OpenVPN server for windows OS with use of Network Bridge adaptor

From Silbo Networks

Prerequisites:

  • A PC or Laptop running on Windows 8 or a latest

·      The PC with Static Public IP & OpenVPN 2.5.0-I601 GUI.

OpenVPN installation procedure:

Download OpenVPN GUI from below link.

https://openvpn.net/community-downloads/

Use custom option and make sure OpenSSL Utilities → EasyRSA 3 Certificate option is selected and if yes then start Installation process.



Upon installation of OpenVPN run command prompt with admin privilege.

And do the below steps.

  • Change the current directory to the EasyRSA folder. To do so, execute this command:

cd "C:\Program Files\OpenVPN\easy-rsa"

  • Launch EasyRSA:

EasyRSA-Start.bat

  • Before you can generate files with EasyRSA, you must first initialize a directory for the Public Key Infrastructure (PKI). This can be done with the following command:

./easyrsa init-pki

  • Open the vars.bat file with the Notepad text editor:

notepad vars.bat

  • This is the template file for generating certificates, i.e., the information stored here will be offered as default values during certificate generation. Locate and edit the following lines in accordance with your needs:
  • set KEY_COUNTRY=INDIA
  • set KEY_PROVINCE=GUJ
  • set KEY_CITY=POR
  • set KEY_ORG=SAT

set KEY_EMAIL=mail@host.domain

  • You can also set the key size for the Diffie Hellman parameters: Recommended to use higher than 2048.

set DH_KEY_SIZE=2048

  • Once you're done, save the file and close the editor(Notepad/notepad++ must be closed); then run the following commands:
  • vars.bat

./easyrsa clean-all

  • Now we can start generating the certificates and keys. Begin with the certificate authority (CA) - the root certificate file that will be used to sign other certificates and keys:

./easyrsa build-ca nopass

  • Next, build the server certificate and key:

./easyrsa build-server-full server nopass

  • Next, build certificates and keys for the clients: N can be replaced with any numeric number which represent client number … ex client1, client2, …., client501, etc.

./easyrsa build-client-full ClientN nopass

Note: replace Client1 with this client's Common Name (CN). Omit "nopass" and you will be prompted to choose the client's password. Lastly, generate Diffie Hellman parameters:

./easyrsa gen-dh

All the certificates will get generated into below paths so copy them to config folder

“C:\\Program Files\\OpenVPN\\config\\ “

CA certificate C:\Program Files\OpenVPN\easy-rsa\pki

Diffie-Hellman parameters C:\Program Files\OpenVPN\easy-rsa\pki

Client and Server keys C:\Program Files\OpenVPN\easy-rsa\pki\private

Client and Server certificates C:\Program Files\OpenVPN\easy-rsa\pki\issued

Note: The server cert, server key, CA and DH should be copied to “config folder” client files are not must as they should be used to create client.ovpn file which we can load into cellular router.

Now edit the open VPN server (ovpn) file samples which are available in “C:\Program Files\OpenVPN\sample-config” and do not forget to change the paths for certificates as shown below.


ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"

cert "C:\\Program Files\\OpenVPN\\config\\server.crt"

key "C:\\Program Files\\OpenVPN\\config\\server.key"

dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"


Then use the Ovpn file into OpenVPN server.


And then write click on OpenVPN GUI and connect the server.

Enabling Network Bridge Adaptor on PC.

bridge the OpenVPN TAP interface with Ethernet interface in Network adaptor as shown.


Add the client side (PLC/HMI/Controller/etc side) subnet into Network bridge adaptor IPv4 settings and make sure it is visible as shown in below screenshot.

And make sure client ovpn files are created with below format.

“Configuration settings

<ca>

Paste CA certificate

</ca>

<cert>Paste Client Certificate

</cert>

<key>

Paste Key related to the client certificate

</key>”

To create client.ovpn file we can use sample file from OpenVPN.


As these files are created in windows and the router is linux based so we should delete ^M” if checked from Linux SSH and if “CR

from each line which appears into ovpn file use below help document to do the same.


To remove `^M` characters (carriage returns) from an `.ovpn` file using Notepad++, follow these steps:   - To view the hidden characters, go to `View` > `Show Symbol` > `Show All Characters`. This will display all carriage return characters as `CR` and newline characters as `LF`.

1 Convert EOL (End of Line) Characters:

  - Go to `Edit` > `EOL Conversion` > `Unix (LF)`. This will convert all Windows-style line endings (`CRLF`) to Unix-style line endings (`LF`).

2. Save the File:

Retrieved from "https://wiki.silbonetworks.com/index.php?title=OpenVPN_server_for_windows_OS_with_use_of_Network_Bridge_adaptor&oldid=847"