![]() ![]() C:\Program Files\OpenVPN\easy-rsa> build-dhįinally copy the key, certificate and DH file to the OpenVPN config folder. The server also needs Diffie Hellman parameters. You can leave the challange password and optional company name blank. ![]() Common Name (eg, your name or your server's hostname) : This is best set to the hostname of the server. C:\Program Files\OpenVPN\easy-rsa> varsĬ:\Program Files\OpenVPN\easy-rsa> build-key-server widgetĮxecuting the vars.bat is not necessary if you do this straight after creating the CA because the environment will still be set (but it doesn't hurt).Īs with generating the root certificate, most of the details will default to the correct values but you will need to enter a "Common Name". Once the CA has been set up, we can generate a key and certificate for the server. The Certificate Authority key (ca.key) is particularly important - if it is lost or comprimised then you will have to replace all your keys and certificates. Important: Key files (.key) are very sensitive and should be kept safe and never sent over insecure (unencrypted) channels. C:\Program Files\OpenVPN\easy-rsa> copy keys\ca.crt. The ca.crt file (root certificate) should be copied to the OpenVPN config folder. Keys and certificates are created in the keys subfolder. Common Name (eg, your name or your server's hostname) : Administrator Most of these will default to the values that you entered into vars.bat, but you will need to choose a "Common Name" for the certificate. You will be asked to enter some details for the root certificate. C:\Program Files\OpenVPN\easy-rsa> varsĬ:\Program Files\OpenVPN\easy-rsa> clean-allĬ:\Program Files\OpenVPN\easy-rsa> build-ca Set KEY_EMAIL= create the keys folder and the root certificate itself. Next edit vars.bat and change the "KEY_" settings at the bottom of the file. C:\Program Files\OpenVPN\easy-rsa> init-config You should only do this once as it will wipe out any existing certificates, keys and settings. The easy-rsa scripts make this pretty straightforward.įirst we need to initialise easy-rsa. You need a Certificate Authority (CA) to sign your client and server certificates. In this example the max-clients has been set to 4, which would require 3 additional TAP-Win32 virtual adapters to be created. Values in italics should be changed to suit your environment. Configure OpenVPNĬreate the server configuration file in the OpenVPN config folder (c:\program files\openvpn\config\) # server.ovpn # This is cosmetic only but helps identification. Rename these adapters to "OpenVPN #n" where n is the adapter number. One adapter is needed for each concurrent VPN user. Once the installation is complete, you will need to create additional TAP-Win32 virtual adapters using the shortcut in the OpenVPN program group. Near the end of the install it will add a TAP-Win32 virtual adapter that is not signed, you need to tell Windows to install this as requested. OpenVPN GUI can be installed with default options (certificate wizard is not needed). We generally use the OpenVPN GUI package on Windows systems rather than the stock package, as this provides a system tray icon for controlling the application: The names and addresses used in this how to are examples only and should be changed to suit your environment. a proxy server), but this is outside the scope of this article. It is possible to run OpenVPN through through more restrictive connections (e.g. If your server has a dynamic IP address then you will need to use a dynamic DNS service to provide a fixed hostname.Īll systems should have an unfiltered Internet connection, or at least one that allows communication on UDP port 1194. It's preferable for the server IP address to be static as this makes things more stable. If the server is behind a NAT router then this will require address/port forwarding. The OpenVPN server system needs to be publically reachable on UDP port 1194 (you can use another port if required but this is the standard port for OpenVPN). ![]() These should be Windows 2000/XP Professional, although 2000/2003 server should work equally well. This can be a Windows 2000/2003 Server or 2000/XP Professional system. You need a Windows system to act as the OpenVPN server. This how to assumes that you have various things already set up: OpenVPN Server This document describes how we install and configure OpenVPN to work in a Microsoft Windows only environment. OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls.Īlthough originally developed for Linux, OpenVPN is now widely used for providing VPN services for Windows clients. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |