Home Tips & Resources Windows 7 OpenVPN Server
 
Windows 7 OpenVPN Server PDF Print E-mail
Written by Travis Nuske   
Share
 
If you feel this tip has saved you time or effort, please consider buying us a cuppa coffee to keep things going!

Prepare OpenVPN server on Windows 7

Download the latest windows version of the OpenVPN package here: http://openvpn.net/index.php/open-source/downloads.html

OpenVPN Server PC config

Make sure that the PC that is going to act as your server has a static IP v4 address.

Network Config

Make sure that the internet connection your Windows OpenVPN server is connected to has a static IP address. You can check your current internet IP address by pointing a browser at: http://www.whatismyip.com/

OpenVPN server can be setup on a network that has a dynamic IP address (one given by the provider that can change from time to time) using a Dynamic DNS service. DynDnS is beyond the scope of this how-to.

Setup OpenVPN Server on Windows 7

Start by running the installer on your windows 7 machine. Choose all the default options for the installation, except the installation path.  I suggest installing the OpenVPN software to c:\OpenVPN instead of the default program files path, as the default security settings on the program files folder can make it difficult to modify the config files.

Sample network details:

  • Server Hostname: server
  • Server connected LAN address: 192.168.1.0 mask 255.255.255.0
  • Server public address: 1.2.3.4
  • Server LAN network private address: 192.168.1.254
  • VPN address: 10.8.0.0 mask 255.255.255.0

Using my sample network details as a guide, you will need a server config file. This is a plain text file with the .ovpn file extension:

## server.ovpn ##
port 1194
proto tcp
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option WINS 192.168.1.1"
push "dhcp-option DNS 192.168.1.1"
keepalive 10 120
comp-lzo
max-clients 1
persist-key
persist-tun
status openvpn-status.log
verb 3

Pop this file in the config folder of the OpenVPN server eg. C:\OpenVPN\config

Creating OpenVPN Server & Client Certificates

The first step is to setup the easy-rsa scripts.

At an elevated command prompt on the OpenVPN server, run:

C:\OpenVPN\easy-rsa> init-config

Note: running this script will reset the certificate system, and make all existing certificates invalid.

A new file will appear C:\OpenVPN\easy-rsa\vars.bat. Open this up with a text editor and change the lines listed below to values appropriate for your organisation:

set KEY_COUNTRY=
set KEY_PROVINCE=
set KEY_CITY=
set KEY_ORG=
set KEY_EMAIL=

Save the file and then run these commands to build the root keys:

C:\Program Files\OpenVPN\easy-rsa>vars

C:\Program Files\OpenVPN\easy-rsa>clean-all 

C:\Program Files\OpenVPN\easy-rsa>build-ca

Most of the variables for the root certificate will now be filled in using the values you specified in the vars.bat file, but you may be asked to put in other values - fill these in as required.

Once this process is complete you will have a few new files in the easy-rsa folder. Copy the ca.crt certificate into the C:\OpenVPN\config folder.

Server Certificate

Now the root certificate is done, you can go ahead an create the server certificate. From the elevated command prompt:

C:\Program Files\OpenVPN\easy-rsa>vars

C:\Program Files\OpenVPN\easy-rsa>build-key-server server

When prompted, set the Common Name to the server's hostname.

Once the server key is done, run the following command to create a dh1024.pem parameters file

C:\Program Files\OpenVPN\easy-rsa> build-dh

You now need to copy three files - server.crt , server.key and dh1024.pem into your config folder.

Client Certificates

On the server:

C:\Program Files\OpenVPN\easy-rsa> vars
C:\Program Files\OpenVPN\easy-rsa> build-key <desired remote user name>

Once OpenVPN is installed on the client (remote) machine, copy the ca.crt, <username>.crt and <username>.key files onto the config folder of the client.

Client Configuration

Install the OpenVPN windows software on the client (remote) machine in the same way you installed the server.

Create a new text file in the config folder of the OpenVPN folder and paste the following code:

## remote.ovpn ##
client
dev tap
proto tcp
remote <server External IP address> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert <username>.crt
key <username>.key
comp-lzo
verb 3
route-delay

References:

http://openvpn.net/index.php/open-source/downloads.html

http://www.whatismyip.com/

http://www.runpcrun.com/howtoopenvpn

 
Last Updated on Thursday, 11 August 2011 12:35
 

Add comment


Security code
Refresh