Setting Up an OpenVPN Connection (Configuring Server & Client) 💻↔️🖥️

Setting Up an OpenVPN Connection (Configuring Server & Client) 💻↔️🖥️

Hello everybody! This video will show you how to set up an
OpenVPN server for Windows and configure an OpenVPN client, and how to organize data exchange
channels between remote offices. Sometimes people need to establish a link
between remote computers without spending extra money on equipment and software. In doing that, a well-known free program OpenVPN
can help a lot, as it provides free implementation of the VPN – virtual private network technology. In our channel, you can already find a video
on how to create a VPN server with standard Windows tools and how to connect to such server
from another PC. You will find the link in the description:
Here we go. So, we have two computers. One of them will be used as an OpenVPN server,
and the other as a client. We have to enable them to see each other in
the network, on the Internet, and enable them to use shared folders and files. Let’s begin the setup process. • Download OpenVPN from the official website
– choose the version corresponding to your system bitness. I will give the link to OpenVPN official website
in the description: • Start the installation. • At step 3, check the inactive boxes. • Leave other items at default. In the course of installation, the system
creates a virtual network adapter, TAP-Windows Adapter V9, and its drivers. It is for this interface that Open VPN will
assign the IP address and the OpenVPN subnet mask. Rename it into “ServerVPN”. Later, I will use this name for the OpenVPN
server which I am going to create on this computer. After that:
• Launch the Command Prompt as Administrator. There is a special video in our channel about
all the ways of doing it, so feel free to watch it anytime. You will find the link in the description: • Go to the folder where OpenVPN has been
installed with the command CD: cd “C:Program FilesOpenVPNeasy-rsa”
• Run “init-config.bat” • As a result, a file named “vars.bat”
will appear in the folder “C:Program FilesOpenVPNeasy-rsa.” If file extensions are not displayed in your
PC, turn this function on. It will make your work more convenient. There is also a good video about it. If you want, you can follow the link in the
description: • Open it with Notepad or Notepad++. This batch file will set the variables for
certificate generation. • In the part concerning the organization
and location, fill in your data. However, may skip filling in the data as it
can be modified later, and this data doesn’t affect the work of our VPN server, as it is
only for information Go back to the Command Prompt started by Administrator
and run the following commands: • cd “C:Program FilesOpenVPNeasy-rsa”
• vars • clean-all – the answer should be two messages:
“1 file(s) copied 1.” If you see it, everything is fine. • build-dh – build a Diffie-Hellman parameter. If you run this command and see an error:
“ ‘openssl’ is not recognized as an internal or external command, operable program or batch
file,” then do the following:  go to Properties (Control Panel / System
or right-click on This PC)  Select Advanced system settings / Advanced
system settings / Advanced / Environment variables  In the section “User Variables” click
on the setting Path and then Edit.  In the windows that opens, click on Browse
directory and specify the path to the folder containing OpenVPN/bin.  Ok
 Ok  Ok
After that, open the Command Prompt as Administrator again, and run the commands that I have described
earlier in this video, once again. The build-dh command should run all right. As a result, in the folder “easy-rsa/keys”
a new file named dh4096.pem will appear. After that, enter the commands in the following
order: • build-ca – create the main certificate. You’ll be asked some questions. You can change the data you have previously
given in the file – country, region, city, server name etc. Change the information if necessary. If you don’t make any changes, press Enter. As a result, in the folder “easy-rsa/keys”
two new files named “ca.crt” and “ca.key” will appear. • build-key-server ServerVPN, where “ServerVPN”
is the name of our VPN server. Once again, you will be asked some questions:
press Enter when you see two questions “Sign the certificate?”
and “1 out of 1 certificate requests certified, commit?”, press Y.
• as a result, in the folder “easy-rsa/keys”
you wil see new files ServerVPN.crt, ServerVPN.csr, ServerVPN.key. • Certificates for the server have been
created. Now let’s create client keys:
• build-key СlientVPN, where “СlientVPN ” is the client name. The client certificate is going to be created. • Press Enter, but… • When asked about “Common Name (eg, your
name or your server’s hostname)” you should enter the client name. In our case, it is СlientVPN. • In the end, press Y twice. • As a result, in the folder “easy-rsa/keys”
you will see new files СlientVPN.crt, СlientVPN.csr, СlientVPN.key. • For every client, a new certificate is
built, but with another name, for example, build-key СlientVPN1 and you should specify
it in the common name. • Now let’s generate the key “ta.key”
for packet authentication. To do it, run the command: openvpn –genkey
–secret keys/ta.key • As a result, in the folder “easy-rsa/keys”
a new file named ta.key will appear. OK, the key business is over. Now let’s move on to create the server’s
and the client’s configuration files. In the folder “C:Program FilesOpenVPNconfig”
create a text file named “ ServerVPN.ovpn” – it will be the server’s configuration,
and enter the following text there. I have already prepared a server file. Let’s examine it. dev-node “ServerVPN” – the network adapter
name of our OpenVPN server. This parameter is not obligatory, but it is
convenient to know what server this configuration file belongs to. mode server – the server’s mode of operation
port 12345 – the port to which the IP address of our server is reserved, as it follows the
router. I have already shown port forwarding in another
video. You will find the link in the description:
