OpenVPN Server Cheat Sheet

This document describes how to install and configure OpenVPN on a Windows Server computer.

Environment

    • OpenVPN 2.3.2 I003

    • Windows Server 2008 R2

Installation

    1. First, download the Windows installer, then run the file on the server you want to install OpenVPN.

    2. In the Welcome window, click the Next button.

    3. In the License Agreement window, click the I Agree button.

    4. In the Choose Components window, specify that all of the components should be installed. If you intend to use OpenSSL to create certificates, be sure to specify that the OpenSSL Utilities and the OpenVPN RSA scripts should be installed; this will give you the EasyRSA scripts which make configuring and creating certificates easier. Click the Next button.

    5. In the Choose Install Location window, click the Install button.

    6. The install was start and a window titled Windows Security will appear asking if you would like to install the TAP-Win32 Provider V9 Network adapter. Click the Install button to install this driver.

    7. In the Installation Complete window, click the Next button.

    8. In the Completing window, click the Finish button.

A Windows service named OpenVPN Service will now exist on the server, and it will be set to start manually.

In addition to the OpenVPN software shown in the Programs and Features control panel applet, the TAP-Windows software will also have been installed.

Also, a network adapter named TAP-Win32 Adapter V9 will have been created.

Configuration

Server Parameters

Copy the server.ovpn file from:

C:\Program Files\OpenVPN\sample-config

to:

C:\Program Files\OpenVPN\config

Edit this server.ovpn file and configure the following parameters.

local

If the server has more than one IP address then enable the local parameter and set it to the IP address you want to use.

For example: 10.11.12.1

port

Leave the port parameter set to 1194.

proto

Leave the proto parameter set to udp.

dev

Leave the dev parameter set to tun, in order to create a router IP tunnel.

ca, cert, key

Set the ca, cert, and key parameters appropriately for your system. If you need to generate these files, the EasyRSA scripts provice an easy way to do this. Refer to the EasyRSA section below for further details.

..............................

EasyRSA

This section describes how to use EasyRSA to configure and create certificates.