57 | | Use the latest available OpenVPN and generate certificates and keys with [https://github.com/OpenVPN/easy-rsa/ EasyRSA 3] for example. |
| 59 | Overview of the steps: |
| 60 | |
| 61 | * Install the latest OpenVPN 2.x on OpenVPN (Linux) server |
| 62 | * Install the latest OpenVPN 2.x on the HLK clients |
| 63 | * Install test-signed (to-be-HLK-tested) tap-windows6 driver on the HLK clients |
| 64 | * Generate certificates and keys for OpenVPN with [https://github.com/OpenVPN/easy-rsa/ EasyRSA 3] and "openvpn --genkey" |
| 65 | * Create and install configs for OpenVPN server and clients with embedded keys/certificates |
| 66 | * Ensure that OpenVPN is enabled and running on server and clients |
| 67 | * Verify OpenVPN connectivity |
| 68 | |
| 69 | == OpenVPN configuration files == |
| 149 | == Enable OpenVPN on server and clients == |
| 150 | |
| 151 | Once OpenVPN server and clients are configured properly make sure that OpenVPN is running and automatically starts on boot. On OpenVPN (Linux) server you'd do |
| 152 | |
| 153 | {{{ |
| 154 | $ systemctl enable openvpn-server@hlk |
| 155 | $ systemctl start openvpn-server@hlk |
| 156 | }}} |
| 157 | |
| 158 | On OpenVPN clients you'd do this from an administrator Powershell session: |
| 159 | |
| 160 | {{{ |
| 161 | PS> Set-Service OpenVPNService -StartupType Automatic -Status Running |
| 162 | }}} |
| 163 | |
| 164 | == Testing OpenVPN connectivity == |
| 165 | |
| 166 | Assuming the above OpenVPN config you can very correct OpenVPN / tap-windows6 operation easily: |
| 167 | |
| 168 | * Verify that the TAP adapter has an IPv6 address (e.g. using ipconfig) |
| 169 | * Ensure that the HLK client can ping the following VPN server addresses: |
| 170 | * 10.218.112.1 |
| 171 | * 2001:db8:6666::2 |
| 172 | |