There is also a video about reserving an IP address to a computer. You will find the link in the description: proto tcp4-server – data transmission protocol
dev tun – tunnel mode tls-server – the cryptographic transmission
protocol tls-auth “C:\Program Files\OpenVPN\easy-rsa\keys\ta.key”
0 – the path to the file “ta.key.” Check it, because in your case it can be different. For the server, add 0 after the key path,
and 1 for the client Remember, that in OpenVPN the path is always
using two slash symbols. If it contains folder names made of several
words and separated by spaces, like “Program Files,” the entire path should be quoted. tun-mtu 1500 – packet size
tun-mtu-extra 32 – packet size mssfix 1450 – packet size Paths to keys:
ca “C:\Program Files\OpenVPN\easy-rsa\keys\ca.crt” cert “C:\Program Files\OpenVPN\easy-rsa\keys\
ServerVPN.crt” key “C:\Program Files\OpenVPN\easy-rsa\keys\
ServerVPN.key” dh “C:\Program Files\OpenVPN\easy-rsa\keys\dh1024.pem” server – the range
of addresses allocated for a VPN network. It can be optional. client-to-client – allow the clients see
each other keepalive 10 120 – the so-called lifetime
of an inactive session cipher AES-128-CBC – Choice of encryption
cipher comp-lzo – set data compression setting
in the tunnel persist-key – don’t re-read key and tunnel
data when the connection is broken persist-tun– don’t re-read key and tunnel
data when the connection is broken client-config-dir “C:\Program Files\OpenVPN\config”
– the path to the CLIENT’s configuration file on the server. This one we are going to create soon. verb 3 – debugging mode level
route-delay 5 – the time for creation and application of a route. In this case, it’s 5 seconds. route-method exe – this is how route data
is entered push “route” – this
command lets the client know about the server’s subnet. That is why – indicates the
server’s subnet. route – enable
visibility for the network server and client addresses. That is why – indicates the
client’s subnet. That’s all. Let’s try starting the server: Double-click
on the desktop shortcut OpenVPN Gui or open the file “C:Program FilesOpenVPNbinopenvpn-gui.exe”. The OpenVPN icon will appear in the taskbar. Right-click on it and select Connect. If it turns green in several seconds, it’s
all right – the server is running. If it doesn’t happen, read the log file
in the folder С:/Users/UserName/OpenVPN/Server.log. If an error occurs, it will be described in
this file, and you’ll be able to fix it. As you can see, in our case the server works
all right. Next. In the folder config, create a file without
extension and name it just as the server – ClientVPN. Open it with Notepad and enter the following:
ifconfig-push – this way, we assign to the client the IP address or 6. The addresses can be different. iroute – inform
the server, that network belongs to the client # disable – if you uncomment this line, the
client will be disconnected. It’s good for cases when you need to disconnect
a client from the server, while others will be working as usual. That’s all. Save it. Install OpenVPN on the client’s computer
as well, and you don’t have to check all the boxes. Copy the following files from the folder “C:Program
FilesOpenVPNeasy-rsa/keys” on the server computer:
• ca.crt • ClientVPN.crt
• ClientVPN.key • ta.key
Transfer them to the computer with an OpenVPN client, into the folder C:Program FilesOpenVPNconfig. In the same folder, create a file Client.ovpn,
and enter this data: remote – address of the server
where to connect to client – let the client take the routing data
from the server (push options) port 12345 – The port for OpenVPN
proto tcp4-client – Specify the protocol for OpenVPN
dev tun – Interface type tls-client – The cryptographic transmission
protocol tls-auth “C:\Program Files\OpenVPN\config\ta.key”
1 – the path to the file “ta.key.” Check it, because in your case it can be different. For the server, add 0 after the key path,
and 1 for the client remote-cert-tls server – Protection
tun-mtu 1500 – packet size tun-mtu-extra 32 – packet size
tun-mtu 1450 – packet size Paths to keys:
ca “C:\Program Files\OpenVPN\config\ca.crt” cert “C:\Program Files\OpenVPN\config\ClientVPN.crt”
key “C:\Program Files\OpenVPN\config\ClientVPN.key” cipher AES-128-CBC – Choice of encryption
cipher comp-lzo – set data compression setting
in the tunnel persist-key – don’t re-read key and tunnel
data when the connection is broken persist-tun– don’t re-read key and tunnel
data when the connection is broken verb 3 – debugging mode level
mute 20 – the number of repeating messages That’s all. Save it. Now, one more thing. To enable ping to internal addresses of our
Server and Client, turn on Routing and Remote Access service. To do it:
• Start the Registry Editor • Open the following key:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpIPParameters • Find PEnableRouter
• Change its value data to “1” (one) • Don’t forget to restart the computer
for the changes to take effect! It should be done for both computers, the
server and the client. Next. Set up firewalls and antiviruses on the client
and server computers to allow free passage of data packets. I will not go into details as everything depends
on the particular software they have installed. After that, start the server. Start OpenVPN Gui or Server.ovpn. The server is running now. After it is connected, start OpenVPN on the
Client computer. Start OpenVPN Gui or Client.ovpn. When it is connected, test the link: in the
command prompt, enter “ping” and the address assigned to the client or the server. It depends on the computer from which you
test the link. If the ping gets through, then all settings
are correct. Now let’s try accessing the shared folders:
• first, from the server to the client. • As you can see, access is possible. • Now, from the client to the server. • This way, access is also possible. That’s all. As you can see, a VPN connection with OpenVPN
is created. Computers can access each other in both directions. Hit the Like button and subscribe to Hetman
Software channel. Ask questions in your comments. Thank you for watching. Good luck.

