Install openVPN on Windows

October 30, 2009 by Jean

Notes on how to setup openVPN on Windows.

Most of the notes below are straight from the official openVPN HOWTO page.

1. Choose between bridging and routing

The first thing is to decide between bridging and routing for your openVPN setup. Routing is easier to setup, but has limitations. Confused or not sure? Visit this guide. We are going to use routing for what follows.

2. Install openVPN

Download openVPN, follow the instructions for the install. Nothing out of the ordinary.

3. Bridge the interfaces

A new TAP-Win32 interface was created during the install. It needs to be bridged with the physical interface where openVPN requests will be forwarded to by the firewall/router. This page describes bridging on Windows very well.

Note that the bridging process will probably make the server lose its internet connectivity: better do it with physical access to the server. The IP configuration will need to be re-entered for the bridged connection.

4. Configure server

If using port 443, make sure that another service (Apache) is not using the same port.

5. Configure client

6. Create certificates and keys

Edit C:/Program Files/OpenVPN/easy-rsa/build-key.bat and remove the -node argument. This will force the use of a password when a client connects.

Edit the vars.bat.sample with the default values to use.

In order:

  • init-config
  • vars
  • clean-all
  • build-ca (use the server name for the common name)
  • build-key-server server (use server as well for the common name, do not substitute)
  • build-key clientName
  • build-dh
openvpn --genkey --secret ta.key

Server side, copy the files in /config:

  • ca.crt
  • dh1024.pem
  • server.crt
  • server.key
  • ta.key

Distribute to the client for its /config:

  • ca.crt
  • clientName.crt
  • clientName.key
  • ta.key

In: Windows