OpenVPN server for windows-based system: Difference between revisions
No edit summary |
No edit summary |
||
(3 intermediate revisions by the same user not shown) | |||
Line 64: | Line 64: | ||
<code> ./easyrsa gen-dh </code> | <code> ./easyrsa gen-dh </code> | ||
All the certificates will get generated into below paths so copy them to config folder | All the certificates will get generated into below paths so copy them to config folder | ||
CA | “C:\\Program Files\\OpenVPN\\config\\ “ | ||
Diffie-Hellman | |||
Client and Server | CA certificate C:\Program Files\OpenVPN\easy-rsa\pki | ||
Client and Server | |||
Diffie-Hellman parameters C:\Program Files\OpenVPN\easy-rsa\pki | |||
Client and Server keys C:\Program Files\OpenVPN\easy-rsa\pki\private | |||
Client and Server certificates C:\Program Files\OpenVPN\easy-rsa\pki\issued | |||
Note: The server cert, server key, CA and DH should be copied to “config folder” client files are not must as they should be used to create client.ovpn file which we can load into cellular router (x20/x21/etc). | Note: The server cert, server key, CA and DH should be copied to “config folder” client files are not must as they should be used to create client.ovpn file which we can load into cellular router (x20/x21/etc). | ||
Now edit the open VPN server (ovpn) file samples which are available in “C:\Program Files\OpenVPN\sample-config” and do not forget to change the paths for certificates as shown below. | Now edit the open VPN server (ovpn) file samples which are available in “C:\Program Files\OpenVPN\sample-config” and do not forget to change the paths for certificates as shown below. | ||
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt" | ca "C:\\Program Files\\OpenVPN\\config\\ca.crt" | ||
cert "C:\\Program Files\\OpenVPN\\config\\server.crt" | cert "C:\\Program Files\\OpenVPN\\config\\server.crt" | ||
key "C:\\Program Files\\OpenVPN\\config\\server.key" | key "C:\\Program Files\\OpenVPN\\config\\server.key" | ||
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem" | dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem" | ||
Line 88: | Line 97: | ||
<ca> | <ca> | ||
Paste CA certificate | Paste CA certificate | ||
</ca> | </ca> | ||
<cert> | |||
Paste Client Certificate | |||
<cert>Paste Client Certificate | |||
</cert> | </cert> | ||
<key> | <key> | ||
Paste Key related to the client certificate | Paste Key related to the client certificate | ||
</key>” | </key>” | ||
Line 102: | Line 119: | ||
To remove `^M` characters (carriage returns) from an `.ovpn` file using Notepad++, follow these steps: | To remove `^M` characters (carriage returns) from an `.ovpn` file using Notepad++, follow these steps: | ||
'''1. Open the File:''' | |||
- Launch Notepad++. | |||
- Open your `.ovpn` file by navigating to `File` > `Open` and selecting the file. | |||
'''2. Show All Characters:''' | |||
- To view the hidden characters, go to `View` > `Show Symbol` > `Show All Characters`. This will display all carriage return characters as `CR` and newline characters as `LF`. | |||
'''3. Convert EOL (End of Line) Characters:''' | |||
- Go to `Edit` > `EOL Conversion` > `Unix (LF)`. This will convert all Windows-style line endings (`CRLF`) to Unix-style line endings (`LF`). | |||
'''4. Save the File:''' | |||
- Save the modified file by navigating to `File` > `Save`, or press `Ctrl + S`. | |||
'''Detailed Steps with Images (Optional)''' | |||
'''1. Open Notepad++ and the File:''' | |||
-![Open File](https://notepad-plus-plus.org/assets/images/home.png) | |||
- Navigate to `File` > `Open` and select your `.ovpn` file. | |||
'''2. Show All Characters:''' | |||
-![Show All Characters](https://notepad-plus-plus.org/assets/images/show-symbols.png) | |||
- Navigate to `View` > `Show Symbol` > `Show All Characters`. | |||
'''3. Convert EOL Characters:''' | |||
-![EOL Conversion](https://notepad-plus-plus.org/assets/images/eol-conversion.png) | |||
- Navigate to `Edit` > `EOL Conversion` > `Unix (LF)`. | |||
'''4. Save the File:''' | |||
-![Save File](https://notepad-plus-plus.org/assets/images/save.png) | |||
- Save the modified file by navigating to `File` > `Save`, or press `Ctrl + S`. | - Save the modified file by navigating to `File` > `Save`, or press `Ctrl + S`. | ||
These steps should remove all `^M` characters from your `.ovpn` file, converting the line endings to Unix format. | These steps should remove all `^M` characters from your `.ovpn` file, converting the line endings to Unix format. |
Latest revision as of 10:16, 22 August 2024
Prerequisites:
- A PC or Laptop running on Windows 8 or a latest
- The PC with Static Public IP & OpenVPN 2.5.0-I601 GUI.