53 thoughts on “Setting Up an OpenVPN Connection (Configuring Server & Client) 💻↔️🖥️

  1. Watch how to set up an OpenVPN server for Windows and configure an OpenVPN client, and how to organize data exchange channels between remote offices. We will be glad to answer any questions in comments.

  2. Thank you for a great video. Is the WAN ip of the Server? Can it be replaced with a domain name – say, one obtained from dyndns?

  3. Where is the CONFIG folder? Created one placed my .ovpn file in there and all other places possible! Reboot OpenVPN many times! Connect still Grayed out!!!!!!!!!!!!!!!!

  4. when i connect to sever its ok , but on client is gives me an error tcp: connect to [af_inet] failed: unknown error, how can i resovle this problem ?

  5. Hi, that is a very good description, thank you .. but i have a question please.
    what if i have
    – – – a server ( proliant ml310e with windows server 2012 r2)
    – – – and 30 clients who i want them to work on that server simultaneously ( no one is allowed to work or save any thing on his own PC) .. should i do exactly as you said in the video ?
    best regards

  6. why when i run build-dh it only create 2048 bit safe prime? not 4096 like yours. I tried run it, but error, log file say missing dh4096 file

  7. very useful tutorial. I copied/edited the conf files in sample-config reading all comments on them and all has worked almost flawlessly.
    I love it because the errors it gives when connecting are very meaningful (log file).
    If when running build-ca.bat it throws an error about 'req_distinguished_name', try to run vars.bat again.
    I'm amazed how easy it was. Now I have to fine-tune it.
    thank you!

