Support FAQ | 368 Configuring a Windows OpenVPN client or server

Configuring a Windows OpenVPN client or server

Microsoft Windows does not come with any OpenVPN server or client software. So if you will need to install and configure an OpenVPN Windows client on your PC if you wish to set up an OpenVPN connection to an Opengear console server within your remote data centre. Similarly if you have Opengear device servers distributed at the edge of your distributed network and you wish them all to securely tunnel to your central office Windows server you will need to install and configure an OpenVPN Windows server software on your central server.

Console servers with firmware V3.5.2 and later will generate Windows client config automatically from the GUI (but only for Pre-shared Secret (Static Key File) configurations).

Alternately OpenVPN GUI for Windows software (which includes the standard OpenVPN package plus a Windows GUI) can be downloaded from www.openvpn.se/download.html.

Once installed on the Windows machine, an OpenVPN icon will have been created in the Notification Area located in the right side of the taskbar
Right click on this icon to start (and stop) VPN connections, and to edit configurations and view logs

When the OpenVPN software is started, the C:\Program Files\OpenVPN\config folder will be scanned for “.opvn” files. This folder will be rechecked for new configuration files whenever the OpenVPN GUI icon is right-clicked. So once OpenVPN is installed, a configuration file will need to be created:

Using a text editor, create an xxxx.ovpn file and save in C:\Program Files\OpenVPN\config e.g. C:\Program Files\OpenVPN\config\client.ovpn

Here is an example of an OpenVPN Windows client configuration file:

# description: IM4216_client
client
proto udp
verb 3
dev tun
remote 192.168.250.152
port 1194
ca c:\\openvpnkeys\\ca.crt
cert c:\\openvpnkeys\\client.crt
key c:\\openvpnkeys\\client.key
nobind
persist-key
persist-tun
comp-lzo

And below is an example of an OpenVPN Windows Server configuration file:

server 10.100.10.0 255.255.255.0
port 1194
keepalive 10 120
proto udp
mssfix 1400
persist-key
persist-tun
dev tun
ca c:\\openvpnkeys\\ca.crt
cert c:\\openvpnkeys\\server.crt
key c:\\openvpnkeys\\server.key
dh c:\\openvpnkeys\\dh.pem
comp-lzo
verb 1
syslog IM4216_OpenVPN_Server

The Windows client/server configuration file options are:

OPTION	DESCRIPTION
#description:	This is a comment describing the configuration.Comment lines start with a ‘#’ and are ignored by OpenVPN
client / server	Specify whether this will be a client or server configuration file. In the server configuration file, define the IP address pool and netmask. For example, server 10.100.10.0 255.255.255.0
proto udp / proto tcp	Set the protocol to UDP or TCP. The client and server must use the same settings
mssfix [max. size]	Mssfix sets the maximum size of the packet. This is only useful for UDP if problems occur
verb [level]	Set log file verbosity level. Log verbosity level can be set from 0 (minimum) to 15 (maximum). For example, 0 = silent except for fatal errors 3 = medium output, good for general usage 5 = helps with debugging connection problems 9 = extremely verbose, excellent for troubleshooting
dev tun / dev tap	Select ‘dev tun’ to create a routed IP tunnel or ‘dev tap’ to create an ethernet tunnel. The client and server must use the same settings
remote [host]	The hostname/IP of OpenVPN server when operating as a client. Enter either the DNS hostname or the static IP address of the server
port	The UDP/TCP port of the server
keepalive	Keepalive uses ping to keep the OpenVPN session alive. 'Keepalive 10 120' pings every 10 seconds and assumes the remote peer is down if no ping has been received over a 120 second time period
http-proxy [proxy server] [proxy port #]	If a proxy is required to access the server, enter the proxy server DNS name or IP and port number
ca [file name]	Enter the CA certificate file name and location. The same CA certificate file can be used by the server and all clients. Note: Ensure each ‘\’ in the directory path is replaced with ‘ \\’. For example, c:\openvpnkeys\ca.crt will become c:\\openvpnkeys\\ca.crt
cert [file name]	Enter the client's or server’s certificate file name and location. Each client should have its own certificate and key files. Note: Ensure each ‘\’ in the directory path is replaced with ‘ \\’
key [file name]	Enter the file name and location of the client's or server's key. Each client should have its own certificate and key files. Note: Ensure each ‘\’ in the directory path is replaced with ‘ \\’
dh [file name]	This is used by the server only. Enter the path to the key with the Diffie-Hellman parameters. Nobind ‘Nobind’ is used when clients do not need to bind to a local address or specific local port number. This is the case in most client configurations
persist-key	This option prevents the reloading of keys across restarts
persist-key	This option prevents the close and reopen of TUN/TAP devices across restarts
cipher BF-CBC Blowfish (default) / cipher AES-128-CBC AES / cipher DES-EDE3-CBC / Triple-DES	Select a cryptographic cipher. The client and server must use the same settings
comp-lzo	Enable compression on the OpenVPN link. This must be enabled on both the client and the server
syslog	By default, logs are located in syslog or, if running as a service on Window, in \Program Files\OpenVPN\log directory

To initiate the OpenVPN tunnel following the creation of the client/server configuration files:

Right click on the OpenVPN icon in the Notification Area
Select the newly created client or server configuration. For example, IM4216_client
Click Connect. The log file will be displayed as the connection is established
Once established, the OpenVPN icon will display a message notifying of the successful connection and assigned IP. This information, as well as the time the connection was established, is available anytime by scrolling over the OpenVPN icon

Note: There are alternate OpenVPN Windows clients e.g. can be downloaded from www.openvpn.net/index.php/openvpn-client/howto-openvpn-client.html

Enable OpenVPN on the console server

For details on enabling and configuring the corresponding OpenVPN client or server on the console server end refer faq367-OpenVPN.html

Solutions Product Overview Solutions Overview How to Buy	About Us Corporate In the Media Press Releases Contact Us	Resources Twitter YouTube Videos Resource Library	Support Technical Support Knowledge Base Cabling & Adapters Contact Us
© Opengear 2012 \| Privacy Policy