OpenVPN installation
Download OpenVPN GUI from below link.
https://openvpn.net/community-downloads/
Use custom option and make sure OpenSSL Utilities → EasyRSA 3 Certificate option is selected and if yes then start Installation process.
Upon installation of OpenVPN run command prompt with admin privilege.
And do the below steps.
- Change the current directory to the EasyRSA folder. To do so, execute this command:
cd "C:\Program Files\OpenVPN\easy-rsa"
- Launch EasyRSA:
EasyRSA-Start.bat
- Before you can generate files with EasyRSA, you must first initialize a directory for the Public Key Infrastructure (PKI). This can be done with the following command:
./easyrsa init-pki
- Open the vars.bat file with the Notepad text editor:
notepad vars.bat
- This is the template file for generating certificates, i.e., the information stored here will be offered as default values during certificate generation. Locate and edit the following lines in accordance with your needs:
set KEY_COUNTRY=INDIA
set KEY_PROVINCE=GUJ
set KEY_CITY=POR
set KEY_ORG=SAT
set KEY_EMAIL=mail@host.domain
- You can also set the key size for the Diffie Hellman parameters: Recommended to use higher than 2048.
set DH_KEY_SIZE=2048
- Once you're done, save the file and close the editor(Notepad/notepad++ must be closed); then run the following commands:
vars.bat
./easyrsa clean-all
- Now we can start generating the certificates and keys. Begin with the certificate authority (CA) - the root certificate file that will be used to sign other certificates and keys:
./easyrsa build-ca nopass
- Next, build the server certificate and key:
./easyrsa build-server-full server nopass
- Next, build certificates and keys for the clients: N can be replaced with any numeric number which represent client number … ex client1, client2, …., client501, etc.
./easyrsa build-client-full ClientN nopass
Note: replace Client1 with this client's Common Name (CN). Omit "nopass" and you will be prompted to choose the client's password. Lastly, generate Diffie Hellman parameters:
./easyrsa gen-dh
All the certificates will get generated into below paths so copy them to config folder
“C:\\Program Files\\OpenVPN\\config\\ “
CA certificate C:\Program Files\OpenVPN\easy-rsa\pki
Diffie-Hellman parameters C:\Program Files\OpenVPN\easy-rsa\pki
Client and Server keys C:\Program Files\OpenVPN\easy-rsa\pki\private
Client and Server certificates C:\Program Files\OpenVPN\easy-rsa\pki\issued
Note: The server cert, server key, CA and DH should be copied to “config folder” client files are not must as they should be used to create client.ovpn file which we can load into cellular router (x20/x21/etc).
Now edit the open VPN server (ovpn) file samples which are available in “C:\Program Files\OpenVPN\sample-config” and do not forget to change the paths for certificates as shown below.
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
Then use the Ovpn file into OpenVPN server.
And make sure client ovpn files are created with below format.
“Configuration settings
<ca>
Paste CA certificate
</ca>
<cert>Paste Client Certificate
</cert>
<key>
Paste Key related to the client certificate
</key>”
To create client.ovpn file we can use sample file from OpenVPN. As these files are created in windows and the router is linux based so we should delete ^M from each line which appears into ovpn file use below help document to do the same.
To remove `^M` characters (carriage returns) from an `.ovpn` file using Notepad++, follow these steps:
1. Open the File: - Launch Notepad++.
- Open your `.ovpn` file by navigating to `File` > `Open` and selecting the file.
2. Show All Characters:
- To view the hidden characters, go to `View` > `Show Symbol` > `Show All Characters`. This will display all carriage return characters as `CR` and newline characters as `LF`.
3. Convert EOL (End of Line) Characters:
- Go to `Edit` > `EOL Conversion` > `Unix (LF)`. This will convert all Windows-style line endings (`CRLF`) to Unix-style line endings (`LF`).
4. Save the File:
- Save the modified file by navigating to `File` > `Save`, or press `Ctrl + S`.
Detailed Steps with Images (Optional)
1. Open Notepad++ and the File:
-![Open File](https://notepad-plus-plus.org/assets/images/home.png)
- Navigate to `File` > `Open` and select your `.ovpn` file.
2. Show All Characters:
-![Show All Characters](https://notepad-plus-plus.org/assets/images/show-symbols.png)
- Navigate to `View` > `Show Symbol` > `Show All Characters`.
3. Convert EOL Characters:
-![EOL Conversion](https://notepad-plus-plus.org/assets/images/eol-conversion.png)
- Navigate to `Edit` > `EOL Conversion` > `Unix (LF)`.
4. Save the File:
-![Save File](https://notepad-plus-plus.org/assets/images/save.png)
- Save the modified file by navigating to `File` > `Save`, or press `Ctrl + S`.
These steps should remove all `^M` characters from your `.ovpn` file, converting the line endings to Unix format.