How to Install and Configure OpenVPN on Windows 10

View Larger Image

Introduction

In this blog article we are going to discuss about How to Install and Configure OpenVPN on Windows 10. A VPN is short form of virtual private network, which gives us a privacy, anonymity and security over public internet. A VPN service masks our ISP IP so your online actions are virtually untraceable. A VPN can also be used to connect computers to isolated remote computer networks that is usually inaccessible, by using the Internet or another intermediate network.

We can define OpenVPN as a full-featured SSL VPN. OpenVPN uses OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol. OpenVPN supports flexible client authentication methods based on certificates, smart cards and username/password credentials. OpenVPN is not a web application proxy and does not operate through a web browser. OpenVPN server process over a single TCP or UDP port. The default port number is 1194. OpenVPN 2.3 includes a large number of improvements, including full IPv6 support and PolarSSL support.

OpenVPN is also the name of the open source project started by our co-founder and which uses the GPL license. He developed the OpenVPN project that used to encrypt and secure point-to-point or site-to-site connection between two machines over the public Internet. In other word using OpenVPN we can create a secure Private network over public Internet and will have Remote access to internal services of your IT infrastructure.

Use Cases of OpenVPN

Secure Remote Access
Site-to-site , Users-to-Site or Users-to-Users connectivity to bring networks together
Protect screen sharing and remote desktop communications
Encrypt sensitive IoT communications
Secure Access to Cloud-Based Systems

OpenVPN available as Below.

OpenVPN Community Edition, which is a free and open-source version
OpenVPN Access Server (OpenVPN-AS), is based on the Community Edition, but provides additional paid and proprietary features like LDAP integration, Easy Management Admin Portal ,cluster option etc.
OpenVPN-as-a-Service, solution eliminates the need for VPN server installation. By Purchasing OpenVPN Cloud we can simply connect to our hosted service with regions around the globe.

Apart from OpenVPN Community Edition, the other two OpenVPN editions has Economical licensing model that is based only on the number of simultaneous VPN connecting users or devices.

The OpenVPN Community Edition totally free to use and there is no user limitations. OpenVPN community edition server can be installed on Linux or Windows Based systems.

OpenVPN for Windows

It can be installed from the self-installing exe file which is called OpenVPN GUI. OpenVPN GUI is a graphical fronted for OpenVPN running on Windows. It creates an icon in the notification area from which you can control OpenVPN to start/stop your VPN tunnels, view the log and do other useful things.

OpenVPN Connect client

It is the OpenVPN client software packages installing on client PC. This client package used to connect to the OpenVPN server. OpenVPN Connect client supported on Windows, Linux, MacOS, IOS and Android.

Setting Up OpenVPN Server.

In this article will show you how to Setup up a OpenVPN Server ( Community Edition) On Windows 10 to forward incoming traffic to the internet, then route the responses back to the client. This is a Users-to-Site Model.Which means settings up a OpenVPN Server to tunnel clients internet traffic through OpenVPN server. Those clients that successfully connected to the OpenVPN server will have their ISP IP Address will show as servers Public IP address.Commonly, a VPN tunnel is used to privately access the internet, evading censorship or Geo location by shielding your computer’s web traffic when connecting through entrusted hotspots, or connections.

Section 1. Installing OpenVPN Server

Let’s get Started. First thing is Download the latest Windows 64-bit MSI installer for OpenVPN Community edition from official OpenVPN Website, under community section.

The OpenVPN executable should be installed on both server and client machines, since the single executable provides both client and server functions.

Once Downloaded right click the installer exe file and choose install option.

The following screen will appear, click “Customise” to start the installation.

Make sure to choose all features by clicking the icon next to each features and selecting the option “Entire feature will be installed on local hard drive”. Below are the two features which will not be installed by default and we need to select during install.

Openssl utilities , EasyRSA 3 Certificate Management scripts

OpenVPN service.

Click Install Now button after selecting all features.

The install will get completed and we will get below screen. Click Close. The default install location will be C:\Program Files\OpenVPN

We will get a warning message as ” No readable connection profiles ( config files ) found. Its fine , click OK.

