...
Write
OneWriteup
  • Login
  • Register
  • Trending
  • Articles
  • Blog
  • Tutorials
  • News
  • Research
  • Top 10 Lists
  • Case Studies
  • Writeup
  • Interviews
  • Personal Stories
  • Infographics
No Result
View All Result
  • Trending
  • Articles
  • Blog
  • Tutorials
  • News
  • Research
  • Top 10 Lists
  • Case Studies
  • Writeup
  • Interviews
  • Personal Stories
  • Infographics
No Result
View All Result
OneWriteup
No Result
View All Result

How to Configure OpenVPN Server for Multi Clients Setup in Windows?

FOUNDER by FOUNDER
August 20, 2024
Reading Time: 8 mins read
27
0
onewriteup.com
Share on FacebookShare on Twitter

 

OpenVPN is a powerful and flexible VPN solution that allows you to secure your internet connection and ensure privacy. This guide will walk you through the step-by-step process of setting up an OpenVPN server on a Windows machine and configuring it for secure, remote access.

STEP 1: Download OpenVPN

Begin by downloading the latest version of OpenVPN for Windows from the official website:

Download OpenVPN

 

STEP 2: Install OpenVPN Server on Windows

  1. Run the Setup File:
    • Launch the OpenVPN installer.
    • Choose the option to Customize the installation.

  2. Customize the Installation:
    • Expand the OpenVPN Service option by clicking the plus button (+) and select Will be installed on local hard drive.
    • Similarly, expand the OpenSSL Utilities option and select Will be installed on local hard drive.
    • Proceed with the installation by clicking Install Now.

 

 

 

 

 

 

 

STEP 3: Create Certificates and Keys for the Server

  1. Open CMD with Administrator privileges:
  2. Navigate to the directory 'C:\Program Files\OpenVPN\easy-rsa\'
  3. Run EasyRSA-Start.bat script:
  4. Delete the default configuration of OpenVPN:
    ./easyrsa clean-all

  5. Initialize a database and directory structure for the Public Key Infrastructure (PKI):
    ./easyrsa init-pki 

  6. Create a Certificate Authority (CA) without a pass:
    ./easyrsa build-ca nopass


    Name your CA (e.g.,
    server1.local).

  7. Create certificates and keys for an OpenVPN server:
    /easyrsa build-server-full Server nopass

  8. Initialize Diffie-Hellman Parameter for secure key exchange:
    ./easyrsa gen-dh

STEP 4: Configure OpenVPN server

  1. Create a new folder called `Server-Config-Files` on desktop
  2. Copy the following files from the Easy-RSA directory to the Server-Config-Files folder:
    • ca.crt (from C:\Program Files\OpenVPN\easy-rsa\pki\)
    • dh.pem (from C:\Program Files\OpenVPN\easy-rsa\pki\)
    • Server.crt (from C:\Program Files\OpenVPN\easy-rsa\pki\issued\)
    • Server.key (from C:\Program Files\OpenVPN\easy-rsa\pki\private\)

      These are all of the copied files we have stored

3.  Create a configuration file for the OpenVPN server called Server.ovpn

port 1194
proto udp
dev tun

ca ca.crt
cert Server.crt
key Server.key
dh dh.pem

server 10.10.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

keepalive 10 120

push "route 10.10.0.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1"

comp-lzo
persist-key
persist-tun

status openvpn-status.log
verb 3

 

If you’re running your OpenVPN server and want to allow all clients to access each other, you can follow these steps:

 Edit the OpenVPN Server Configuration File

  1. Add  the following line to server.ovpn:
    client-to-client
    • This directive allows the clients to communicate with each other through the VPN.

 

4. Copy all configuration files and folders of `Server-Config-Files` and paste on

C:\Program Files\OpenVPN\easy-rsa\pki\private\

C:\Program Files\OpenVPN\config-auto\

 

5. Enable the IPEnableRouter option to allow client to access the Internal LAN

  • Open the Registry Editor by typing regedit in the Run dialog (Win + R).
  • Navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.
  • Set the value of IPEnableRouter to 1.

|

6. Configure Internet sharing between LAN and VPN tunnel

Go to Network and Sharing Center and set up internet connection sharing between your LAN and the VPN tunnel interface.

 

7. Adjust the firewall to allow port 1194 /udp

  • Open Windows Defender Firewall.
  • Under Inbound Rules, create a new rule to allow UDP traffic on port 1194.
  • Name the rule “OpenVPN” and save it.

