Install and configure OpenVPN server and route all client internet traffic through the VPN tunnel.
My Test environment is
Server: Windows Server 2012 Datacenter OpenVPN Version : 2.4.6 Client Machine: Windows 10
Let start the server configuration.
- Download the installer from here and run it on the server computer.
Please install OpenVPN to C:\Program Files\OpenVPN During the install please select the below option
Once the installation complete do the below prerequisites
1.Enable IPEnableRouter on the registry. Go to the below location
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
On the right side edit "IPEnableRouter" and modify the value to Decimal "1" (See the image below)
2.Restart the Server 3.Open Service and start the "Routing and Remote Access" service and set the startup type to "Automatic"
The below steps are copied from the following link.
https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide
Certificates and Keys
Navigate to the C:\Program Files\OpenVPN\easy-rsa folder in the command prompt: Press Windows Key + R Type "cmd.exe" and press Enter. cmd.exe Navigate to the correct folder:
cd "C:\Program Files\OpenVPN\easy-rsa"
Initialize the OpenVPN configuration:
init-config
NOTE: Only run init-config once, during installation.
Open the vars.bat file in a text editor:
notepad vars.bat
Edit the following lines in vars.bat, replacing "US", "CA," etc. with your company's information:
set KEY_COUNTRY=US
set KEY_PROVINCE=CA
set KEY_CITY=SanFrancisco
set KEY_ORG=OpenVPN
set KEY_EMAIL=mail@host.domain
Save the file and exit notepad.
Run the following commands:
vars
clean-all
Building Certificates and Keys
The certificate authority (CA) certificate and key:
build-ca
When prompted, enter your country, etc. These will have default values, which appear in brackets. For your "Common Name," a good choice is to pick a name to identify your company's Certificate
Authority. For example, "OpenVPN-CA":
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:OpenVPN-CA
Email Address [mail@host.domain]:
The server certificate and key:
build-key-server server
When prompted, enter the "Common Name" as "server" When prompted to sign the certificate, enter "y" When prompted to commit, enter "y"
Client certificates and keys:
For each client, choose a name to identify that computer, such as "mike-laptop" in this example.
build-key mike-laptop
When prompted, enter the "Common Name" as the name you have chosen (e.g. "mike-laptop")
Repeat this step for each client computer that will connect to the VPN.
Generate Diffie Hellman parameters (This is necessary to set up the encryption)
build-dh
Configuration Files(Server)
Find the sample configuration files:
Start Menu -> All Programs -> OpenVPN -> OpenVPN Sample Configuration Files
Server Config File
Open server.ovpn
Find the following lines:
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
Edit them as follows:
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
Save the file as C:\Program Files\OpenVPN\easy-rsa\server.ovpn
Client Config Files
This is similar to the server configuration
Open client.ovpn
Find the following lines:
ca ca.crt
cert client.crt
key client.key
Edit them as follows:
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\mike-laptop.crt"
key "C:\\Program Files\\OpenVPN\\config\\mike-laptop.key"
Notice that the name of the client certificate and key files depends upon the Common Name of each client.
You can also include the ca, cert and key content in the client file. You have to copy the file content inside the tag
Edit the following line, replacing "my-server-1" with your server's public Internet IP Address or Domain Name. remote my-server-1 1194
Save the file as C:\Program Files\OpenVPN\easy-rsa\mike-laptop.ovpn (in this example. Each client will need a different, but similar, config file depending upon that client's Common Name.) Copying the Server and Client Files to Their Appropriate Directories Copy these files from C:\Program Files\OpenVPN\easy-rsa\ to C:\Program Files\OpenVPN\config\ on the server:
ca.crt
dh1024.pem
server.crt
server.key
server.ovpn
Copy these files from C:\Program Files\OpenVPN\easy-rsa\ on the server to C:\Program Files\OpenVPN\config\ on each client :
ca.crt
mike-laptop.crt
mike-laptop.key
mike-laptop.ovpn
start the OpenVPN service on the server and connect OpenVPN on the client machine
Now use the below configuration for route clients internet traffic through Open VPN Tunnel
On the server config file add or enable the following lines
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"
Save the config file and restart OpenVPN Service
On the client config file add or enable the following lines
redirect-gateway def1
Reconnect the client and it will route traffic through OpenVPN Tunnel.
Comments