127 | | This is similar to the server |
128 | | |
129 | | == Further Considerations / Troubleshoting == |
130 | | |
131 | | == Port Forwarding == |
| 128 | This is similar to the server configuration |
| 129 | 1. Open client.ovpn |
| 130 | 2. Find the following lines: |
| 131 | {{{ |
| 132 | ca ca.crt |
| 133 | cert client.crt |
| 134 | key client.key |
| 135 | }}} |
| 136 | 3. Edit them as follows: |
| 137 | {{{ |
| 138 | ca "C:\\Program Files\\OpenVPN\\config\\ca.crt" |
| 139 | cert "C:\\Program Files\\OpenVPN\\config\\mike-laptop.crt" |
| 140 | key "C:\\Program Files\\OpenVPN\\config\\mike-laptop.key" |
| 141 | }}} |
| 142 | * Notice that the name of the client certificate and key files depends upon the Common Name of each client. |
| 143 | 4. Edit the following line, replacing "my-server-1" with your server's public Internet IP Address or Domain Name. If you need help, see [[#Static Internet IP|Static Internet IP]] below. |
| 144 | {{{ |
| 145 | remote my-server-1 1194 |
| 146 | }}} |
| 147 | 5. Save the file as C:\Program Files\OpenVPN\easy-rsa\mike-laptop.ovpn (in this example. Each client will need a different, but similar, config file depending upon that client's Common Name.) |
| 148 | |
| 149 | == Copying the Server and Client Files to Their Appropriate Directories == |
| 150 | |
| 151 | 1. Copy these files from C:\Program Files\OpenVPN\easy-rsa\ to C:\Program Files\OpenVPN\config\ on the server: |
| 152 | {{{ |
| 153 | ca.crt |
| 154 | dh1024.pem |
| 155 | server.crt |
| 156 | server.key |
| 157 | server.ovpn |
| 158 | }}} |
| 159 | |
| 160 | 2. Copy these files from C:\Program Files\OpenVPN\easy-rsa\ on the server to C:\Program Files\OpenVPN\config\ on each client (mike-laptop, in this example): |
| 161 | {{{ |
| 162 | ca.crt |
| 163 | mike-laptop.crt |
| 164 | mike-laptop.key |
| 165 | mike-laptop.ovpn |
| 166 | }}} |
| 167 | |
| 168 | == Starting OpenVPN == |
| 169 | |
| 170 | 1. On both client and server, run OpenVPN from: |
| 171 | {{{ |
| 172 | Start Menu -> All Programs -> OpenVPN -> OpenVPN GUI |
| 173 | }}} |
| 174 | |
| 175 | 2. Double click the icon which shows up in the system tray to initiate the connection. The resulting dialog should close upon a successful start. |
| 176 | |
| 177 | == Further Considerations / Troubleshooting == |
| 178 | |
| 179 | === Firewall Configuration === |
| 180 | If you have connection problems, make sure to set a rule on your server's firewall allowing incoming traffic on UDP port 1194. |
| 181 | |
| 182 | === Port Forwarding === |
135 | | To set up port forwarding, you will likely need to set up the server with a static local IP address instead of the default dynamic (changing) IP. Instructions for Windows XP may be found [http://www.ehow.com/how_4393725_static-ip-address-win-xp.html here]. Make sure to choose a static IP address that is not in the range your router might assign as a dynamic IP. |
136 | | |
137 | | == Static Internet IP == |
138 | | |
139 | | Your server will need to have a static internet IP or Domain Name to be accessible over the long term. One solution is to sign up for an account with DynDNS and install the DynDNS Updater on your server. When signing up you will determine the static DNS of your server. (For example, "myserver.dyndns.org") |
| 186 | To set up port forwarding, you will likely need to set up the server with a static local IP address instead of the default dynamic (changing) IP. Instructions for Windows XP may be found [http://www.ehow.com/how_4393725_static-ip-address-win-xp.html here]. Make sure to choose a static IP address that is not in the range your router might assign as a dynamic IP, but is within the router's subnet (usually 192.168.0.xxx , 10.0.0.xxx , or similar). |
| 187 | |
| 188 | === Static Internet IP === |
| 189 | |
| 190 | Your server will need to have a static internet IP or Domain Name to be accessible over the long term. One solution is to sign up for an account with DynDNS and install the DynDNS Updater on your server. When signing up you will determine the static Domain Name of your server. (For example, "myserver.dyndns.org") You will use this Domain Name in the client configuration files as part of the "remote" directive. |
| 191 | |
| 192 | === OpenVPN as a Service === |
| 193 | Running OpenVPN as a service will allow: |
| 194 | a. OpenVPN to be run from a non-administrator account. |
| 195 | b. OpenVPN to be started automatically on system startup. This is often preferred on the server machine, as well as any machines which will be constantly connected to the server. |
| 196 | |
| 197 | 1. Run the Windows Service administrative tool: |
| 198 | a. Press Windows Key + R |
| 199 | b. Type "services.msc" and press Enter. |
| 200 | {{{ |
| 201 | services.msc |
| 202 | }}} |
| 203 | |
| 204 | 2. Find the OpenVPN service, and set its Startup Type to "automatic." |
| 205 | |
| 206 | 3. Optionally, start the service now. |
| 207 | |
| 208 | === Security Tips === |
| 209 | |
| 210 | 1. Transmit all needed files to the client computers using a secure means such as a USB drive (email is not always a secure means). |
| 211 | |
| 212 | 2. Choose a port other than UDP 1194, and replace the port number wherever this guide mentions UDP port 1194. |