We will see here how to set up a OpenVPN server under Microsoft Windows Server.
OpenVPN is a very powerfull VPN which has several advantages : it is free, compatible with most operating systems, easy to implement and highly configurable.
In order to create the connection certificates, we will have to install OpenSSL software library. I personnaly use the slproweb.com packages.
Download the latest OpenSSL Light version.
We will add OpenSSL inside the environment variables.
Go to OpenVPN official website here to download last installer.
Here we will set up a pki to be able to create our server and clients certificates.
C:\Windows\system32>cd C:\Program Files\OpenVPN\easy-rsa
C:\Program Files\OpenVPN\easy-rsa>EasyRSA-Start.bat
# ./easyrsa clean-all
# ./easyrsa init-pki
# ./easyrsa build-ca nopass
[…]
Enter PEM pass phrase:PEMpa$$td
Verifying - Enter PEM pass phrase:PEMpa$$td
[…]
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:ovpn
# ./easyrsa build-server-full server nopass
[…]
Enter pass phrase for C:/Program Files/OpenVPN/easy-rsa/pki/private/ca.key:PEMpa$$td
# ./easyrsa gen-dh
C:\Users\Administrator>cd C:\Program Files\OpenVPN\easy-rsa
C:\Program Files\OpenVPN\easy-rsa>EasyRSA-Start.bat
# ./easyrsa build-client-full client01 nopass
[…]
Enter pass phrase for C:/Program Files/OpenVPN/easy-rsa/pki/private/ca.key:PEMpa$$td
To do this, use the Windows Firewall Management Console or these two commands inside an Administrator's PowerShell console.
PS C:\ > New-NetFirewallRule -DisplayName "OpenVPN" -Direction Inbound -Protocol UDP -LocalPort 1194 -Action Allow
PS C:\ > New-NetFirewallRule -DisplayName "OpenVPN_Network" -Direction Inbound -RemoteAddress 10.50.8.0/24 -Action Allow
As administrator, create the C:\Program Files\OpenVPN\config-auto\server.ovpn file :
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.50.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
Then, restart the OpenVPN service :
C:\Windows\system32>net stop openvpnservice
C:\Windows\system32>net start openvpnservice
C:\ PS> Restart-Service OpenVPNService
We will download the same package, and here install with default parameters.
Edit the client.ovpn file with administrator rights :
client
dev tun
proto udp
remote OPENVPN_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client01.crt
key client01.key
comp-lzo
verb 3
To contact the server we will use the 10.50.8.1 IP Address
⚠️ Troubleshooting : After a Windows Update, I couldn't have access to the server share anymore (OpenVPN was able to connect though). To make it work again, I had to repair (available when relaunching setup program) the OpenVPN program on the server side.
Contact :