JaTomes - OpenVPN Information

Introduction

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the fundamental premise that complexity is the enemy of security, OpenVPN offers a cost-effective, lightweight alternative to other VPN technologies that is well-targeted for the SME and enterprise markets.

I have OpenVPN installed on a machine on my internal network. My router allows the correct port access to that machine. I have the OpenVPN adapter bridged to my hardware network adapter. This means that once I have established a secure VPN connection to that machine, I have access to my entire home network via a secure encrypted connection. With an OpenVPN client on my laptop I can establish a secure connection to my home network thus making wireless connections in airports and etc a little more secure.

It is available for multiple platforms, is well documented making it easy to set up a secure VPN connection to your home or work network. The various commands that you will need to enter in this process are in bold text to make it easier to see exactly what you will need to type.

Note: these instructions use Windows path notation with a '\' backslash. If you do the installation under Linux you will need to change the '\' backslashes to '/' forward slashes. ClientName and ServerName should be replaced by the machine names of your Server machine and Client machine.

OpenVPN Server Installation and Configuration

  • Download and install OpenVPN from http://openvpn.net/ Note: The HOWTO section under documentation on this site has excellent detailed instructions if more information is required.
  • Switch to OpenVPN\easy-rsa and run init-config batch file
  • Update OpenVPN\easy-rsa\vars.bat to point to your key directory and set certificate defaults Note: your key directory should be protected from other users. I would recommend keeping your key directory on a TrueCrypt volume and only mounting it when needed.
  • Build the Certificate Authority (CA) by running the following commands:
    • vars
    • clean-all
    • build-ca When building the CA respond to prompt for Common Name with the name of the CA: ie, “Common Name (eg, your name or your server’s hostname)” []:OpenVPN-CA
  • Generate Diffie Hellman parameters by running build-dh
  • Create server config file in OpenVPN\config specifying your key directory using double backslashes
  • Add OpenVPN to the StartUp folder with OpenVPN\bin\openvpn.exe ServerName.conf set to run as minimized

Certificate Generation

  • On the Server, switch to OpenVPN\easy-rsa
  • Run vars
  • Run build-key ServerName and respond to the prompts appropriately
  • Create a certificate for each client allowed to connect to server by running build-key ClientName
  • Note: Additional information on Certificate generation is available at this link.

Client Configuration

  • Create the following directory structure and contents for each client machine:
    • ServertName
      • system
        • ServerName.conf
        • ca.crt
        • ClientName.crt
        • libeay32.dll
        • libssl32.dll
        • openvpn.exe
        • tapinstall.exe
        • oemwin2k.inf
        • ClientName.key
        • tap0801.sys
      • VpnConnect.bat, contents of batch file:
        • @echo off
        • system\openvpn —config system\ServerName.conf
        • if errorlevel 1 pause
      • VpnInstall.bat
      • VpnUninstall.bat
  • Transfer the directory structure under ServerName securely to the client machine (zip with password)
  • Copy directory structure to client machine. I would recommend keeping your client directory on a TrueCrypt volume and only mounting it when needed as this contains a secure key connection to your VPN server and then dismounting the volume once you disconnect the client.
  • Run ServerName\system\VpnInstall to install the VPN tunnel
  • Create a shortcut for ServerName\VpnConnect.Bat
    • To start the OpenVPN session double click on the shortcut icon
    • To terminate the OpenVPN session press F4
  • To uninstall
    • Run ServerName\system\VpnUninstall
    • Remove directory structure
  • One OpenVPN installation can support access to multiple servers from the same tunnel, just one at a time. Press F4 to close one connection and then double click another shortcut icon. It is only necessary to run ServerName\system\VpnInstall once for all of the servers you wish to connect.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License