Changes between Version 5 and Version 6 of Easy_Windows_Guide


Ignore:
Timestamp:
10/27/10 02:45:46 (13 years ago)
Author:
eliyak
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • Easy_Windows_Guide

    v5 v6  
    33This page will contain a no-frills guide to getting OpenVPN up and running on a Windows server and client(s). For a more detailed understanding of setting up OpenVPN and its advanced features, see the [http://www.openvpn.net/index.php/open-source/documentation/howto.html HOWTO page].
    44
    5 == Download and Install OpenVPN ==
    6 
    7 1. Download the installer from [http://www.openvpn.net/release/openvpn-2.1.3-install.exe here] and run it.
     5== Downloading and Installing OpenVPN ==
     6
     71. Download the installer from [http://www.openvpn.net/release/openvpn-2.1.3-install.exe here] and run it on the server computer.
     8
     92. Install OpenVPN on each client. (This step can be skipped for now and done at any convenient time)
    810
    911== Create Certificates and Keys ==
    1012
    11 === Preperatory steps ===
     13=== Preparatory Steps ===
    1214
    13151. Navigate to the C:\Program Files\OpenVPN\easy-rsa folder in the command prompt:
     
    8688 b. Repeat this step for each client computer that will connect to the VPN.
    8789
    88 4. Generate Diffie Hellman parameters
    89  a.
     904. Generate Diffie Hellman parameters (This is necessary to set up the encryption)
    9091{{{
    9192build-dh
     
    122123}}}
    123124
    124 4. Save the file as C:\Program Files\OpenVPN\config\server.ovpn
     1254. Save the file as C:\Program Files\OpenVPN\easy-rsa\server.ovpn
    125126
    126127=== Client Config Files ===
    127 This is similar to the server
    128 
    129 == Further Considerations / Troubleshoting ==
    130 
    131 == Port Forwarding ==
     128This is similar to the server configuration
     1291. Open client.ovpn
     1302. Find the following lines:
     131{{{
     132ca ca.crt
     133cert client.crt
     134key client.key
     135}}}
     1363. Edit them as follows:
     137{{{
     138ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
     139cert "C:\\Program Files\\OpenVPN\\config\\mike-laptop.crt"
     140key "C:\\Program Files\\OpenVPN\\config\\mike-laptop.key"
     141}}}
     142 * Notice that the name of the client certificate and key files depends upon the Common Name of each client.
     1434. Edit the following line, replacing "my-server-1" with your server's public Internet IP Address or Domain Name. If you need help, see [[#Static Internet IP|Static Internet IP]] below.
     144{{{
     145remote my-server-1 1194
     146}}}
     1475. Save the file as C:\Program Files\OpenVPN\easy-rsa\mike-laptop.ovpn (in this example. Each client will need a different, but similar, config file depending upon that client's Common Name.)
     148
     149== Copying the Server and Client Files to Their Appropriate Directories ==
     150
     1511. Copy these files from C:\Program Files\OpenVPN\easy-rsa\ to C:\Program Files\OpenVPN\config\ on the server:
     152{{{
     153ca.crt
     154dh1024.pem
     155server.crt
     156server.key
     157server.ovpn
     158}}}
     159
     1602. Copy these files from C:\Program Files\OpenVPN\easy-rsa\ on the server to C:\Program Files\OpenVPN\config\ on each client (mike-laptop, in this example):
     161{{{
     162ca.crt
     163mike-laptop.crt
     164mike-laptop.key
     165mike-laptop.ovpn
     166}}}
     167
     168== Starting OpenVPN ==
     169
     1701. On both client and server, run OpenVPN from:
     171{{{
     172Start Menu -> All Programs -> OpenVPN -> OpenVPN GUI
     173}}}
     174
     1752. Double click the icon which shows up in the system tray to initiate the connection. The resulting dialog should close upon a successful start.
     176
     177== Further Considerations / Troubleshooting ==
     178
     179=== Firewall Configuration ===
     180If you have connection problems, make sure to set a rule on your server's firewall allowing incoming traffic on UDP port 1194.
     181
     182=== Port Forwarding ===
    132183
    133184If your server is behind a router, you will need to forward the port chosen for OpenVPN (in this example UDP 1194) to the server. Consult your router's documentation for details on this.
    134185
    135 To set up port forwarding, you will likely need to set up the server with a static local IP address instead of the default dynamic (changing) IP. Instructions for Windows XP may be found [http://www.ehow.com/how_4393725_static-ip-address-win-xp.html here]. Make sure to choose a static IP address that is not in the range your router might assign as a dynamic IP.
    136 
    137 == Static Internet IP ==
    138 
    139 Your server will need to have a static internet IP or Domain Name to be accessible over the long term. One solution is to sign up for an account with DynDNS and install the DynDNS Updater on your server. When signing up you will determine the static DNS of your server. (For example, "myserver.dyndns.org")
     186To set up port forwarding, you will likely need to set up the server with a static local IP address instead of the default dynamic (changing) IP. Instructions for Windows XP may be found [http://www.ehow.com/how_4393725_static-ip-address-win-xp.html here]. Make sure to choose a static IP address that is not in the range your router might assign as a dynamic IP, but is within the router's subnet (usually 192.168.0.xxx , 10.0.0.xxx , or similar).
     187
     188=== Static Internet IP ===
     189
     190Your server will need to have a static internet IP or Domain Name to be accessible over the long term. One solution is to sign up for an account with DynDNS and install the DynDNS Updater on your server. When signing up you will determine the static Domain Name of your server. (For example, "myserver.dyndns.org") You will use this Domain Name in the client configuration files as part of the "remote" directive.
     191
     192=== OpenVPN as a Service ===
     193Running OpenVPN as a service will allow:
     194a. OpenVPN to be run from a non-administrator account.
     195b. OpenVPN to be started automatically on system startup. This is often preferred on the server machine, as well as any machines which will be constantly connected to the server.
     196
     1971. Run the Windows Service administrative tool:
     198 a. Press Windows Key + R
     199 b. Type "services.msc" and press Enter.
     200{{{
     201services.msc
     202}}}
     203
     2042. Find the OpenVPN service, and set its Startup Type to "automatic."
     205
     2063. Optionally, start the service now.
     207
     208=== Security Tips ===
     209
     2101. Transmit all needed files to the client computers using a secure means such as a USB drive (email is not always a secure means).
     211
     2122. Choose a port other than UDP 1194, and replace the port number wherever this guide mentions UDP port 1194.