for Windows is open source software published under the GNU General Public Licence(GPL). There is both client and server software modules in one installation package providing complete solution for many VPN uses such as secure remote access to internal network, point-to point or point-to-multipoint VPN connections .
Security as one of the most important approaches in VPN is achieved by using encryption and authentication methods on traffic between peers. Peers can be authenticated by pre-shared keys, certificates or username/password combination. Traffic encryption is performed with SSL encryption mechanisms. OpenSSL library as source implementation of SSL and TLS protocols is used to encrypt secure communication channels.
OpenVPN complete solution can be accommodated in many platforms such as Window, Mac and Linux OS environments that enable unification of VPN connection in case of multi-platform enterprise environments. Solution described in this article is freeware which is one more reason for implementing.
In this article I’ll describe process of installation and configuration OpenVPN package for Windows. Considering that installation package contains both server and client modules it will be described configuration of both sides which is necessary for successful VPN establishing. Installation process should be performed by user with administrator privileges.
Installation package can be downloaded from OpenVPN Community site. Earlier installation versions had only command line installation package. Now GUI module is included in package.
After downloading and executing installation .exe file (openvpn-2.2.2-install.exe is current version) you get first installation screen:
Click Next. Now it appears License agreement window. Click Agree.
Next window is “Choose Components” window:
By default all options is checked. If you didn’t install OpnVPN earlier on machine on which installation is performed we recommend all options left checked. If you want installation of only specific components (for example OpenVPN GUI if you have only command line installation and need upgrade) you can uncheck unnecessary components. Then click Next, choose installation folder and again Next. Appears window that informs virtual adapter TAP-Win32 Adapter V9 not passed windows logo testing:
Click “Continue anyway”
When installation finishes computer should be rebooted for completing installation.
When installation is complete there is icon in system tray bar and desktop icon created. Installation generates OpenVPN as windows service but in Manual starting mode and Not Started status. In configuration describing will be described how to start Open VPN service and configure server and client mode OpenVPN functionality.
When OpenVpn software is installed it can be configured for server or client functionality or both on the same machine. Installation creates windows service which is in Manual starting mode. User has options to start service manually or set it to Automatic mode for starting automatically after system boot.
One of the most important issues about starting and working OpenVPN is configuration file placed in C:\Program Files\OpenVPN\config folder. There can be one or more configuration files with .opvn extension. When starting OpenVpn creates separate process for each configuration file. Also, each process is associated with virtual network adapter TAP-Win32 which is used for separate VPN tunnel.
After installation there are configuration files in C:\Program Files\OpenVPN\config folder. There are only samples in C:\Program Files\OpenVPN\sample-config folder with example files which user can use for creating its own configuration files and place in configuration folder.
I’ll show two examples of configuration files, one for client config and one for server config. You can apply these files on installations on client and server machines and test VPN connection between.
There is sample of client configuration file for basic configuration needed for establishing VPN tunnel:
# setting machine as VPN client client # setting routed VPN tunnel mode dev tun #tap interface for tunnel(input name of virtual tap interface in network connection panel) dev-node ClientTapInfName #setting virtual ip address of client assigned to tap interface Ifconfig 10.0.2.2 255.255.255.0 #setting protocol – default is udp(port 1194), tcp can be used proto udp #setting server ip remote [ server ip address] #setting secret key(accepted from server admin) key yourkey
Configuration file can be created with any text editor and saved with .ovpn extension. After creation, file should be copied in C:\Program Files\OpenVPN\config folder. Remote IP address means real server IP address, not virtual which is associated with tap adapter after connection is successful. With ifconfig line is defined client virtual IP address.
Here is server config file example:
#TCP/UDP port which server listen on UDP 1194 # setting routed VPN tunel to client dev tun #tap interface for tunnel(input name of virtual tap interface in network connection panel) dev-node ServerTapInfName #setting virtual ip adress of server assignet to tap interface Ifconfig 10.0.2.1 255.255.255.0 #set secret key(accepted from server admin) key yourkey
Key yourkey should be generated on server through next command in command promt:
openvpn --genkey --secret key
After key is generate you should copy it to client by secure medium.
Configurations in examples enables establishing point/to/point routed VPN connection between client and server. After applying configurations by placing conf files in config folder and starting openvpn windows service (both on client and server) you can assume the VPN connection established. You can ping server IP address (10.0.2.1 in this example). Considering this VPN is routed VPN you should add routes to network behind server which can be LAN network of company where server is installed. Routes should be add in command promt through route add command, for example:
route add 10.0.0.0 mask 255.255.255.0 10.0.2.1
(Assume that 10.0.0.0/24 is the company LAN subnet). Routes should be added on server too.
This example shows basic configuration. Users have many different configuration options related to different tunnel modes(you can config ethernet mode), different encryption and authentications methods and many other possibilities that offers OpenVPN tool. On the OpeVPN community page(http://openvpn.net/index.php/open-source.html) can be found many articles about OpenVPN software.
If you want to know more about VPN you can visit our VPN articles http://www.isystemadmin.com/what-is-vpn-the-simple-vpn-instroduction, http://www.isystemadmin.com/popular-types-of-vpns and http://www.isystemadmin.com/5-free-vpn-softwares.