This Completes the OpenVPN MSI Package install. After the install, Under Windows 10 “Network and Internet ” settings >> Under Ethernet >> Change adaptor options >> We can see a new network adaptor named OpenVPN TAP device created.

Now we can manage the OpenVPN service either from Windows Start Menu -> Control Panel -> Administrative Tools -> Services section.

As of OpenVPN version 2.5.0,While starting the OpenVPN wrapper service the OpenVPN will look for .ovpn configuration file under folder “C:\Program Files\OpenVPN\config-auto” to auto-start OpenVPN service when ever our Windows 10 reboots.

Another option to start/stop OpenVPN service is Click on Windows hidden notification area from task bar , there we can see the OpenVPN icon, right click on it and you will see multiple options including Connect and Disconnect.

If you don’t see the OpenVPN icon in the Windows task bar notification area, double click the OpenVPN icon available in the desktop and that will make the OpenVPN icon available at the windows task bar notification area.

For better understanding refer below screenshot.

As I mentioned earlier As of OpenVPN version 2.5.0, when we start the OpenVPN service using the GUI component under windows task bar notification area, the OpenVPN will look for .ovpn configuration file under folder “C:\Program Files\OpenVPN\config”.

This Concludes the OpenVPN Package install on Windows 10 for Server and for the Client PC. Now lets move to the next section.

Section 2. Setup Master Certificate Authority (CA) and Generate Certificates and keys for OpenVPN Server and Clients.

OpenVPN uses public-key infrastructure (PKI) for certificate generation and Management. It is the technology behind digital certificates. There for, PKI is the technology that allows you to encrypt data, digitally sign documents, and authenticate yourself using certificates.

The PKI consists of:

A separate certificate (also known as a public key) and private key for the server and each client, and
A master Certificate Authority (CA) certificate and key which is used to sign each of the server and client certificates.

For PKI management, The latest version of OpenVPN packages provided easy-rsa 3, a set of scripts which is bundled with OpenVPN MSI.

The easy-rsa3 scripts folder location should be “C:\Program Files\OpenVPN\easy-rsa”. Also the Easy-RSA 3 runs POSIX shell code, so use on Windows has some additional
requirements such as an OpenSSL installation, and a usable shell environment but Windows packages of EasyRSA 3.0.7+ include an OpenSSL binary and libraries that will be used by default. So basically we don’t need to perform the OpenSSL install separately in our Windows Install.

Additionally The Easy-RSA 3 Windows release includes a ready-to-use shell environment where we can run the commands that needed to issue SSL/TSL certificates. So lets proceed with the SSL/TLS certificate creation along with CA certificate using easy-rsa3 scripts.

First thing is go the folder “C:\Program Files\OpenVPN\easy-rsa” using Windows File explorer. Copy the file named “vars.example” to file named “vars“.

The “vars “ file contains built-in Easy-RSA configuration settings. The default settings are fine unless if we need any custom changes. Few configurable options given in below table.

Variables	Default Value	Usage
set_var EASYRSA	C:\Program Files\OpenVPN\easy-rsa	Defines the folder location of easy-rsa scripts
set_var EASYRSA_OPENSSL	C:\Program Files\OpenVPN\bin\openssl.exe	Defines the OpenSSL binary path
set_var EASYRSA_PKI	C:\Program Files\OpenVPN\easy-rsa\pki	The folder location of SSL/TLS file exists after creation
set_var EASYRSA_DN	cn_only	This is used to adjust what elements are included in the Subject field as the DN
set_var EASYRSA_REQ_COUNTRY	“US”	Our Organisation Country
set_var EASYRSA_REQ_PROVINCE	“California”	Our Organisation Province
set_var EASYRSA_REQ_CITY	“San Francisco”	Our Organisation City
set_var EASYRSA_REQ_ORG	“Copyleft Certificate Co”	Our Organisation Name
set_var EASYRSA_REQ_EMAIL	“me@example.net”	Our Organisation contact email
set_var EASYRSA_REQ_OU	“My Organizational Unit”	Our Organisation Unit name
set_var EASYRSA_KEY_SIZE	2048	Define the key pair size in bits
set_var EASYRSA_ALGO	rsa	The default crypt mode
set_var EASYRSA_CA_EXPIRE	3650	The CA key expire days
set_var EASYRSA_CERT_EXPIRE	825	The Server certificate key expire days
set_var EASYRSA_NS_SUPPORT	“no”	Support deprecated Netscape extension
set_var EASYRSA_NS_COMMENT	“HAKASE-LABS CERTIFICATE AUTHORITY”	Defines NS comment
set_var EASYRSA_EXT_DIR	"$EASYRSA/x509-types"	Defines the x509 extension directory
set_var EASYRSA_SSL_CONF	"$EASYRSA/openssl-easyrsa.cnf"	Defines the openssl config file location
set_var EASYRSA_DIGEST	"sha256"	Defines the cryptographic digest to use

