Changes between Version 18 and Version 19 of Easy_Windows_Guide


Ignore:
Timestamp:
08/14/19 23:22:46 (4 days ago)
Author:
adgitate
Comment:

Needing elevated cmd, dh1024.pem -> dh2048.pem, add ta.key

Legend:

Unmodified
Added
Removed
Modified
  • Easy_Windows_Guide

    v18 v19  
    3636== Downloading and Installing OpenVPN ==
    3737
    38 1. Download the installer from [https://openvpn.net/index.php/open-source/downloads.html here] and run it on the server computer. Remember to adjust the Windows firewall (open the 1194 UDP port) and assign a static ip to the new created TAP interface (like 10.8.0.1).
     381. Download the installer from [https://openvpn.net/index.php/open-source/downloads.html here] and run it on the server computer.  During the setup, make sure to check mark the component named "EasyRSA 2 Certificate Management Scripts".
    3939
    40402. Install OpenVPN on each client. (This step can be skipped for now and done at any convenient time)
     
    4444=== Preparatory Steps ===
    4545
    46 1. Navigate to the C:\Program Files\OpenVPN\easy-rsa folder in the command prompt:
    47  a. Press Windows Key + R
    48  b. Type "cmd.exe" and press Enter.
    49 {{{
    50 cmd.exe
    51 }}}
    52  c. Navigate to the correct folder:
     461. Navigate to the C:\Program Files\OpenVPN\easy-rsa folder on an elevated command prompt:
     47 a. Open the start menu
     48 b. Type "cmd"
     49 c. Right-click on Command Prompt and choose "Run as Administrator"
     50 d. Right-click the menu item "Command Prompt"
     51 e. On the pop up User Account Control window, Click "Yes"
     52 f. Navigate to the correct folder:
    5353{{{
    5454cd "C:\Program Files\OpenVPN\easy-rsa"
     
    124124}}}
    125125
     1265. Generate a shared-secret key (Required when using tls-auth)
     127{{{
     128"C:\Program Files\OpenVPN\bin\openvpn.exe" --genkey --secret "C:\Program Files\OpenVPN\easy-rsa\keys\ta.key"
     129}}}
     130
    126131== Configuration Files ==
    127132
    128 1. Find the sample configuration files:
     133The sample configuration files can be easily found using the start menu:
    129134{{{
    130135Start Menu -> All Programs -> OpenVPN -> OpenVPN Sample Configuration Files
     
    132137
    133138=== Server Config File ===
    134 1. Open server.ovpn
    135 
    136 2. Find the following lines:
     1391. Copy the sample server configuration file to the easy-rsa folder
     140{{{
     141copy "C:\Program Files\OpenVPN\sample-config\server.ovpn" "C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn"
     142}}}
     143
     1442. Edit server.ovpn
     145{{{
     146notepad "C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn"
     147}}}
     148
     1493. Find the following lines:
    137150{{{
    138151ca ca.crt
     
    141154}}}
    142155{{{
    143 dh dh1024.pem
    144 }}}
    145 
    146 3. Edit them as follows:
     156dh dh2048.pem
     157}}}
     158
     1594. Edit them as follows:
    147160{{{
    148161ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
     
    151164}}}
    152165{{{
    153 dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
    154 }}}
    155 
    156 4. Save the file as C:\Program Files\OpenVPN\easy-rsa\server.ovpn
     166dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
     167}}}
     168
     1695. Save and close
    157170
    158171=== Client Config Files ===
    159172This is similar to the server configuration
    160173
    161 1. Open client.ovpn
     1741. Copy the sample server configuration file to the easy-rsa folder with client's Common Name as the file name (each client will have a different file name)
     175{{{
     176copy "C:\Program Files\OpenVPN\sample-config\client.ovpn" "C:\Program Files\OpenVPN\easy-rsa\keys\mike-laptop.ovpn"
     177}}}
     178
     1792. Edit client's config file
     180{{{
     181notepad "C:\Program Files\OpenVPN\easy-rsa\keys\mike-laptop.ovpn"
     182}}}
    162183
    1631842. Find the following lines:
     
    182203}}}
    183204
    184 5. Save the file as C:\Program Files\OpenVPN\easy-rsa\mike-laptop.ovpn (in this example. Each client will need a different, but similar, config file depending upon that client's Common Name.)
     2055. Save and close
     206
    185207
    186208== Copying the Server and Client Files to Their Appropriate Directories ==
    187209
    188 1. Copy these files from C:\Program Files\OpenVPN\easy-rsa\ to C:\Program Files\OpenVPN\config\ on the server:
     2101. Copy these files from C:\Program Files\OpenVPN\easy-rsa\keys\ to C:\Program Files\OpenVPN\config\ on the server:
    189211{{{
    190212ca.crt
    191 dh1024.pem
     213ta.key
     214dh2048.pem
    192215server.crt
    193216server.key
    194217server.ovpn
    195218}}}
    196 
    197 2. Copy these files from C:\Program Files\OpenVPN\easy-rsa\ on the server to C:\Program Files\OpenVPN\config\ on each client (mike-laptop, in this example):
     219{{{
     220robocopy "C:\Program Files\OpenVPN\easy-rsa\keys\ " "C:\Program Files\OpenVPN\config\ " ca.crt ta.key dh2048.pem server.crt server.key server.ovpn
     221}}}
     222 * NOTE: The space at the end of the path in each string is important.
     223
     2242. Copy these files from C:\Program Files\OpenVPN\easy-rsa\keys\ on the server to C:\Program Files\OpenVPN\config\ on each client (mike-laptop, in this example):
    198225{{{
    199226ca.crt
     227ta.key
    200228mike-laptop.crt
    201229mike-laptop.key
     
    216244A bug fix is anticipated ...
    217245
    218 
    219 
    220246== Further Considerations / Troubleshooting ==
    221247
    222248=== Firewall Configuration ===
    223 If you have connection problems, make sure to set a rule on your server's firewall allowing incoming traffic on UDP port 1194.
     249If you have connection problems, make sure to set a rule on your server's firewall allowing incoming traffic on UDP port 1194. (Win+R "wf.msc")
    224250
    225251=== Port Forwarding ===