Running OpenVPN Server on Windows

Channel:

i12bretro

Subscribers:

14,500

Published on May 3, 2021 9:00:13 AM ● Video Link: https://www.youtube.com/watch?v=eu2y_8tao2A

Duration: 9:09

1,713 views

16

#OpenVPN #VPNServer #SelfHosted

Full steps can be found at https://i12bretro.github.io/tutorials/0193.html

Prerequisites
   - A XCA PKI database  https://youtu.be/ezzj3x207lQ
 
Create Required Certificates
   01. Launch XCA
   02. Open the PKI database if it is not already (File ≫ Open DataBase), enter password
   03. Click on the Certificates tab, right click on your Intermediate CA certificate
   04. Select New
   05. On the Source tab, make sure Use this Certificate for signing is selected
   06. Verify your Intermediate CA certificate is selected from the drop down
   07. Click the Subject tab
   08. Complete the Distinguished Name section
         internalName: OpenVPN Server
         countryName: US
         stateOrProvinceName: Virginia
         localityName: Northern
         organizationName: i12bretro
         organizationUnitName: i12bretro Certificate Authority
         commonName: vpn.i12bretro.local
   09. Click the Generate a New Key button
   10. Enter a name and set the key size to at least 2048
   11. Click Create
   12. Click on the Extensions tab
   13. Set the Type dropdown to End Endity
   14. Check the box next to Subject Key Identifier
   15. Update the validity dates to fit your needs
   16. Click the Key Usage tab
   17. Under Key Usage select Digital Signature and Key Encipherment
   18. Under Extended Key Usage select TLS Web Server Authentication
   19. Click the Netscape tab
   20. Deselect all options and clear the Netscape Comment field
   21. Click OK to create the certificate
   22. Click on the Certificates tab, right click on your Intermediate CA certificate again
   23. Select New
   24. On the Source tab, make sure Use this Certificate for signing is selected
   25. Verify your Intermediate CA certificate is selected from the drop down
   26. Click the Subject tab
   27. Complete the Distinguished Name section
         internalName: OpenVPN Client #1
         countryName: US
         stateOrProvinceName: Virginia
         localityName: Northern
         organizationName: i12bretro
         organizationUnitName: i12bretro Certificate Authority
         commonName: VPN Client 1
   28. Click the Generate a New Key button
   29. Enter a name and set the key size to at least 2048
   30. Click Create
   31. Click on the Extensions tab
   32. Set the Type dropdown to End Endity
   33. Check the box next to Subject Key Identifier
   34. Update the validity dates to fit your needs
   35. Click the Key Usage tab
   36. Under Key Usage select Digital Signature, Key Agreement
   37. Under Extended Key Usage select TLS Web Client Authentication
   38. Click the Netscape tab
   39. Deselect all options and clear the Netscape Comment field
   40. Click OK to create the certificate
   41. On the Certificates tab, click the OpenVPN Server certificate
   42. Select Extra ≫ Generate DH Parameter
   43. Type 2048 for DH parameter bits
   44. Click OK
   45. Select a location for dh.pem and click Save
 
Exporting Required Files for OpenVPN
   01. In XCA, click on the Certificates tab
   02. Right click the Intermediate CA certificate ≫ Export ≫ File
   03. Set the file name to ca.crt and verify the export format is PEM chain (*.pem)
   04. Click OK
   05. Right click the OpenVPN Server certificate ≫ Export ≫ File
   06. Set the file name to server.crt and verify the export format is PEM (*.crt)
   07. Click OK
   08. Right click the OpenVPN Client #1 certificate ≫ Export ≫ File
   09. Set the file name to OpenVPN_Client #1.crt and verify the export format is PEM (*.crt)
   10. Click OK
   11. Click on the Private Keys tab
   12. Right click the OpenVPN Server key ≫ Export ≫ File
   13. Set the file name to server.key and verify the export format is PKCS #8 (*.pk8)
   14. Click OK
   15. Right click the OpenVPN Client #1 key≫ Export ≫ File
   16. Set the file name to OpenVPN_Client #1.pk8 and verify the export format is PKCS #8 (*.pk8)
   17. Click OK
 
Installing and Configuring OpenVPN Server
   01. Download the OpenVPN software  https://openvpn.net/community-downloads/
   02. Run the downloaded .msi installer
   03. Click Customize and make sure the OpenVPN Service option is selected for installation
   04. Click Install Now
   05. Once the installation completes, copy the exported ca.crt, server.crt, server.key and dh.pem files exported above to C:\Program Files\OpenVPN\config\Server
   06. Open a text editor and paste the following text
         port 1194
         proto tcp
         dev tun
         ca "C:\\Program Files\\OpenVPN\\config\\Server\\ca.crt"
         cert "C:\\Program Files\\OpenVPN\\config\\Server\\server.crt"
         key "C:\\Program Files\\OpenVPN\\config\\Server\\server.key"


....Full steps can be found on GitHub [link at the top]


### Connect with me and others ###
★ Discord: https://discord.com/invite/EzenvmSHW8
★ Reddit: https://reddit.com/r/i12bretro
★ Twitter: https://twitter.com/i12bretro