So if you need to edit above default values, un-comment corresponding lines and make necessary changes. The “var” also have other configurable options but I only mentioned few important variables. So in our case we are fine with the default values and the default values will be used during certificate generation.

Now Open the windows command prompt and go the directory “C:\Program Files\OpenVPN\easy-rsa”. After that Launch EasyRSA shell. For that issue below commands.

Copy to Clipboard

Now we have entered the easy-rsa3 shell prompt and from there we will be able to issue easy-rsa3 scripts. Attached a screenshot for reference.

Now Initiate the Public Key Infrastructure PKI directory. For that issue below command in the EasyRSA Shell.

Copy to Clipboard

Below the screenshot for reference. From there we can see the PKI directory is set to “C:\Program Files\OpenVPN\easy-rsa\pki”

Now build the certificate authority (CA ) key using the command below. This CA root certificate file later will be used to sign other certificates and keys. The option “nopass” we used is to disable password locking the CA certificate.

Copy to Clipboard

The command will be asked to enter the common name. Here I entered my VPN server Hostname which is OPENVPNSERVER, and it is a common practice. Here we are free to use any name or values. Also the created the CA certificate will be saved to folder “C:\Program Files\OpenVPN\easy-rsa\pki” with file name as “ca.crt”. Refer below screenshot.

Now Build a server certificate and key using below command. Here Replace <SERVER> with your own server name. Also I used Option nopass for disabling password locking the key.

Copy to Clipboard

Attached a screenshot for your reference. The issued server certificate will be in the folder “C:\Program Files\OpenVPN\easy-rsa\pki\issued” with file name as SERVER.crt.

After that we can verify the issued server certificate using below openssl command in the EasyRSA shell itself. The Status Ok indicate that the certificate is fine.

Copy to Clipboard

Now Build a client certificate and key using below command. From that Replace <CLIENT> with your client name. Also used Option nopass for disabling password locking the key.

Copy to Clipboard

Attached a screenshot for your reference. The issued client certificate will also be saved to folder “C:\Program Files\OpenVPN\easy-rsa\pki\issued” with file name as “CLIENT.crt”.

After that we can verify the issued client certificate using below openssl command. The Ok indicate that the certificate is fine.

Copy to Clipboard

This Completed the CA certificate, Sever and Client Certificate Generation along with Key. These keys will be used to authenticate between OpenVPN server and with the Client.

Now Generate a shared-secret key that is used in addition to the standard RSA certificate/key. The file name is tls-auth.key.

Using this key we enable tls-auth directive Which adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing.

Enabling the tls-auth will protect us from

DoS attacks or port flooding on the OpenVPN UDP port.
Port scanning to determine which server UDP ports are in a listening state.
Buffer overflow vulnerabilities in the SSL/TLS implementation.
SSL/TLS handshake initiations from unauthorised machines.

So first Download Easy-TLS using the GitHub link https://github.com/TinCanTech/easy-tls. It is an Easy-RSA extension utility that we are using to generate tls-auth key.

Click the Download zip option which is available under code tab. Refer below screenshot.

After that unzip the easy-tls-master folder and copy the files named “easytls”and “easytls-openssl.cnf” file to “C:\Program Files\OpenVPN\easy-rsa” directory. Check below screenshot for reference.

Now go back to the EasyRSA shell prompt and issue below command. This will initialise the easy-tls script utility.

Copy to Clipboard

Now after that generate the tls-auth key using below command.

