How to Configure OpenVPN Server for Multi Clients Setup in Windows?

OpenVPN is a powerful and flexible VPN solution that allows you to secure your internet connection and ensure privacy. This guide will walk you through the step-by-step process of setting up an OpenVPN server on a Windows machine and configuring it for secure, remote access.

STEP 1: Download OpenVPN

Begin by downloading the latest version of OpenVPN for Windows from the official website:

Download OpenVPN

STEP 2: Install OpenVPN Server on Windows

1. Run the Setup File:
   • Launch the OpenVPN installer.
   • Choose the option to Customize the installation.

   

2. Customize the Installation:
   • Expand the OpenVPN Service option by clicking the plus button (+) and select Will be installed on local hard drive.
   • Similarly, expand the OpenSSL Utilities option and select Will be installed on local hard drive.
   • Proceed with the installation by clicking Install Now.

STEP 3: Create Certificates and Keys for the Server

1. Open CMD with Administrator privileges:
2. Navigate to the directory 'C:\Program Files\OpenVPN\easy-rsa\'
3. Run EasyRSA-Start.bat script:
4. Delete the default configuration of OpenVPN:
   ./easyrsa clean-all

   
5. Initialize a database and directory structure for the Public Key Infrastructure (PKI):
   ./easyrsa init-pki 

   

6. Create a Certificate Authority (CA) without a pass:
   ./easyrsa build-ca nopass

   
   Name your CA (e.g., server1.local).

   

7. Create certificates and keys for an OpenVPN server:
   /easyrsa build-server-full Server nopass

   

   

8. Initialize Diffie-Hellman Parameter for secure key exchange:
   ./easyrsa gen-dh

STEP 4: Configure OpenVPN server

1. Create a new folder called `Server-Config-Files` on desktop
2. Copy the following files from the Easy-RSA directory to the Server-Config-Files folder:

• • ca.crt (from C:\Program Files\OpenVPN\easy-rsa\pki\)
  • dh.pem (from C:\Program Files\OpenVPN\easy-rsa\pki\)
  • Server.crt (from C:\Program Files\OpenVPN\easy-rsa\pki\issued\)
  • Server.key (from C:\Program Files\OpenVPN\easy-rsa\pki\private\)

    These are all of the copied files we have stored
    

3.  Create a configuration file for the OpenVPN server called Server.ovpn

port 1194
proto udp
dev tun

ca ca.crt
cert Server.crt
key Server.key
dh dh.pem

server 10.10.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

keepalive 10 120

push "route 10.10.0.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1"

comp-lzo
persist-key
persist-tun

status openvpn-status.log
verb 3

If you’re running your OpenVPN server and want to allow all clients to access each other, you can follow these steps:

 Edit the OpenVPN Server Configuration File

1. Add  the following line to server.ovpn:
   client-to-client

   • This directive allows the clients to communicate with each other through the VPN.

4. Copy all configuration files and folders of `Server-Config-Files` and paste on

C:\Program Files\OpenVPN\easy-rsa\pki\private\

C:\Program Files\OpenVPN\config-auto\

5. Enable the IPEnableRouter option to allow client to access the Internal LAN

• Open the Registry Editor by typing regedit in the Run dialog (Win + R).
• Navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.
• Set the value of IPEnableRouter to 1.

|

6. Configure Internet sharing between LAN and VPN tunnel

Go to Network and Sharing Center and set up internet connection sharing between your LAN and the VPN tunnel interface.

7. Adjust the firewall to allow port 1194 /udp

• Open Windows Defender Firewall.
• Under Inbound Rules, create a new rule to allow UDP traffic on port 1194.
• Name the rule “OpenVPN” and save it.

STEP 5: Create a Client Profile

1. Generate Client Certificates and Keys:
   • Create the client’s certificate and key using the following command:

     ./easyrsa build-client-full Client1 nopass


     
     

   • Confirm the process when prompted.
2. Create a Client Configuration Directory:
   • On your desktop, create a folder named Client-Config-Files.
3. Copy Client Certificates and Keys:
   • Copy the following files to the Client-Config-Files folder:
     • ca.crt (from C:\Program Files\OpenVPN\easy-rsa\pki\)|
     • Client1.crt (from C:\Program Files\OpenVPN\easy-rsa\pki\issued\)
     • Client1.key (from C:\Program Files\OpenVPN\easy-rsa\pki\private\)

STEP 6: Set Up the OpenVPN Client

1. Now send these files to the client machine.
2. Restart OpenVPN service to apply the changes

   Navigate to OpenVPNService and restart.

   

   OpenVPN server configuration on Windows is complete.
   Now move to a Windows client machine to perform the test.

3. Download and install OpenVPN on the client similar to the process on the server. (In Step 2)
4. Create a configuration file for the OpenVPN server called client.ovpn
   client
dev tun
proto udp
remote Your-Public-IP-Address 1194
resolv-retry infinite
nobind
persist-key
persist-tunca ca.crt
cert Client1.crt
key Client1.keycomp-lzo
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4

   verb 3
Create a configuration file for the client

   
   
   Save it as Client.ovpn in Client-Config-Files folder

   

5. Copy all the files to the C:\Program Files\OpenVPN\config directory
6. Configure the firewall to allow traffic through port 1194/UDP
   
   Go to Windows Defender Firewall and select Outbound Rules and create a New Rule.Select Port > UDP  and use port 1194

   

   Allow this connection for the port.

    

   

   Write OpenVPN in name and click on finish.

   

   Now you Are Successfully connected to the server.

   

   You can create as much clients profile as you want for multiple user access.