, such as “bob-laptop” in the example below.

build-key bob-laptop

3. Next, when prompted, we enter the “Common Name” as the name we have chosen for the client’s cert/key. We will repeat this step for every client computer that is going to connect to the VPN.

C:\Program Files\OpenVPN\easy-rsa>build-key bob-laptop

4. Now, we generate the “Diffie Hellman” parameters using the build-dh command. This step is necessary to set up the encryption model.

C:\Program Files\OpenVPN\easy-rsa>build-dh.bat

5. Next, we will generate a shared secret key (which is required when using tls-auth)

“C:\Program Files\OpenVPN\bin\openvpn.exe” –genkey –secret “C:\Program Files\OpenVPN\easy-rsa\keys\ta.key”

 

Section 2 – Configure OpenVPN

OpenVPN provides sample configuration data. We can find it using the start menu: Start Menu >> All Programs >> OpenVPN >> OpenVPN Sample Configuration Files

Configure Server

Step 1: Copy/Edit Files

Let us begin by copying the sample “server configuration” file over to the easy-rsa folder. Here is the command and its output:

copy “C:\Program Files\OpenVPN\sample-config\server.ovpn” “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn”

copy “C:\Program Files\OpenVPN\easy-rsa” “C:\Program files\OpenVPN\bin\openvpn.exe” –genkey –secret

copy “C:\Program Files\OpenVPN\easy-rsa\keys\ta.key” “C:\Program Files\OpenVPN\easy-rsa”

copy “C:\Program Files\OpenVPN\sample-config\server.ovpn” “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn” 1 file(s) copied.

2. Next, we will edit the server.ovpn file.

notepad “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn

3. Now, we locate the following lines within the file:

ca – ca.crt
cert – server.crt
key – server.key
dh – dh2048.pem

Then edit them as follows:

ca “C:\\Program Files\\OpenVPN\config\ca.crt”
cert “C:\\Program Files\OpenVPN\config\server.crt”
key “C:\\Program Files\OpenVPN\config\server.key”
dh “C:\\Program Files\OpenVPN\config\dh2048.pem”

4. Finally, we save and close the file.

 

Step 2: Client Config Files

1. First, we begin by copying the sample “server configuration” file over to the easy-rsa folder. Here is the command and its output:

copy “C:\Program Files\OpenVPN\sample-config\server.ovpn” “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn”
C:\Program Files\OpenVPN\easy-rsa “C:\Program files\OpenVPN\bin\openvpn.exe” –genkey –secret “C:\Program Files\OpenVPN\easy-rsa\keys\ta.key”
C:\Program Files\OpenVPN\easy-rsa copy “C:\Program Files\OpenVPN\sample-config\server.ovpn” “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn”
1 file(s) copied.
C:\Program Files\OpenVPN\easy-rsa

2. Next, we will need to edit the server.ovpn file.

notepad “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn”

3. Now, we locate the following lines within the file:

ca ca.crt
cert server.crt
key server.key
dh dh2048.pem

Then we edit them as follows:

ca “C:\\Program Files\OpenVPN\config\ca.crt”
cert “C:\\Program Files\OpenVPN\config\server.crt”
key “C:\\Program Files\OpenVPN\config\server.key”
dh “C:\\Program Files\OpenVPN\config\dh2048.pem”

4. Finally, we save and close the file.

 

Configure Client

Step 1: Copy Files

1. Now we can copy the following files on the client from C:\Program Files\OpenVPN\easy-rsa\keys\ toC:\Program Files\OpenVPN\config\ on the server using the robocopy command:

-ca.crt
-ta.key
-dh2048.pem
-server.crt
-server.key
-server.ovpn
robocopy “C:\Program Files\OpenVPN\easy-rsa\keys\ ” “C:\Program Files\OpenVPN\config\”

2. Now, we can copy the following files on the server from C:\Program Files\OpenVPN\easy-rsa\keys\ to C:\Program Files\OpenVPN\config\ for each client that will be using the VPN (e.g., bob-laptop in this example)

-ca.crt
-ta.key
-bob-laptop.crt
-bob-laptop.key
-bob-laptop.ovpn
robocopy “C:\Program Files\OpenVPN\easy-rsa\keys\ ” “C:\Program Files\OpenVPN\config\ ” ca.crt ta.key dh2048.pem server.crt server.key server.ovpn

 

Starting OpenVPN 

Next, on both the server and the client, we need to run OpenVPN from: Start Menu >> All Programs >> OpenVPN >> OpenVPN GUI

Finally, we double-click the icon which appears in the system tray to start the connection. The subsequent dialog box will close upon an effective start.

[Still not able to install and configure OpenVPN on Windows? – We are here to help you]

 

Conclusion

Today, we saw how our Support Engineers setup OpenVPN on windows.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.