Copy to Clipboard

The command will generate the tls-auth key file named “tls-auth.key” under the folder “C:\Program Files\OpenVPN\easy-rsa\pki\easytls”. Refer below screenshot.

Now we need to Generate Diffie Hellman parameters.

Diffie Hellman parameters must be generated for the OpenVPN server.

These parameters define how OpenSSL performs the Diffie-Hellman (DH) key-exchange. Diffie–Hellman key exchange is a method of securely exchanging cryptographic keys over a public channel

Issue below command for generating Diffie Hellman parameters from the EasyRSA shell.

Copy to Clipboard

The command will create the DH file under folder “C:\Program Files\OpenVPN\easy-rsa\pki” with file name as “dh.pem”. Refer below screenshot.

This completes the generation of necessary SSL/TLS key files needed for OpenVPN service. We will be able to find the created files under below folders.

Folder Path	Content
C:\Program Files\OpenVPN\easy-rsa\pki	CA file, DH file and other OpenSSL related files like config file
C:\Program Files\OpenVPN\easy-rsa\pki\private	Include the private key files of CA, Server and Client certificates
C:\Program Files\OpenVPN\easy-rsa\pki\easytls	Contains the tls-auth key
C:\Program Files\OpenVPN\easy-rsa\pki\issued	Contains issued Server and Client certificates

Refer below screenshot.

Also below is the short explanation of the relevant files.

Filename	Needed By	Purpose	Secret
ca.crt	server + all clients	Root CA certificate	No
ca.key	Server Only	Root CA key	YES
dh.pem	server only	Diffie Hellman parameters	No
SERVER.crt	server only	Server Certificate	No
SERVER.key	server only	Server Key	Yes
CLIENT.crt	Client only	Client Certificate	No
CLIENT.key	client only	Client Key	Yes
tls-auth.key	server + all clients	Used for tls-auth directive	No

Now its the time to copy Certificate files ca.crt, CLIENT.crt, CLIENT.key and tls-auth.key from OpenVPN server to the OpenVPN client PC. Make sure to copy secret files over a secure channel like SFTP.

Okay, this completes the creation of SSL/TLS certificates for the OpenVPN service. Now lets move to the next section.

Section 3 . Create configuration files for server

In this section, we create the OpenVPN Server configuration file and Make Necessary changes in it.

First Open Windows Explorer and go the folder “C:\Program Files\OpenVPN\sample-config” and copy file named “server.ovpn” to “C:\Program Files\OpenVPN\config”.

Refer Below Screenshot.

Now open the config file using any Text editor and make changes to below values accordingly.

ca “C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\ca.crt”

cert “C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\issued\\SERVER.crt”

key “C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\private\\SERVER.key”

dh “C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\dh.pem”

push “redirect-gateway def1 bypass-dhcp”

push “dhcp-option DNS 208.67.222.222”

push “dhcp-option DNS 208.67.220.220”

tls-auth “C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\easytls\\tls-auth.key” 0

cipher AES-256-CBC

In that first four values defines the location of ca, cert , key and Diffie hellman parameters certificate locations.

The Next three lines enforce the clients to redirect their all traffic through OpenVPN server once they successfully connected to OpenVPN server.

Using “tls-auth” parameter, we enable HMAC firewall. Its an extra layer of security used to prevent DDos attack.

The last one “data-ciphers AES-256-CBC” enables a cryptographic cipher.

Refer below screenshots and then you will get an idea about how these parameters looks in server.ovpn config file.

This Completes the OpenVPN config file Setup. Now open the UDP Port 1194 in the Windows firewall using below power shell command.

Copy to Clipboard

Now start the OpenVPN server service by click on Windows Show hidden icons section >> right click the OpenVPN icon >> Choose Connect.

The OpenVPN service will start automatically and you will see a green colour inside OpenVPN icon. This means that our OpenVPN service is running.

Another Option to confirm the running of OpenVPN service is , take windows cmd and list all network interfaces. We will see now the OpenVPN TUN/TAP interface is assigned with private IP 10.8.0.1, which is the default private IP address range assigned to server and with clients as per the config settings.

