Wednesday 17 September 2014

Install and configure latest OpenVPN Server and Client on Windows machine

ON VPN SERVER :

1. On windows machine Enabling TCP/IP Forwarding

    Use Registry Editor (Regedt32.exe) to view the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    Set the following registry value:
    Value Name: IPEnableRouter
    Value type: REG_DWORD
    Value Data: 1
    NOTE: A value of 1 enables TCP/IP forwarding for all network connections installed and used by this computer.

2. Install openvpn (openvpn-install-2.3.4-I603-x86_64) with full packages, you will get easy-rsa tools
3. Create certificate for server and client
cd cd "Program Files\OpenVPN\easy-rsa"
C:\Program Files\OpenVPN\easy-rsa>init-config.bat  ( it's simply copy vars.bat.sample to vars.bat )
C:\Program Files\OpenVPN\easy-rsa>vars.bat         ( open vars and modify according to our requirement , like
set KEY_COUNTRY=IN
set KEY_PROVINCE=DL
set KEY_CITY=DELHI
set KEY_ORG=ABC
set KEY_EMAIL=abc@gmail.com
set KEY_CN=DELHI-IN
set KEY_NAME=DELHI-IN
set KEY_OU=ABCXYZ
set PKCS11_MODULE_PATH=changeme
set PKCS11_PIN=1234
C:\Program Files\OpenVPN\easy-rsa>clean-all.bat
C:\Program Files\OpenVPN\easy-rsa>build-ca.bat
C:\Program Files\OpenVPN\easy-rsa>build-key-server server
C:\Program Files\OpenVPN\easy-rsa>build-key client
note : please be sure Common Name value and Name value should be change
C:\Program Files\OpenVPN\easy-rsa>build-dh.bat

4. All keys files are stored in keys folder (C:\Program Files\OpenVPN\easy-rsa\keys) copy ca.crt, server.crt, server.key,dh1024.pem and
past in C:\Program Files\OpenVPN\config folder
5. copy server.ovpn from server (C:\Program Files\OpenVPN\sample-config\) and past in (C:\Program Files\OpenVPN\config) folder

6. open server.ovpn and make below changes and save it.

Server config :

local 192.168.1.20    (OpenVPN Server ip)
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"   (OpenVPN server network ips)
push "dhcp-option DOMAIN xxxx.com"    (if you are using domain)
client-to-client
keepalive 10 120
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

7. Go to services.msc and make openVpn to start automatic on system start.

8. Be sure udp 1194 port should be open on firewall.

DONE................... server configuration

openVPN client configuration :

1. Install openvpn (openvpn-install-2.3.4-I603-x86_64) on default mode.
2. copy copy ca.crt, client.crt, client.key from server and past in client machine C:\Program Files\OpenVPN\config
3. copy client.ovpn from server (C:\Program Files\OpenVPN\sample-config\) and past it on client machine (C:\Program Files\OpenVPN\config)

4. open client.ovpn and make below changes
client config :
client
dev tun
proto udp
remote openvpn server ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 3

5. Click on OpenVPN GUI and connect to OpenVPN SERVER


or

OpenVPN GUI connect command line

cd C:\Program Files\OpenVPN\bin
openvpn-gui.exe --config client.ovpn or openvpn.exe --config client.ovpn

Done!.....

No comments:

Post a Comment

Install XRDP in Centos 7

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum update yum groupinstall "GNOME Desktop" ...