Hello everybody! This video will show you how to set up an
OpenVPN server for Windows and configure an OpenVPN client, and how to organize data exchange
channels between remote offices. Sometimes people need to establish a link
between remote computers without spending extra money on equipment and software. In doing that, a well-known free program OpenVPN
can help a lot, as it provides free implementation of the VPN - virtual private network technology. In our channel, you can already find a video
on how to create a VPN server with standard Windows tools and how to connect to such server
from another PC. You will find the link in the description:
Here we go. So, we have two computers. One of them will be used as an OpenVPN server,
and the other as a client. We have to enable them to see each other in
the network, on the Internet, and enable them to use shared folders and files. Let’s begin the setup process. • Download OpenVPN from the official website
- choose the version corresponding to your system bitness. I will give the link to OpenVPN official website
in the description: • Start the installation. • At step 3, check the inactive boxes. • Leave other items at default. In the course of installation, the system
creates a virtual network adapter, TAP-Windows Adapter V9, and its drivers. It is for this interface that Open VPN will
assign the IP address and the OpenVPN subnet mask. Rename it into "ServerVPN". Later, I will use this name for the OpenVPN
server which I am going to create on this computer. After that:
• Launch the Command Prompt as Administrator. There is a special video in our channel about
all the ways of doing it, so feel free to watch it anytime. You will find the link in the description: • Go to the folder where OpenVPN has been
installed with the command CD: cd "C:\Program Files\OpenVPN\easy-rsa"
• Run “init-config.bat” • As a result, a file named “vars.bat”
will appear in the folder "C:\Program Files\OpenVPN\easy-rsa." If file extensions are not displayed in your
PC, turn this function on. It will make your work more convenient. There is also a good video about it. If you want, you can follow the link in the
description: • Open it with Notepad or Notepad++. This batch file will set the variables for
certificate generation. • In the part concerning the organization
and location, fill in your data. However, may skip filling in the data as it
can be modified later, and this data doesn’t affect the work of our VPN server, as it is
only for information Go back to the Command Prompt started by Administrator
and run the following commands: • cd "C:\Program Files\OpenVPN\easy-rsa"
• vars • clean-all - the answer should be two messages:
“1 file(s) copied 1.” If you see it, everything is fine. • build-dh - build a Diffie-Hellman parameter. If you run this command and see an error:
“ 'openssl' is not recognized as an internal or external command, operable program or batch
file,” then do the following: go to Properties (Control Panel / System
or right-click on This PC) Select Advanced system settings / Advanced
system settings / Advanced / Environment variables In the section “User Variables” click
on the setting Path and then Edit. In the windows that opens, click on Browse
directory and specify the path to the folder containing OpenVPN/bin. Ok
Ok Ok
After that, open the Command Prompt as Administrator again, and run the commands that I have described
earlier in this video, once again. The build-dh command should run all right. As a result, in the folder “easy-rsa/keys”
a new file named dh4096.pem will appear. After that, enter the commands in the following
order: • build-ca - create the main certificate. You’ll be asked some questions. You can change the data you have previously
given in the file vars.data - country, region, city, server name etc. Change the information if necessary. If you don’t make any changes, press Enter. As a result, in the folder “easy-rsa/keys”
two new files named “ca.crt” and “ca.key” will appear. • build-key-server ServerVPN, where "ServerVPN"
is the name of our VPN server. Once again, you will be asked some questions:
press Enter when you see two questions “Sign the certificate?” and “1 out of 1 certificate requests certified,
commit?”, press Y. •
as a result, in the folder “easy-rsa/keys” you wil see new files ServerVPN.crt, ServerVPN.csr,
ServerVPN.key. • Certificates for the server have been
created. Now let’s create client keys:
• build-key СlientVPN, where "СlientVPN " is the client name. The client certificate is going to be created. • Press Enter, but... • When asked about “Common Name (eg, your
name or your server's hostname)” you should enter the client name. In our case, it is СlientVPN. • In the end, press Y twice. • As a result, in the folder “easy-rsa/keys”
you will see new files СlientVPN.crt, СlientVPN.csr, СlientVPN.key. • For every client, a new certificate is
built, but with another name, for example, build-key СlientVPN1 and you should specify
it in the common name. • Now let’s generate the key “ta.key”
for packet authentication. To do it, run the command: openvpn --genkey
--secret keys/ta.key • As a result, in the folder “easy-rsa/keys”
a new file named ta.key will appear. OK, the key business is over. Now let’s move on to create the server’s
and the client’s configuration files. In the folder "C:\Program Files\OpenVPN\config”
create a text file named “ ServerVPN.ovpn” - it will be the server’s configuration,
and enter the following text there. I have already prepared a server file. Let’s examine it. dev-node "ServerVPN" - the network adapter
name of our OpenVPN server. This parameter is not obligatory, but it is
convenient to know what server this configuration file belongs to. mode server - the server’s mode of operation
port 12345 - the port to which the IP address of our server is reserved, as it follows the
router. I have already shown port forwarding in another
video. You will find the link in the description:
There is also a video about reserving an IP address to a computer. You will find the link in the description: proto tcp4-server - data transmission protocol
dev tun – tunnel mode tls-server – the cryptographic transmission