Section 4. Enable Internet Connection Sharing (ICS) in Windows 10

As I mentioned in the introduction section we are setting up our OpenVPN server , to route clients all IP traffic such as Web browsing and DNS lookups through VPN Server itself. For that we need to share the public internet through OpenVPN server Public Interface that already have internet access to OpenVPN TUN/TAP Network interface.

So lets see how this can be accomplished. For that first go to the windows services section and Right-click “Routing and Remote Access” service. Choose Properties and make the startup type as Automatic. After that start the service.
After that go to VPN Server “Network and Internet ” settings >> Under Ethernet >> Change adaptor options >> Right click the Network Adaptor name which is having Public Internet access and choose properties.

Choose Sharing tab and from there Tick the box “Allow other network users to connect through this computer’s Internet connection” option
From the drop-down list select “OpenVPN Tap-Windows6”, or whatever is the connection name of your TAP server connection.
Also if you needed you can tick the box next to ” Allow other network users to control or disable the shared internet connection” option
Click Ok and confirm the changes

Now edit the below registry key value. For that run the “regedit” in Windows Run.

Key	Value	Type	Data
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters	IPEnableRouter	REG_DWORD	0x00000001 (1)

Okay, this completes Enable Internet Connection Sharing (ICS) in Windows 10. Now lets move to the next section. Also reconnect the OpenVPN connection again to take effect the changes.

Section 5 . Setup OpenVPN Client.

In this section we first install the OpenVPN MSI installer on Client PC like Windows 10. After that we will setup OpenVPN client config files. Finally start the the OpenVPN connection and test it out.

Section 5 a . OpenVPN Client MSI Install

For OpenVPN MSI installation on Client PC, follow the same steps described on Section 1. The OpenVPN Community Edition MSI Installer can be used on both Server side and with the client side.

After the OpenVPN MSI installation. Open Windows Explorer and go the folder “C:\Program Files\OpenVPN\sample-config” and copy file named “client.ovpn” to “C:\Program Files\OpenVPN\config”.

Move already downloaded ca.crt, CLIENT.crt, CLIENT.key and tls-auth.key to folder “C:\Program Files\OpenVPN\config”.

Refer below screenshot for better understanding on file structure.

Section 5 b . Configure Client Config File.

Go to the folder “C:\Program Files\OpenVPN\config” and open client.ovpn file using any text editor and define below parameters accordingly.

remote 185.210.137.214 1194

ca “C:\\Program Files\\OpenVPN\\config\\ca.crt”

cert “C:\\Program Files\\OpenVPN\\config\\CLIENT.crt”

key “C:\\Program Files\\OpenVPN\\config\\CLIENT.key”

remote-cert-tls server

tls-auth “C:\\Program Files\\OpenVPN\\config\\tls-auth.key” 1

cipher AES-256-CBC

In that first value defines The hostname/IP and port of the OpenVPN server

The Next three ca, cert , key values defines the location of CA and client certificate locations.

Using “remote-cert-tls server” , the OpenVPN client will verify the server certificate extendedKeyUsage.

Using “tls-auth” parameter, we enable HMAC firewall. Its an extra layer of security used to prevent DDos attack.

The last one “cipher AES-256-CBC” enables a cryptographic cipher.

Below picture shows how these parameters looks in the client config file.

This Completes the Client Setup. Now test the VPN Connection from client side. Make sure to open UDP port 1194 in the client side windows firewall too.

Section 5 c . Testing the OpenVPN connection.

Under windows Hidden Notification area , right click on OpenVPN icon and Click Connect.

The OpenVPN connection will establish automatically. After the successful connection , try to ping to the private IP of OpenVPN server and make sure its reachable. Also test the internet connection of your client PC.

Also on a Successfully connected OpenVPN Client PC, if we lookup the what is my IP on web browser, we will see its our VPN Server IP. This means that all our web traffic is routing through OpenVPN server.

Conclusion.

We have successfully completed the OpenVPN setup On Windows 10 and successfully connected from a Windows 10 OpenVPN client PC. Also we have seen how to route all IP traffic from client side through OpenVPN server. I hope this article is informative. Leave your thoughts at the comment box.

