Version 4 (modified by eliyak, 11 years ago) (diff)


Easy Windows Guide

This page will contain a no-frills guide to getting OpenVPN up and running on a Windows server and client(s). For a more detailed understanding of setting up OpenVPN and its advanced features, see the HOWTO page.

Download and Install OpenVPN

  1. Download the installer from here and run it.

Create Certificates and Keys

Preperatory steps

  1. Navigate to the C:\Program Files\OpenVPN\easy-rsa folder in the command prompt:
    1. Press Windows Key + R
    2. Type "cmd.exe" and press Enter.
    3. Navigate to the correct folder:
      cd "C:\Program Files\OpenVPN\easy-rsa"
  1. Initialize the OpenVPN configuration:
    • NOTE: Only run init-config once, during installation.
  1. Open the vars.bat file in a text editor:
    notepad vars.bat
  1. Edit the following lines in vars.bat, replacing "US", "CA," etc. with your company's information:
    set KEY_CITY=SanFrancisco
    set KEY_ORG=OpenVPN
    set KEY_EMAIL=mail@host.domain
  1. Save the file and exit notepad.
  1. Run the following commands:

Build your certificates and keys

  1. The certificate authority (CA) certificate and key:
    • When prompted, enter your country, etc. These will have default values, which appear in brackets. For your "Common Name," a good choice is to pick a name to identify your company's Certificate Authority. For example, "OpenVPN-CA":
      Country Name (2 letter code) [US]:
      State or Province Name (full name) [CA]:
      Locality Name (eg, city) [SanFrancisco]:
      Organization Name (eg, company) [OpenVPN]:
      Organizational Unit Name (eg, section) []:
      Common Name (eg, your name or your server's hostname) []:OpenVPN-CA
      Email Address [mail@host.domain]:
  1. The server certificate and key:
    build-key-server server
    • When prompted, enter the "Common Name" as "server"
    • When prompted to sign the certificate, enter "y"
    • When prompted to commit, enter "y"
  1. Client certificates and keys:
  1. For each client, choose a name to identify that computer, such as "mike-laptop" in this example.
    build-key mike-laptop
    • When prompted, enter the "Common Name" as the name you have chosen (e.g. "mike-laptop")
  2. Repeat this step for each client computer that will connect to the VPN.
  1. Generate Diffie Hellman parameters a.

Configuration Files

  1. Find the sample configuration files:
    Start Menu -> All Programs -> OpenVPN -> OpenVPN Sample Configuration Files

Further Considerations / Troubleshoting

Your server will need to have a static IP or DNS to be accessible over the long term. One solution is to sign up for an account with DynDNS and install the DynDNS Updater on your server. This account will determine the static DNS of your server. (For example, "")