Install OpenVPN Client-Server Windows step by step
1. Introduction:
To secure remote desktop access to the server we need to install OpenVPN. The installation is simple but you need to keep intention with the step of the firewall configuration.
We have a server and a client connected via internet. The server has a public IP address.
Let's assume this configuration:
Server:
- 1 NIC Card with a public IP Address: 192.168.1.100
- The firewall is on for two zones Public and Private: Public for inbound and outboud internet connection. The private is for the indound and the outbound LAN connection.
- The RDP connection in Windows server 2008 R2 and 7 uses TCP Port.
- The RDP connection in Windows Server 2012 and latest version uses TCP and UDP Port.
Download the installer OpenVPN from here and run it on the server computer.
Install OpenVPN
In this step OpenVPN will be install in the default location C:\Program Files (x86)\OpenVPN. Some how we will get error in the configuration step due to a permission access even executing the installer as administrator. So change the location to C:\Program Files\OpenVPN
Accept the install of the device software. This will create a new virtual NIC for OpenVPN
Navigate to the C:\Program Files\OpenVPN\easy-rsa folder
Press Windows Key + R
Type "cmd.exe" and press Enter.
Go to "easy-rsa" folder
cd "C:\Program Files\OpenVPN\easy-rsa"
Initialize the OpenVPN configuration:
init-config.bat
Open the vars.bat file in notepad
Edit the following lines in vars.bat, replacing "US", "CA," etc. with your company's information:
set KEY_COUNTRY=US set KEY_PROVINCE=CA set KEY_CITY=SanFrancisco set KEY_ORG=OpenVPN set KEY_EMAIL=mail@host.domain
Save the file and exit notepad
Run the following commands:
vars.bat
clean-all.bat
Create the certificate authority (CA) certificate and key
build-ca.bat
For your "Common Name," a good choice is to pick a name to identify your company's Certificate Authority. For example, "Server"
Create the server certificate and key
build-key-server.bat server
- When prompted, enter the "Common Name" as "server"
- When prompted to sign the certificate, enter "y"
- When prompted to commit, enter "y"
Create client certificates and keys
build-key.bat client
When prompted, enter the "Common Name" as the name you have chosen, in this example "client"
Generate Diffie Hellman parameters (This is necessary to set up the encryption)
build-dh.bat
3. Configuring OpenVPN Server:
Navigate to "C:\Program Files\OpenVPN\easy-rsa"
Copy the four files "ca.cert, server.key, server.crt and dh1024.pem" to "C:\Program Files\OpenVPN\config"
Copy "server.ovpn" from folder "Sample-config" to "config" folder
Edit with notepad "server.ovpn"
Find the following lines:
ca ca.crt cert server.crt key server.key
dh dh1024.pem
Edit them as follows:
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt" cert "C:\\Program Files\\OpenVPN\\config\\server.crt" key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
Save the file.
4. Installing OpenVPN Client:
In the client workstation, install the same setup OpenVPN.
5. Configuring OpenVPN Client:
Copy the files we configured in the previous step from "Server" to OpenVPN folder in the client workstation: "ca.crt" "client.crt" "client.key" and "client.ovpn"
Edit "client.ovpn" with notepad
Find the following line:
remote my-server-1 1194
Remplace "my-server-1" with the public IP address of the server
Find the following lines:
ca ca.crt cert client.crt key client.key
Edit them as follows:
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt" cert "C:\\Program Files\\OpenVPN\\config\\mike-laptop.crt" key "C:\\Program Files\\OpenVPN\\config\\mike-laptop.key"
Save "client.ovpn"
6. Connecting OpenVPN:
First we need to start OpenVPN in the Server. Execute "OpenVPN GUI"
Right click on OpenVPN, then "Connect"
Now OpenVPN is UP on the Server
As you see, a virtual IP address already assigned to the server "10.8.0.1"
We need to configure the server's firewall to accept connection via port UDP 1194
Click on "Advanced settings"
Select "Inbound Rules", in the right side click on "New Rule"
Select "Port"
Select "UDP" protocol and specify the local port "1194"
Select "Allow the connections"
Give a name for the rule
Click "Finish"
Now we are able to connect the client workstation to the server.
