ON VPN SERVER :
1. On windows machine Enabling TCP/IP Forwarding
Use Registry Editor (Regedt32.exe) to view the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Set the following registry value:
Value Name: IPEnableRouter
Value type: REG_DWORD
Value Data: 1
NOTE: A value of 1 enables TCP/IP forwarding for all network connections installed and used by this computer.
2. Install openvpn (openvpn-install-2.3.4-I603-x86_64) with full packages, you will get easy-rsa tools
3. Create certificate for server and client
cd cd "Program Files\OpenVPN\easy-rsa"
C:\Program Files\OpenVPN\easy-rsa>init-config.bat ( it's simply copy vars.bat.sample to vars.bat )
C:\Program Files\OpenVPN\easy-rsa>vars.bat ( open vars and modify according to our requirement , like
set KEY_COUNTRY=IN
set KEY_PROVINCE=DL
set KEY_CITY=DELHI
set KEY_ORG=ABC
set KEY_EMAIL=abc@gmail.com
set KEY_CN=DELHI-IN
set KEY_NAME=DELHI-IN
set KEY_OU=ABCXYZ
set PKCS11_MODULE_PATH=changeme
set PKCS11_PIN=1234
C:\Program Files\OpenVPN\easy-rsa>clean-all.bat
C:\Program Files\OpenVPN\easy-rsa>build-ca.bat
C:\Program Files\OpenVPN\easy-rsa>build-key-server server
C:\Program Files\OpenVPN\easy-rsa>build-key client
note : please be sure Common Name value and Name value should be change
C:\Program Files\OpenVPN\easy-rsa>build-dh.bat
4. All keys files are stored in keys folder (C:\Program Files\OpenVPN\easy-rsa\keys) copy ca.crt, server.crt, server.key,dh1024.pem and
past in C:\Program Files\OpenVPN\config folder
5. copy server.ovpn from server (C:\Program Files\OpenVPN\sample-config\) and past in (C:\Program Files\OpenVPN\config) folder
6. open server.ovpn and make below changes and save it.
Server config :
local 192.168.1.20 (OpenVPN Server ip)
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0" (OpenVPN server network ips)
push "dhcp-option DOMAIN xxxx.com" (if you are using domain)
client-to-client
keepalive 10 120
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
7. Go to services.msc and make openVpn to start automatic on system start.
8. Be sure udp 1194 port should be open on firewall.
DONE................... server configuration
openVPN client configuration :
1. Install openvpn (openvpn-install-2.3.4-I603-x86_64) on default mode.
2. copy copy ca.crt, client.crt, client.key from server and past in client machine C:\Program Files\OpenVPN\config
3. copy client.ovpn from server (C:\Program Files\OpenVPN\sample-config\) and past it on client machine (C:\Program Files\OpenVPN\config)
4. open client.ovpn and make below changes
client config :
client
dev tun
proto udp
remote openvpn server ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 3
5. Click on OpenVPN GUI and connect to OpenVPN SERVER
or
OpenVPN GUI connect command line
cd C:\Program Files\OpenVPN\bin
openvpn-gui.exe --config client.ovpn or openvpn.exe --config client.ovpn
Done!.....
1. On windows machine Enabling TCP/IP Forwarding
Use Registry Editor (Regedt32.exe) to view the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Set the following registry value:
Value Name: IPEnableRouter
Value type: REG_DWORD
Value Data: 1
NOTE: A value of 1 enables TCP/IP forwarding for all network connections installed and used by this computer.
2. Install openvpn (openvpn-install-2.3.4-I603-x86_64) with full packages, you will get easy-rsa tools
3. Create certificate for server and client
cd cd "Program Files\OpenVPN\easy-rsa"
C:\Program Files\OpenVPN\easy-rsa>init-config.bat ( it's simply copy vars.bat.sample to vars.bat )
C:\Program Files\OpenVPN\easy-rsa>vars.bat ( open vars and modify according to our requirement , like
set KEY_COUNTRY=IN
set KEY_PROVINCE=DL
set KEY_CITY=DELHI
set KEY_ORG=ABC
set KEY_EMAIL=abc@gmail.com
set KEY_CN=DELHI-IN
set KEY_NAME=DELHI-IN
set KEY_OU=ABCXYZ
set PKCS11_MODULE_PATH=changeme
set PKCS11_PIN=1234
C:\Program Files\OpenVPN\easy-rsa>clean-all.bat
C:\Program Files\OpenVPN\easy-rsa>build-ca.bat
C:\Program Files\OpenVPN\easy-rsa>build-key-server server
C:\Program Files\OpenVPN\easy-rsa>build-key client
note : please be sure Common Name value and Name value should be change
C:\Program Files\OpenVPN\easy-rsa>build-dh.bat
4. All keys files are stored in keys folder (C:\Program Files\OpenVPN\easy-rsa\keys) copy ca.crt, server.crt, server.key,dh1024.pem and
past in C:\Program Files\OpenVPN\config folder
5. copy server.ovpn from server (C:\Program Files\OpenVPN\sample-config\) and past in (C:\Program Files\OpenVPN\config) folder
6. open server.ovpn and make below changes and save it.
Server config :
local 192.168.1.20 (OpenVPN Server ip)
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0" (OpenVPN server network ips)
push "dhcp-option DOMAIN xxxx.com" (if you are using domain)
client-to-client
keepalive 10 120
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
7. Go to services.msc and make openVpn to start automatic on system start.
8. Be sure udp 1194 port should be open on firewall.
DONE................... server configuration
openVPN client configuration :
1. Install openvpn (openvpn-install-2.3.4-I603-x86_64) on default mode.
2. copy copy ca.crt, client.crt, client.key from server and past in client machine C:\Program Files\OpenVPN\config
3. copy client.ovpn from server (C:\Program Files\OpenVPN\sample-config\) and past it on client machine (C:\Program Files\OpenVPN\config)
4. open client.ovpn and make below changes
client config :
client
dev tun
proto udp
remote openvpn server ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 3
5. Click on OpenVPN GUI and connect to OpenVPN SERVER
or
OpenVPN GUI connect command line
cd C:\Program Files\OpenVPN\bin
openvpn-gui.exe --config client.ovpn or openvpn.exe --config client.ovpn
Done!.....
No comments:
Post a Comment