How To set up OpenVPN Server on Windows

We will see here how to set up a OpenVPN server under Microsoft Windows Server.

Network diagram

Windows OpenVPN Network Scheme Webpage

Server configuration

Installing OpenVPN

Go to OpenVPN official website and download https://openvpn.net/ last installer.

OpenVPN Download Webpage OpenVPN Windows Installer OpenVPN Windows Installer OpenVPN Windows Installer OpenVPN Windows Installer

Setting up Certificate Authority (CA) and generating certificates and keys for server and clients

Here we will set up a pki to be able to create our server and clients certificates.

Windows command run as administrator
C:\Windows\system32>cd C:\Program Files\OpenVPN\easy-rsa
C:\Program Files\OpenVPN\easy-rsa>EasyRSA-Start.bat
# ./easyrsa clean-all
# ./easyrsa init-pki
OpenVPN on Windows Easy RSA Shell init-pki
# ./easyrsa build-ca nopass
# ./easyrsa build-server-full server nopass
# ./easyrsa gen-dh
# ./easyrsa build-client-full client01 nopass

Certificates

OpenVPN on Windows config-auto folder

Add a Windows Firewall Rule

We need to open 1194 udp port to allow OpenVPN clients connections. Use the Windows Firewall Management Console or this command inside a Administrator command line console to do that.

C:\Windows\system32>netsh advfirewall firewall add rule name="OpenVPN" dir=in localport=1194 remoteport=0-65535 protocol=UDP action=allow remoteip=any localip=any

C:\Program Files\OpenVPN\config-auto\server.ovpn

As administrator, edit C:\Program Files\OpenVPN\config-auto\server.ovpn file :

port 1194
proto udp
dev tun

ca ca.crt
cert server.crt
key server.key
dh dh.pem

server 10.50.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt

keepalive 10 120

comp-lzo

persist-key
persist-tun

status openvpn-status.log

verb 3

Then, restart the OpenVPN service :

Windows Run, services.msc Windows services management console, restart openvpnservice.
C:\Windows\system32>net stop openvpnservice
C:\Windows\system32>net start openvpnservice

Client configuration

Installing OpenVPN

We will download the same package, and here install with default parameters.

Copy certificates from the Server

Windows 10, OpenVPN certificates.

Edit the client.ovpn file with administrator rights :

client

dev tun

proto udp

remote 192.168.0.200 1194

resolv-retry infinite
nobind
persist-key
persist-tun

ca ca.crt
cert client01.crt
key client01.key

comp-lzo

verb 3

Establishing the connection

Windows 10, OpenVPN certificates. Windows 10, OpenVPN certificates. Windows 10, OpenVPN certificates.

Server Access

To join the server we will use the 10.50.8.1 IP Address

Windows 10, OpenVPN certificates.

Troubleshooting : After a Windows Update, I couldn't have access to the server share anymore (OpenVPN was able to connect though). To make it work again, I had to repair the OpenVPN program on the server side.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Contact :