How to install OpenVPN client and OpenVPN server on Windows

Download and install

Download  OpenVPN GUI from https://openvpn.net/index.php/open-source/downloads.html

install

Download and install OpenSSL. You could take it from https://slproweb.com/products/Win32OpenSSL.html for from GitHUB

openSSL setup

 

Install OpenVPN on each client and on server.

Certificates and Keys 

You will have to build OpenVPN certficate and keys on server and distribute them to each of the clients. All keys are generated only on OpenVPN server machine and then copied to each client.

You will use the easy rsa configurator in order to produce your OpenVPN keys. One cmd.exe windows will be opened and will not be closed until everything is configured.

  1. Start cmd.exe as administrator
  2. Go to C:\Program Files\OpenVPN\easy-rsa
  3. from cmd execute init-config
  4. with a text editor open vars.bat and update these entries with your own values for country, province, city and email. everything else is optional.
    1. set KEY_COUNTRY=US
    2. set KEY_PROVINCE=CA
    3. set KEY_CITY=SanFrancisco
    4. set KEY_ORG=OpenVPN
    5. set KEY_EMAIL=mail@host.domain
  5. save the file and execute it from the same cmd that you already have open with administrator priviledges
  6. execute clean-all

 

Building Certificates and Keys

The certificate authority (CA) certificate and key:

In the same cmd windows already open, execute  build-ca. When prompted  press enter to keep current configs or enter new ones. It would be nice to add a name for organization name.

The server certificate and key:

In the same cmd.exe already opened for openVPN, execute build-key-server myServer. Common name should be “myServer” or anything else that would identify this OpenVPN as server.

Choose y to to sign the certificate and again  to  commit.

 

Certificates and keys for clients

For each client generate its own key. Using the same  cmd.exe opened where everything was already configured for OpenVPN type  and execute build-key myClient.Common Name should be  myClient or anything that would identify to as client machine.

Generate Diffie Hellman parameters

This is necessary for OpenVPN encryption. Execute build-dh.

Configuration Files 

In order to create config files you will start from existing sample config files. These OpenVPN Start Menu -> All Programs -> OpenVPN -> OpenVPN Sample Configuration Files

You will edit these files from sample folder and save them under config folder.

For OpenVPNserver, edit server.ovpn file and update the lines below to point to your config files that were generated. Update

ca ca.crt
cert server.crt
key server.key
dh dh1024.pem

to

ca “C:\\Program Files\\OpenVPN\\config\\ca.crt”
cert “C:\\Program Files\\OpenVPN\\config\\myServer.crt”
key “C:\\Program Files\\OpenVPN\\config\\myServer.key”
dh “C:\\Program Files\\OpenVPN\\config\\dh1024.pem”

In case you installed OpenvPN 32bit version, it should be under C:\\Program Files x86. Please make sure to point OpenVPN configuration to existing folder. Save this file as myServer.ovpn

 

Client Config Files

Open client.ovpn and update:

ca ca.crt
cert client.crt
key client.key

to

ca “C:\\Program Files\\OpenVPN\\config\\ca.crt”
cert “C:\\Program Files\\OpenVPN\\config\\myClient.crt”
key “C:\\Program Files\\OpenVPN\\config\\myClient.key”

Update the IP of the OpenVPN server in config file. Change the line 

remote my-server-1 1194  to something like

remote 86.123.222.333 1194

where 86.123.222.333 is the external IP of your server. If you want to find the IP of the server go to http://www.google.de/search?q=show+my+ip

Copying config files on server

All the files updated or generated now should be copied to  OpenVPN config folder.

Copy them from C:\Program Files\OpenVPN\easy-rsa\ to C:\Program files\OpenVPN\config\

ca.crt
dh1024.pem
server.crt
server.key
server.ovpn

 

Copying config files on client

ca.crt
myClient.crt
myClient.key
myClient.ovpn

 

Start OpenVPN

It is recommended to start OpenVPN as a service on server computer and configure it for autostart. On client computer start OpenVPN GUI. When you see it in taskbar, right click on it then click on Connect.

startOpenVPNGui

It should look similar to

connectOpenVPN

If at the end, the icon is green then OpenVPN  configuration succeeded and you can start using it. In order to see your new IP go to http://www.google.de/search?q=show+my+ip 

If you notice any issues, please make sure to start OpenVPN GUI as administrator.

If there is no error from OpenVPN but it is not able to connect, make sure that you configured the correct ports. Read here more about how to configure ports on your router for OpenVPN.