Setup OpenVPN on Windows Server

Windows

Are you trying to setup OpenVPN on a Windows server?

This guide is for you.

OpenVPN is an open-source VPN protocol that makes use of virtual private network (VPN) techniques to establish safe site-to-site or point-to-point connections.

It has emerged to become the de-facto standard in the open source networking space.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform Windows related tasks and Software Installations.

In this context, we shall look into how to install and configure OpenVPN on Windows.

How to setup OpenVPN on Windows ?

Follow the process given below to set up the OpenVPN on Windows.

How to Install OpenVPN ?

To Download and Install OpenVPN, On a Windows server, first, we download the Windows installer and then run it on our Windows server.

Once that completes, we begin the configuration portion of the setup.

Then, we proceed with its configuration, Certificates installation as well as th keys.

1. Change Directory

i. First, we open the Start menu and go to "Windows System" and then right-click on "Command Prompt" >> "More" >> select "Run as Administrator".

ii. Next, we right-click the menu item “Command Prompt”.

iii. On the “User Account Control” pop-up window, we click "Yes" to accept the program to make changes this the server.

iv. Then we browse to the following folder location using the cd command in the administrative command prompt:

cd C:\Program Files\OpenVPN\easy-rsa

2. Configure OpenVPN Server

i. We can begin the OpenVPN configuration by typing the following command:

init-config

ii. Next, we open the “vars.bat” file in the notepad text editor:

notepad vars.bat

iii. Then, we edit the below lines switching the "US", "CA", settings that are consistent with the business location:

set KEY_COUNTRY=US
set KEY_PROVINCE=CA
set KEY_CITY=SanFrancisco
set KEY_ORG=OpenVPN
set KEY_EMAIL=mail@host.domain

iv. We then save the file and exit Notepad.

v. Next, we will run the following commands:

vars

clean-all

3. Create Certificates and Keys

i. In order to create the Certificate Authority (CA) certificate and key, we run the following command:

build-ca

ii. This will prompt to enter the country, state, and city. These options will also have default values, which appear within brackets.

For the "Common Name", the most beneficial choice is to choose a unique name to distinguish the company:

Certificate Authority "OpenVPN-CA":
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:OpenVPN-CA
Email Address [mail@host.domain]:

iii. Next, we initiate the server's certificate and key using this command:

build-key-server server

a. Enter the "Common Name" as "server" when prompted

b. When prompted to sign the certificate, enter "y"

c. When prompted to commit, enter "y"

4. Create Client/Server Certificates and Keys

i. First, we create our keys using the following command:

C:\Program Files\OpenVPN\easy-rsa>build-key-server.bat

ii. For each client that will be connecting to the server, we must choose a unique name to identify that user's computer, such as “ibmimedia-laptop” in the example below:

build-key ibmimedia-laptop

iii. Next, when prompted, we enter the "Common Name" as the name we have chosen for the client’s cert/key.

We will repeat this step for every client computer that is going to connect to the VPN:

C:\Program Files\OpenVPN\easy-rsa>build-key ibmimedia-laptop

iv. Now, we generate the "Diffie Hellman" parameters using the build-dh command.

This step is necessary to set up the encryption model:

C:\Program Files\OpenVPN\easy-rsa>build-dh.bat

v. Next, we will generate a shared secret key (which is required when using tls-auth):

"C:\Program Files\OpenVPN\bin\openvpn.exe" –genkey –secret "C:\Program Files\OpenVPN\easy-rsa\keys\ta.key"

How to Configure OpenVPN ?

OpenVPN provides sample configuration data. We can find it using the start menu:

Start Menu >> All Programs >> OpenVPN >> OpenVPN Sample Configuration Files

To Configure Server:

Step 1: Copy/Edit Files

1. Let us begin by copying the sample “server configuration” file over to the easy-rsa folder.

Here is the command and its output:

copy “C:\Program Files\OpenVPN\sample-config\server.ovpn” “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn”
copy “C:\Program Files\OpenVPN\easy-rsa” “C:\Program files\OpenVPN\bin\openvpn.exe” –genkey –secret
copy “C:\Program Files\OpenVPN\easy-rsa\keys\ta.key” “C:\Program Files\OpenVPN\easy-rsa”
copy “C:\Program Files\OpenVPN\sample-config\server.ovpn” “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn” 1 file(s) copied.

2. Next, we will edit the server.ovpn file:

notepad “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn

3. Now, we locate the following lines within the file:

ca – ca.crt
cert – server.crt
key – server.key
dh – dh2048.pem

Then edit them as follows:

ca “C:\\Program Files\\OpenVPN\config\ca.crt”
cert “C:\\Program Files\OpenVPN\config\server.crt”
key “C:\\Program Files\OpenVPN\config\server.key”
dh “C:\\Program Files\OpenVPN\config\dh2048.pem”

4. Finally, we save and close the file.

Step 2: Client Config Files

1. First, we begin by copying the sample “server configuration” file over to the easy-rsa folder. Here is the command and its output:

copy “C:\Program Files\OpenVPN\sample-config\server.ovpn” “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn”
C:\Program Files\OpenVPN\easy-rsa “C:\Program files\OpenVPN\bin\openvpn.exe” –genkey –secret “C:\Program Files\OpenVPN\easy-rsa\keys\ta.key”
C:\Program Files\OpenVPN\easy-rsa copy “C:\Program Files\OpenVPN\sample-config\server.ovpn” “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn”
1 file(s) copied.
C:\Program Files\OpenVPN\easy-rsa

2. Next, we will need to edit the server.ovpn file:

notepad “C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn”

3. Now, we locate the following lines within the file:

ca ca.crt
cert server.crt
key server.key
dh dh2048.pem

Then we edit them as follows:

ca “C:\\Program Files\OpenVPN\config\ca.crt”
cert “C:\\Program Files\OpenVPN\config\server.crt”
key “C:\\Program Files\OpenVPN\config\server.key”
dh “C:\\Program Files\OpenVPN\config\dh2048.pem”

4. Finally, we save and close the file.

How to Configure Client ?

Step 1: Copy Files

1. Now we can copy the following files on the client from C:\Program Files\OpenVPN\easy-rsa\keys\ toC:\Program Files\OpenVPN\config\ on the server using the robocopy command:

-ca.crt
-ta.key
-dh2048.pem
-server.crt
-server.key
-server.ovpn
robocopy “C:\Program Files\OpenVPN\easy-rsa\keys\ ” “C:\Program Files\OpenVPN\config\”

2. Now, we can copy the following files on the server from C:\Program Files\OpenVPN\easy-rsa\keys\ to C:\Program Files\OpenVPN\config\ for each client that will be using the VPN (e.g., ibmi-laptop in this example):

-ca.crt
-ta.key
-ibmi-laptop.crt
-ibmi-laptop.key
-ibmi-laptop.ovpn
robocopy “C:\Program Files\OpenVPN\easy-rsa\keys\ ” “C:\Program Files\OpenVPN\config\ ” ca.crt ta.key dh2048.pem server.crt server.key server.ovpn

How to Start OpenVPN ?

Next, on both the server and the client, we need to run OpenVPN from: Start Menu >> All Programs >> OpenVPN >> OpenVPN GUI

Finally, we double-click the icon which appears in the system tray to start the connection. The subsequent dialog box will close upon an effective start.