 

STEP 5: Create a Client Profile

  1. Generate Client Certificates and Keys:
    • Create the client’s certificate and key using the following command:

      ./easyrsa build-client-full Client1 nopass


    • Confirm the process when prompted.
  2. Create a Client Configuration Directory:
    • On your desktop, create a folder named Client-Config-Files.
  3. Copy Client Certificates and Keys:
    • Copy the following files to the Client-Config-Files folder:
      • ca.crt (from C:\Program Files\OpenVPN\easy-rsa\pki\)|
      • Client1.crt (from C:\Program Files\OpenVPN\easy-rsa\pki\issued\)
      • Client1.key (from C:\Program Files\OpenVPN\easy-rsa\pki\private\)

STEP 6: Set Up the OpenVPN Client

  1. Now send these files to the client machine.
  2. Restart OpenVPN service to apply the changes

    Navigate to OpenVPNService and restart.

    OpenVPN server configuration on Windows is complete.
    Now move to a Windows client machine to perform the test.

  3. Download and install OpenVPN on the client similar to the process on the server. (In Step 2)
  4. Create a configuration file for the OpenVPN server called client.ovpn
    client
    dev tun
    proto udp
    remote Your-Public-IP-Address 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tunca ca.crt
    cert Client1.crt
    key Client1.keycomp-lzo
    dhcp-option DNS 8.8.8.8
    dhcp-option DNS 8.8.4.4

    verb 3
    Create a configuration file for the client



    Save it as Client.ovpn in Client-Config-Files folder

  5. Copy all the files to the C:\Program Files\OpenVPN\config directory
  6. Configure the firewall to allow traffic through port 1194/UDP

    Go to Windows Defender Firewall and select Outbound Rules and create a New Rule.
    Select Port > UDP  and use port 1194

    Allow this connection for the port.

     

    Write OpenVPN in name and click on finish.

    Now you Are Successfully connected to the server.

    You can create as much clients profile as you want for multiple user access.

 

 

ADVERTISEMENT
ADVERTISEMENT
FOUNDER

FOUNDER

Cybersecurity aficionado committed to disseminating expertise, crafting articles that empower others to resolve errors and fortify online defenses with ease.

Recently Posted

HOW To BECOME AN ETHICAL HACKER ROADMAP

Free Cybersecurity Roadmap for Ethical Hacking Career in 2025

November 15, 2024
736
Top 4 Cyber attacks Commonly used for Hacking Websites!

Top 4 Cyber attacks Commonly used for Hacking Websites!

November 9, 2024
168
How to use bloodhound tool for pentesting

How to use Bloodhound / Sharphound for Pentesting Active Directory?

November 6, 2024
500
Pass The Hash

How to perform Pass The Hash Attack on Active Directory in 2024?

November 2, 2024
152
Load More

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

ADVERTISEMENT

Recommended

How To Write an SEO Optimized Article on OneWriteup.com?

How To Write an SEO Optimized Article on OneWriteup.com?

October 15, 2024
162
Top 4 Cyber attacks Commonly used for Hacking Websites!

Top 4 Cyber attacks Commonly used for Hacking Websites!

November 9, 2024
168

Popular Story

  • Download the Top 100 Free Cybersecurity Courses, Resources, and Study Materials for 2024

    Download the Top 100 Free Cybersecurity Courses, Resources, and Study Materials for 2024

    821 shares
    Share 328 Tweet 205
  • Termux Top 10 Most Powerful Tools in 2024

    313 shares
    Share 125 Tweet 78
  • Top Cyber Security VAPT Interview Preparation Questions in 2024

    86 shares
    Share 34 Tweet 22
  • Top 10 Ethical Hacking and Exam Prep Books: including free PDF links

    80 shares
    Share 32 Tweet 20
  • Enhance Your Path to Penetration Testing in 2025: TryHackMe Roadmap included

    44 shares
    Share 18 Tweet 11
ADVERTISEMENT
OneWriteup

Discover expert cybersecurity articles, tutorials, and the latest trends to protect your digital world.

  • OneWriteup Labs
  • About Us
  • Feedback
  • Contact Us
  • Report
  • Privacy Policy
  • Community Guidelines
  • Terms Of Service

© 2024 OneWriteup

No Result
View All Result
  • Trending
  • Articles
  • News
  • Blog
  • Tutorials
  • Research
  • Top 10 Lists
  • Case Studies
  • Interviews
  • Login
  • Sign Up

© 2024 OneWriteup

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Seraphinite AcceleratorOptimized by Seraphinite Accelerator
Turns on site high speed to be attractive for people and search engines.