By admin|2022-01-31T07:21:59+00:00December 17th, 2021|OpenVPN, Windows|

29 Comments

darp February 20, 2022 at 2:18 pm - Reply

Hi,
Cannot find easytls-openssl.cnf in zip.
Thx.
- admin March 13, 2022 at 4:44 am - Reply
  
  Yes, correct. Its not available in the updated zip and we don’t need to copy that file now. The command easytls will work with out that file.
JJ March 14, 2022 at 6:10 pm - Reply

Thank you for this clear tutorial, I followed every step, but am stuck with these errors in the log file:
Can you please help!?

2022-03-14 14:01:00 WARNING: –topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to –topology subnet as soon as possible.

2022-03-14 14:01:00 DEPRECATED OPTION: –cipher set to ‘AES-256-CBC’ but missing in –data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore –cipher for cipher negotiations. Add ‘AES-256-CBC’ to –data-ciphers or change –cipher ‘AES-256-CBC’ to –data-ciphers-fallback ‘AES-256-CBC’ to silence this warning.

2022-03-14 14:01:00 Cannot pre-load keyfile (“C:\Users\[removed]\OpenVPN\tls-auth.key”)
[ in server.ovpn it is with \\, but the .log file shows \ !?]

2022-03-14 14:01:00 Exiting due to fatal error
- admin March 23, 2022 at 11:24 am - Reply
  
  As suggested try to use –data-ciphers-fallback ‘AES-256-CBC’. Normally it should work.
  Cannot preload the tls-auth key, some how the path is not correct or may be related to permission related or may be the double quotes symbol is wrong somehow.
DoctorMagic March 22, 2022 at 9:43 pm - Reply

All ok, I follow all instructions but when i connect give me an error:
Unrecognized option or missing or extra parameter(s) is server.ovpn:78: ca (2.5.6)
why?
- admin March 23, 2022 at 11:25 am - Reply
  
  It could be possible that the double quotes symbol got changed somehow. Try to manually type it.
- Alan Tibbetts April 2, 2022 at 11:59 pm - Reply
  
  Regarding the error
  Unrecognized option or missing or extra parameter(s) is server.ovpn:78: ca (2.5.6)
  why?
  
  I found that using Notepad++ to replace all the standalone \n symbols in the sample server and client files cured the problem. It took two passes. Replace \n with \r\n first, followed by replace \r\n\n with \r\n. I also changed the encoding from UTF-8-BOM to ANSI. It really looks like the samples were really not tested well, perhaps being copied from another OS without changing the end of line syntax appropriately.
DoctorMagic March 23, 2022 at 9:34 am - Reply

this is the line 78
ca “C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\ca.crt”
- OpenVPNwitness April 7, 2023 at 2:25 pm - Reply
  
  just copy all the certificates to the config and config-auto folders (the same folder, where server.ovpn file is), after that your config will look much simpler:
  ca ca.crt
  cert server.crt
  key server.key
  dh dh.pem
  tls-auth ta.key 0
- OpenVPNwitness April 7, 2023 at 2:34 pm - Reply
  
  it is much simpler just to copy all certs to the config folder, the same folder where server.ovpn file is. Config looks much cleaner and you don’t need to worry about \\ or “”:
  
  # specify the server certificate and keys location and names
  
  ca ca.crt
  cert server.crt
  key server.key
  dh dh.pem
  tls-auth ta.key 0
DoctorMagic March 23, 2022 at 1:08 pm - Reply

it works
the problem is “(keyboard input) not ” (web copy)
Thanks
Idol
DoctorMagic March 24, 2022 at 6:28 pm - Reply

Hello again
Routing is enabled
i ping 10.8.0.1 and 172.16.1.11 (ip windows 10) correctly from client
but i not surf in internet on client.
I don’t ping any address of server 172.16.1.11
Where is the error?
Thanks again
DoctorMagic March 24, 2022 at 6:43 pm - Reply

Hello again.
I disable the iCS and then enable
Its works
all ok
Alan Tibbetts April 2, 2022 at 11:47 pm - Reply

