Install and configure OpenVPN server and route all client internet traffic through the VPN tunnel.
My Test environment is
Server: Windows Server 2012 Datacenter OpenVPN Version : 2.4.6 Client Machine: Windows 10
Let start the server configuration.
- Download the installer from here and run it on the server computer.
Please install OpenVPN to C:\Program Files\OpenVPN During the install please select the below option
Once the installation complete do the below prerequisites
1.Enable IPEnableRouter on the registry. Go to the below location
On the right side edit "IPEnableRouter" and modify the value to Decimal "1" (See the image below)
2.Restart the Server 3.Open Service and start the "Routing and Remote Access" service and set the startup type to "Automatic"
The below steps are copied from the following link.
Certificates and Keys
Navigate to the C:\Program Files\OpenVPN\easy-rsa folder in the command prompt: Press Windows Key + R Type "cmd.exe" and press Enter. cmd.exe Navigate to the correct folder:
cd "C:\Program Files\OpenVPN\easy-rsa"
Initialize the OpenVPN configuration:
NOTE: Only run init-config once, during installation.
Open the vars.bat file in a text editor:
Edit the following lines in vars.bat, replacing "US", "CA," etc. with your company's information:
set KEY_COUNTRY=US set KEY_PROVINCE=CA set KEY_CITY=SanFrancisco set KEY_ORG=OpenVPN set KEY_EMAILemail@example.com
Save the file and exit notepad.
Run the following commands:
Building Certificates and Keys
The certificate authority (CA) certificate and key:
When prompted, enter your country, etc. These will have default values, which appear in brackets. For your "Common Name," a good choice is to pick a name to identify your company's Certificate
Authority. For example, "OpenVPN-CA":
Country Name (2 letter code) [US]: State or Province Name (full name) [CA]: Locality Name (eg, city) [SanFrancisco]: Organization Name (eg, company) [OpenVPN]: Organizational Unit Name (eg, section) : Common Name (eg, your name or your server's hostname) :OpenVPN-CA Email Address [firstname.lastname@example.org]:
The server certificate and key:
When prompted, enter the "Common Name" as "server" When prompted to sign the certificate, enter "y" When prompted to commit, enter "y"
Client certificates and keys:
For each client, choose a name to identify that computer, such as "mike-laptop" in this example.
When prompted, enter the "Common Name" as the name you have chosen (e.g. "mike-laptop")
Repeat this step for each client computer that will connect to the VPN.
Generate Diffie Hellman parameters (This is necessary to set up the encryption)
Find the sample configuration files:
Start Menu -> All Programs -> OpenVPN -> OpenVPN Sample Configuration Files
Server Config File
Find the following lines:
ca ca.crt cert server.crt key server.key dh dh1024.pem
Edit them as follows:
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt" cert "C:\\Program Files\\OpenVPN\\config\\server.crt" key "C:\\Program Files\\OpenVPN\\config\\server.key" dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
Save the file as C:\Program Files\OpenVPN\easy-rsa\server.ovpn
Client Config Files
This is similar to the server configuration
Find the following lines:
ca ca.crt cert client.crt key client.key
Edit them as follows:
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt" cert "C:\\Program Files\\OpenVPN\\config\\mike-laptop.crt" key "C:\\Program Files\\OpenVPN\\config\\mike-laptop.key"
Notice that the name of the client certificate and key files depends upon the Common Name of each client.
You can also include the ca, cert and key content in the client file. You have to copy the file content inside the tag
Edit the following line, replacing "my-server-1" with your server's public Internet IP Address or Domain Name. remote my-server-1 1194
Save the file as C:\Program Files\OpenVPN\easy-rsa\mike-laptop.ovpn (in this example. Each client will need a different, but similar, config file depending upon that client's Common Name.) Copying the Server and Client Files to Their Appropriate Directories Copy these files from C:\Program Files\OpenVPN\easy-rsa\ to C:\Program Files\OpenVPN\config\ on the server:
ca.crt dh1024.pem server.crt server.key server.ovpn
Copy these files from C:\Program Files\OpenVPN\easy-rsa\ on the server to C:\Program Files\OpenVPN\config\ on each client :
ca.crt mike-laptop.crt mike-laptop.key mike-laptop.ovpn
start the OpenVPN service on the server and connect OpenVPN on the client machine
Now use the below configuration for route clients internet traffic through Open VPN Tunnel
On the server config file add or enable the following lines
push "dhcp-option DNS 220.127.116.11" push "redirect-gateway def1"
Save the config file and restart OpenVPN Service
On the client config file add or enable the following lines
Reconnect the client and it will route traffic through OpenVPN Tunnel.