Install and configure OpenVPN server and route all client internet traffic through VPN tunnel

Install and configure OpenVPN server and route all client internet traffic through the VPN tunnel.

My Test environment is

Server: Windows Server 2012 Datacenter OpenVPN Version : 2.4.6 Client Machine: Windows 10

Let start the server configuration.

  1. Download the installer from here and run it on the server computer.

Please install OpenVPN to C:\Program Files\OpenVPN During the install please select the below option

enter image description here

Once the installation complete do the below prerequisites

1.Enable IPEnableRouter on the registry. Go to the below location

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

On the right side edit "IPEnableRouter" and modify the value to Decimal "1" (See the image below)

enter image description here

2.Restart the Server 3.Open Service and start the "Routing and Remote Access" service and set the startup type to "Automatic" enter image description here

The below steps are copied from the following link.

https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide

Certificates and Keys

Navigate to the C:\Program Files\OpenVPN\easy-rsa folder in the command prompt: Press Windows Key + R Type "cmd.exe" and press Enter. cmd.exe Navigate to the correct folder:

cd "C:\Program Files\OpenVPN\easy-rsa"

Initialize the OpenVPN configuration:

init-config

NOTE: Only run init-config once, during installation.

Open the vars.bat file in a text editor:

notepad vars.bat

Edit the following lines in vars.bat, replacing "US", "CA," etc. with your company's information:

set KEY_COUNTRY=US
set KEY_PROVINCE=CA
set KEY_CITY=SanFrancisco
set KEY_ORG=OpenVPN
set KEY_EMAIL=mail@host.domain

Save the file and exit notepad.

Run the following commands:

vars

clean-all

Building Certificates and Keys

The certificate authority (CA) certificate and key:

build-ca

When prompted, enter your country, etc. These will have default values, which appear in brackets. For your "Common Name," a good choice is to pick a name to identify your company's Certificate

Authority. For example, "OpenVPN-CA":

Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:OpenVPN-CA
Email Address [mail@host.domain]:

The server certificate and key:

build-key-server server

When prompted, enter the "Common Name" as "server" When prompted to sign the certificate, enter "y" When prompted to commit, enter "y"

Client certificates and keys:

For each client, choose a name to identify that computer, such as "mike-laptop" in this example.

build-key mike-laptop

When prompted, enter the "Common Name" as the name you have chosen (e.g. "mike-laptop")

Repeat this step for each client computer that will connect to the VPN.

Generate Diffie Hellman parameters (This is necessary to set up the encryption)

build-dh

Configuration Files(Server)

Find the sample configuration files:

Start Menu -> All Programs -> OpenVPN -> OpenVPN Sample Configuration Files

Server Config File

Open server.ovpn

Find the following lines:

ca ca.crt
cert server.crt
key server.key
dh dh1024.pem

Edit them as follows:

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"

Save the file as C:\Program Files\OpenVPN\easy-rsa\server.ovpn

Client Config Files

This is similar to the server configuration

Open client.ovpn

Find the following lines:

ca ca.crt
cert client.crt
key client.key

Edit them as follows:

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\mike-laptop.crt"
key "C:\\Program Files\\OpenVPN\\config\\mike-laptop.key"

Notice that the name of the client certificate and key files depends upon the Common Name of each client. You can also include the ca, cert and key content in the client file. You have to copy the file content inside the tag , and .

Edit the following line, replacing "my-server-1" with your server's public Internet IP Address or Domain Name. remote my-server-1 1194

Save the file as C:\Program Files\OpenVPN\easy-rsa\mike-laptop.ovpn (in this example. Each client will need a different, but similar, config file depending upon that client's Common Name.) Copying the Server and Client Files to Their Appropriate Directories Copy these files from C:\Program Files\OpenVPN\easy-rsa\ to C:\Program Files\OpenVPN\config\ on the server:

ca.crt
dh1024.pem
server.crt
server.key
server.ovpn

Copy these files from C:\Program Files\OpenVPN\easy-rsa\ on the server to C:\Program Files\OpenVPN\config\ on each client :

ca.crt
mike-laptop.crt
mike-laptop.key
mike-laptop.ovpn

start the OpenVPN service on the server and connect OpenVPN on the client machine

Now use the below configuration for route clients internet traffic through Open VPN Tunnel

On the server config file add or enable the following lines

push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"

Save the config file and restart OpenVPN Service

On the client config file add or enable the following lines

redirect-gateway def1

Reconnect the client and it will route traffic through OpenVPN Tunnel.

Comments