protocol tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key"
0 - the path to the file “ta.key.” Check it, because in your case it can be different. For the server, add 0 after the key path,
and 1 for the client Remember, that in OpenVPN the path is always
using two slash symbols. If it contains folder names made of several
words and separated by spaces, like “Program Files,” the entire path should be quoted. tun-mtu 1500 - packet size
tun-mtu-extra 32 - packet size mssfix 1450 - packet size Paths to keys:
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt" cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\
ServerVPN.crt" key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\
ServerVPN.key" dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem" server 10.10.10.0 255.255.255.0 – the range
of addresses allocated for a VPN network. It can be optional. client-to-client – allow the clients see
each other keepalive 10 120 – the so-called lifetime
of an inactive session cipher AES-128-CBC - Choice of encryption
cipher comp-lzo – set data compression setting
in the tunnel persist-key – don’t re-read key and tunnel
data when the connection is broken persist-tun– don’t re-read key and tunnel
data when the connection is broken client-config-dir "C:\\Program Files\\OpenVPN\\config"
– the path to the CLIENT’s configuration file on the server. This one we are going to create soon. verb 3 – debugging mode level
route-delay 5 – the time for creation and application of a route. In this case, it’s 5 seconds. route-method exe – this is how route data
is entered push "route 192.168.0.0 255.255.255.0" - this
command lets the client know about the server’s subnet. That is why 192.168.0.0 – indicates the
server’s subnet. route 192.168.182.0 255.255.255.0 – enable
visibility for the network server and client addresses. That is why 192.168.182.0 – indicates the
client’s subnet. That’s all. Let’s try starting the server: Double-click
on the desktop shortcut OpenVPN Gui or open the file "C:\Program Files\OpenVPN\bin\openvpn-gui.exe". The OpenVPN icon will appear in the taskbar. Right-click on it and select Connect. If it turns green in several seconds, it’s
all right - the server is running. If it doesn’t happen, read the log file
in the folder С:/Users/UserName/OpenVPN/Server.log. If an error occurs, it will be described in
this file, and you’ll be able to fix it. As you can see, in our case the server works
all right. Next. In the folder config, create a file without
extension and name it just as the server - ClientVPN. Open it with Notepad and enter the following:
ifconfig-push 10.10.10.5 10.10.10.6 – this way, we assign to the client the IP address
10.10.10.5 or 6. The addresses can be different. iroute 192.168.182.0 255.255.255.0 - inform
the server, that network 192.168.254.0 belongs to the client # disable - if you uncomment this line, the
client will be disconnected. It’s good for cases when you need to disconnect
a client from the server, while others will be working as usual. That’s all. Save it. Install OpenVPN on the client’s computer
as well, and you don’t have to check all the boxes. Copy the following files from the folder "C:\Program
Files\OpenVPN\easy-rsa/keys" on the server computer:
• ca.crt • ClientVPN.crt
• ClientVPN.key • ta.key
Transfer them to the computer with an OpenVPN client, into the folder C:\Program Files\OpenVPN\config. In the same folder, create a file Client.ovpn,
and enter this data: remote 176.122.115.66 - address of the server
where to connect to client - let the client take the routing data
from the server (push options) port 12345 - The port for OpenVPN
proto tcp4-client - Specify the protocol for OpenVPN
dev tun - Interface type tls-client - The cryptographic transmission
protocol tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key"
1 - the path to the file “ta.key.” Check it, because in your case it can be different. For the server, add 0 after the key path,
and 1 for the client remote-cert-tls server - Protection
tun-mtu 1500 - packet size tun-mtu-extra 32 - packet size
tun-mtu 1450 - packet size Paths to keys:
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt" cert "C:\\Program Files\\OpenVPN\\config\\ClientVPN.crt"
key "C:\\Program Files\\OpenVPN\\config\\ClientVPN.key" cipher AES-128-CBC - Choice of encryption
cipher comp-lzo – set data compression setting
in the tunnel persist-key – don’t re-read key and tunnel
data when the connection is broken persist-tun– don’t re-read key and tunnel
data when the connection is broken verb 3 – debugging mode level
mute 20 - the number of repeating messages That’s all. Save it. Now, one more thing. To enable ping to internal addresses of our
Server and Client, turn on Routing and Remote Access service. To do it:
• Start the Registry Editor • Open the following key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TcpIP\Parameters • Find PEnableRouter
• Change its value data to “1” (one) • Don’t forget to restart the computer
for the changes to take effect! It should be done for both computers, the
server and the client. Next. Set up firewalls and antiviruses on the client
and server computers to allow free passage of data packets. I will not go into details as everything depends
on the particular software they have installed. After that, start the server. Start OpenVPN Gui or Server.ovpn. The server is running now. After it is connected, start OpenVPN on the
Client computer. Start OpenVPN Gui or Client.ovpn. When it is connected, test the link: in the
command prompt, enter “ping” and the address assigned to the client or the server. It depends on the computer from which you
test the link. If the ping gets through, then all settings
are correct. Now let’s try accessing the shared folders:
• first, from the server to the client. • As you can see, access is possible. • Now, from the client to the server. • This way, access is also possible. That’s all. As you can see, a VPN connection with OpenVPN
is created. Computers can access each other in both directions. Hit the Like button and subscribe to Hetman
Software channel. Ask questions in your comments. Thank you for watching. Good luck.