I had these same problems. I just copied the line above into Notepad++ and used the HEX-editor plugin to look at it in hex, I saw that the double quotes were e2 80 9c for the leading quote and e2 80 9d for the trailing quote, not the ANSI double quote (hex 22) with which they are visually identical. My solution was to replace the bogus quotes with the ANSI apostrophe (hex 27). It takes two passes through the file to replace the leading and then the trailing offensive characters. Not offensive to me, offensive to OpenVPN.
DoctorMagic April 3, 2022 at 11:57 am - Reply

Hello, can i execute a script on server when a client is connected?
For example when a generic client is connected i send a message to admin
Thanks
- admin April 12, 2022 at 6:20 am - Reply
  
  Yes, from my understanding its possible and I believe you need to look at the –script-security option available for openvpn
Vlad August 11, 2022 at 2:27 pm - Reply

Awesome! Thanks for the detailed explanation, all works fine.
Vlad September 9, 2022 at 5:56 pm - Reply

It connects, but can’t open websites in a browser. Any clues?
- admin September 15, 2022 at 2:05 pm - Reply
  
  Try to restart the openvpn service and see if that helps.
- OpenVPNwitness April 7, 2023 at 2:28 pm - Reply
  
  DNS problem?
Luca September 15, 2022 at 11:23 pm - Reply

Good evening, your guide is one of the best currently on the Web, congratulations!

Openvpn server is active on 192.168.1.1 and the client connects regularly receiving 192.168.1.2 from the dhcp.

I tried to connect a second client to the openvpn server that uses the same certificates and keys as the first client (ca.crt, client.crt, client.key, tls-auth.key and client.conf), but the server re-assigns 192.168 .1.2 disconnecting the first client, how can I solve?
Luca September 15, 2022 at 11:51 pm - Reply

Hello, your guide is one of the best currently on the Web, congratulations, the openvpn server is active on 192.168.1.1 and the client connects regularly receiving 192.168.1.2 from the dhcp.

I tried to connect a second client to the openvpn server that uses the same certificates and keys as the first client (ca.crt, client.crt, client.key, tls-auth.key and client.conf), but the server re-assigns 192.168 .1.2 disconnecting the first client, how can I solve?

Thanks
sindin November 1, 2022 at 6:13 pm - Reply

Thank you for this tutorial
but open vpn client gives me error:

thats is —> TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS handshake failed
Swastik January 12, 2023 at 6:06 pm - Reply

Upon executing this command
New-NetFirewallRule -DisplayName “OpenVPN” -Direction inbound -Profile Any -Action Allow -LocalPort 1194 -Protocol UDP
I am getting
bin/sh: New-NetFirewallRule: not found.
Please provide assistance.
GJ March 29, 2023 at 6:06 pm - Reply

EasyRSA Shell
# ./easyrsa gen-dh
bin/sh: ./easyrsa: not found
Connor April 27, 2023 at 2:40 am - Reply

Good evening,

Great video and blog! I have everything good to go with no errors but seems my client won’t connect to server. Should the server ip address be my public ip? Or designated as the 10.8.0.0 that is in the setup file? For example, you use 185.210.137.214 which seems to me is your server’s public IP? Just need clarification on what to put for IPs for both client and server config files and where. I appreciate your help!!

Regards,

Connor
Mistreselasie Sentayehu Abate July 25, 2023 at 4:48 pm - Reply

Hi really would like to thank you for your great step by step guidance. and i tried to follow each step and in the server side it worked and connected perfectly. but in the clinet side it gave me an error “2023-07-25 20:43:15 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-07-25 20:43:15 TLS Error: TLS handshake failed
2023-07-25 20:43:15 SIGUSR1[soft,tls-error] received, process restarting
2023-07-25 20:43:15 MANAGEMENT: >STATE:1690303395,RECONNECTING,tls-error,,,,,
2023-07-25 20:43:15 Restart pause, 160 second(s)” i tried to so many times but the TLS handshake error i could not resolve it , could you please help me on that . Thank you so much. Thankyou
Xme July 31, 2023 at 12:16 am - Reply

To correct error replace the [“] and [”] to [“].
“ and ” its not the same as ” and “.
xme July 31, 2023 at 12:22 am - Reply

This web page use wrong font fonts for show programming code. The font change the [“].