At this step, we can only connect OpenVPN but we need a remote desktop access through the VPN. As I mentioned before RDP connection uses UDP protocol on port 3389.
If you are using Windows 7 or Server 2008 R2, you need to enable the TCP port 3389
Go to "Remote Desktop - User Mode (UDP-In)" rule, right click on it and "properties"
Go to "Scope" tab, in "Remote IP Address" select "These IP addresses"
In "This IP address or subnet" enter the virtual IP address of the client. Or enter a range of IP addresses include the client address
Click "OK"
Do not forgot to enable the rule
7. testing VPN connection:
Execute "OpenVPN GUI" client and click connect.
The VPN is connected
Testing RDP access. Open a "Remote Desktop Connection". Enter the Virtual IP address of the server and click "Connect"
RDP works perfectly. This virtual IP works only when the OpenVPN is up.
the only real and complete tutorial for windows.
ReplyDeleteI am glad to help :)
Deletebro tnx you , but cant access share folder in my server (windows server 2016) ?
ReplyDeleteThat's another level, you need to check your firewall or create a firewall rule to grant access.
Deletehow can we enable access for clients to local network e.g. vpn network 10.0.8.0/24 local network 192.168.1.0/24
ReplyDeletealso is it possible to have client assigned inside local dhcp pool so when they connect to vpn they get ip address in 192.168.1.0/24 range.
Looking forward for reply.
Thanks
Thank you very much.
ReplyDeleteImpressive!Thanks for the post
ReplyDeleteYou’re doing a great job Man, Keep it up.
Top IT consulting companies in Hyderabad
IT business process outsourcing
IT outsourcing services
IT outsourcing companies
Software consultancy companies in Hyderabad
IT consultancy services in Madhapur Hyderabad
IT consultancy in Hyderabad
IT service-based companies in Hyderabad
List of IT companies in Hyderabad
IT companies in Hyderabad
IT consultancy companies in Hyderabad
IT consultancy services in Hyderabad
hatay evden eve nakliyat
ReplyDeleteısparta evden eve nakliyat
erzincan evden eve nakliyat
muğla evden eve nakliyat
karaman evden eve nakliyat
OF4YİA
8E643
ReplyDeleteYalova Şehirler Arası Nakliyat
Kırklareli Şehirler Arası Nakliyat
Afyon Parça Eşya Taşıma
Ardahan Şehir İçi Nakliyat
Kocaeli Şehirler Arası Nakliyat
Hatay Şehirler Arası Nakliyat
Düzce Lojistik
Manisa Parça Eşya Taşıma
Ünye Petek Temizleme
A7D42
ReplyDeleteÇerkezköy Organizasyon
Pancakeswap Güvenilir mi
Siirt Lojistik
Bilecik Şehir İçi Nakliyat
Yozgat Parça Eşya Taşıma
Çerkezköy Kurtarıcı
Isparta Lojistik
Antep Şehirler Arası Nakliyat
Adana Şehir İçi Nakliyat
C443C
ReplyDeleteBitcoin Nasıl Oynanır
Kripto Para Nasıl Kazılır
resimli
Bitcoin Nedir
Binance Kimin
Bitcoin Mining Nasıl Yapılır
Kripto Para Nasıl Oynanır
Coin Madenciliği Nasıl Yapılır
Gate io Borsası Güvenilir mi
2746F
ReplyDeletebinance referans kodu
resimli magnet
binance referans kodu
binance referans kodu
referans kimliği nedir
resimli magnet
resimli magnet
binance referans kodu
referans kimliği nedir
2E29D
ReplyDeletecoin nasıl alınır
canlı sohbet uygulamaları
binance
referans kodu binance
paribu
kripto para telegram
en güvenilir kripto borsası
huobi
referans kod
16311
ReplyDeletebinance ne demek
kizlarla canli sohbet
filtre kağıdı
en az komisyon alan kripto borsası
okex
copy trade nedir
kripto para kanalları telegram
kripto para telegram grupları
bitcoin hangi bankalarda var
افران الغاز WS4S1yMxhZ
ReplyDeleteصيانة افران الغاز بمكة 4Rmy9HaT1M
ReplyDeleteشركة مكافحة حشرات بخميس مشيط iOAkDKu23Q
ReplyDelete