  8. Hi, I dont understand this section. Can you explain this route?

    push "route"

  9. I used the same code and i got error ! server does not work

    Options error: –pull-filter cannot be used with –mode server
    Use –help for more information.

    help me solve it !

  10. I am trying to configure my Windows Server 2016 as the Server, It could connect initially (Only at server side), but suddenly, after restarting the OpenVPN service it is giving me an error of "ALL TAP-Windows adapters on this system are currently in use", I have tried re-enabling the adapters, reinstalling the Tap Network Drivers, many random online "Fix" and also Resinstalling OpenVPN. But to no avail, none of the options worked. I would Really appreciate it if you could help me.

    Thank you in Advance 🙂

  11. Hi, i did exactly what the video explained and when i try to connect through the client it says connecting and is stuck on connecting. The log file shows:

    Sat Apr 27 12:25:11 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]

    Sat Apr 27 12:25:11 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]

    Sat Apr 27 12:25:11 2019 Attempting to establish TCP connection with [AF_INET] [nonblock]

    Sat Apr 27 12:25:11 2019 MANAGEMENT: >STATE:1556360711,TCP_CONNECT,,,,,,

    I have switched all firewalls in both the server and client off with no success.

    Can someone just verify the below and have any suggestions?

    1. In the client.ovpn file do you insert the wan ip of the server or Dyndns address pointing to that server. I've tried both with no success.

  12. how to fix : "CreateFile failed on TAP device: \.Global{FA2EDB87-3170-4554-BAB1-F6AEBEF5EFC5}.tap" ?

  13. I have client.ovpn config. And i wanna add passprhase on my ovpn config. How i add passprhase on my ovpnconfig? Then the client have to 2 login (user & pass on the server and passprhase) thanks.

  14. Excellent your video tutorial, my helped a lot, thank you! Forgive my English I am not fluent and I used Google Translator … I am from Brazil and only with your video tutorial that I managed to make openVPN work … maybe you have some material that teaches server-to-serve using Linux would be very thankful!

  15. Does this Tutorial work with Open VPN 2.4.7 as i cant get past the following error.
    Thu Jul 25 15:26:33 2019 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=AU, ST=CA, L=Gold Coast, O=ServerVPN, OU=changeme, CN=ServerVPN, name=changeme, [email protected]

    Thu Jul 25 15:26:33 2019 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

    Thu Jul 25 15:26:33 2019 TLS_ERROR: BIO read tls_read_plaintext error

    Thu Jul 25 15:26:33 2019 TLS Error: TLS object -> incoming plaintext read error

    Thu Jul 25 15:26:33 2019 TLS Error: TLS handshake failed

  16. can you please make a video how to config openvpn when a mobile phone can give hotspot to any client but data would transfer through a vpn account that has been set up in openvpn config on the phone.

  17. It was difficult understanding how to configure Server config file. This is my error message in my logs when i try starting the vpn Options error: Unrecognized option or missing or extra parameter(s) in server.ovpn:26: Additional (2.4.7)

  18. Every single time that I need to config a OpenVPN server, I separate like 4 hours, prepare coffee. and try to be focused… 99% of all this editing an generating, could be do by the installer. There is some "easy scripts" for linux too. I guess the keep this super complicated just to justify a "network engineer" title. Thanks for the guide, I never installed on windows

  19. Options error: Unrecognized option or missing or extra parameter(s) in Server.ovpn:40: Additional (2.4.7)

    Use –help for more information.

    I did all u did bat that the log. What is that mean. I ve no idea Can u help me man?

  20. hi there, great video. i just want to ask could you tell me how to export a config for mobile user? and would you make another video about stunnel for dpi?

  21. Hi, is it possible to tell how to create server.ovpn and client.ovpn files? coz without these two files the whole tutorial video basically stopped at the step that you explain these two files Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *