Hello friends! Continuing the topic of VPN settings, today we will talk about OpenVPN, or rather, how to configure it on a server running the Windows operating system. The task, although simple, is multi-step, so we don't waste a minute and proceed.
1. Download the latest OpenVPN distribution from the official website.
2. Then everything is standard - start the installation and click Next . Pay attention to a couple of points.
At the stage of selecting components, make sure that all items from the list are checked.
OpenVPN_1
For example, we chose the installation path C: \ Program Files \ OpenVPN. You can specify any path, but do not forget to substitute the desired value in the next steps of our instruction.
3. Click Install . During installation, the system will offer to additionally install the TAP driver. Do not refuse, click Install again and wait for the installation to complete.
That's all with that. Now you need to generate certificates and keys.
4. Go to C: \ Program Files \ OpenVPN and create an ssl folder.
5. In the folder C: \ Program Files \ OpenVPN \ easy -rsa sozdayde file vars.bat , open it for editing and lead to the same mind: level 1 tech support
set HOME=%ProgramFiles%\OpenVPN\easy-rsa
set KEY_CONFIG=openssl-1.0.0.cnf
set KEY_DIR=keys
set KEY_SIZE=2048
set KEY_COUNTRY=UA
set KEY_PROVINCE=Kiev
set KEY_CITY=Kiev
set KEY_ORG=Tucha
set KEY_EMAIL=vpntest@tucha.ua
set KEY_CN=TUCHA
set KEY_OU=TUCHA
set KEY_NAME=server.domain.ua
set PKCS11_MODULE_PATH=TUCHA
set PKCS11_PIN=12345678
It is better to check the KEY_CONFIG value by the name of the corresponding file in the easy-rsa folder , and KEY_NAME is the full name of the server.
6. Run the command line: Win + R> cmd> OK.
7. One by one, run the following commands in a line:
cd %ProgramFiles%\OpenVPN\easy-rsa
vars.bat
clean-all.bat
vars.bat
build-ca.bat
After that, the system will start asking for confirmation of the data that we changed in the configuration file (point 5). Confirm them with Enter .
8. Run two more commands in the line:
build-dh.bat
build-key-server.bat ****
Where **** is the name of the certificate.
9. Confirm the prompts with Enter .
The system will ask you two questions:
Sign the certificate? [y/n]
1 out of 1 certificate requests certified, commit? [y/n]
Both answer in the affirmative: the Y .
10. Transfer the contents of the C: \ Program Files \ OpenVPN \ easy-rsa \ keys folder to the previously created C: \ Program Files \ OpenVPN \ ssl.
Now to the server settings.
11. Go to C: \ Program Files \ OpenVPN \ config and create a server.ovpn file . Open it and make it look similar:
port 443
proto udp
dev tun
dev-node "VPN Server"
dh "C:\\Program Files\\OpenVPN\\ssl\\dh2048.pem"
ca "C:\\Program Files\\OpenVPN\\ssl\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\ssl\\cert.crt"
key "C:\\Program Files\\OpenVPN\\ssl\\cert.key"
server 172.16.10.0 255.255.255.0
max-clients 32
keepalive 10 120
client-to-client
comp-lzo
persist-key
persist-tun
cipher DES-CBC
status "C:\\Program Files\\OpenVPN\\log\\status.log"
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
verb 4
mute 20
The value of the port select any of the available network ports, and dev-node - network interface.
12. Open adapter management in Windows network connections and rename the TAP adapter according to dev-node (in our case it is "VPN Server").
13. Open Windows services: Win + R> services.msc> OK.
14. Find the OpenVpnService service, open it, select Automatic in the Sturtup type field and click Start . Done, the VPN server is running.
Now you need to configure the client.
15. Go to C: \ Program Files \ OpenVPN \ easy-rsa \ keys and clear the index.txt file .
16. Start the command line and run the following commands:
cd %ProgramFiles%\OpenVPN\easy-rsa
vars.bat
build-key.bat clients
17. Go back to C: \ Program Files \ OpenVPN \ easy-rsa \ keys, copy the clients.crt , clients.key , ca.crt , dh2048.pem files and transfer them to the client machine.
18. Install OpenVPN on the client computer in the same way as described at the very beginning of the instructions.
19. Go to C: \ Program Files \ OpenVPN \ config on the client computer and copy there the clients.crt , clients.key , ca.crt , dh2048.pem files that you transferred from the server.
20. Open Notepad as an administrator and insert the following entry:
client
resolv-retry infinite
nobind
remote ******** 443
proto udp
dev tun
comp-lzo
ca ca.crt
cert clients.crt
key clients.key
dh dh2048.pem
float
cipher DES-CBC
keepalive 10 120
persist-key
persist-tun
verb 0
Use the remote value to specify the server's IP address and port (in our case 443).
21. Save this file as config.ovpn in the C: \ Program Files \ OpenVPN \ config folder.
22. Run OpenVPN GUI as administrator. Right click on the OpenVPN icon in the system tray and select Connect . Done!
In the process, you may encounter some common problems, but all of them can be successfully solved using the logs in the C: \ Program Files \ OpenVPN \ log folder.
That's all. As you can see, nothing complicated, the main thing is not to get confused in the order of steps. :) Take care of safe Internet browsing and store your data on a secure server . And for all near-cloud issues, contact us for advice 24/7 .
No comments:
Post a Comment