tonygoodchild
asked on
OpenVPN configuration on a Windows 2003 server
Hi,
I have a Windows 2003 server which I am trying to configure OpenVPN to run on, and then to have all data from my client routed over the server.
The requirement is due to working in a number of countries which have ISP restrictions that block some of the sites and servers that I work on. Previously I have used the built in Remote Access and Routing on Windows to setup a PPTP VPN and this worked fine but I am now using a Mac laptop and the Mac OS seems to have issues staying connected to PPTP VPNs for more than a few minutes.
So now I am trying to use OpenVPN to accomplish the same thing but having no luck, I have generated the ca.crt, the server certificate and client certificates. The TAP interfaces are present in the list of network connections.
I have disabled the previously configured VPN using the Remote Access and Routing.
I have enabled IP routing in the Windows Registry by setting the following:
HKEY_LOCAL_MACHINE\SYSTEM\
IPEnableRouter = dword:00000001
Here is the server .ovpn file:
(substituted some of the ip address with w.x.y.z)
##########################
port 1194
proto udp
dev tap
tls-server
ca "C:\\Program Files\\OpenVPN\\config\\ca
cert "C:\\Program Files\\OpenVPN\\config\\se
key "C:\\Program Files\\OpenVPN\\config\\se
dh dh1024.pem
mode server
ifconfig 10.22.8.1 255.255.255.0
ifconfig-pool 10.22.8.10 10.22.8.15 255.255.255.0
push "route-gateway 10.22.8.1"
push "dhcp-option DNS w.x.y.z"
push "redirect-gateway def1"
keepalive 10 120
comp-lzo
max-clients 4
persist-key
persist-tun
status openvpn-status.log
verb 3
##########################
Here is the client .ovpn file:
(substituted some of the ip address with w.x.y.z)
##########################
remote w.x.y.z
proto udp
client
dev tap
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
ca "C:\\Program Files\\OpenVPN\\config\\ca
cert "C:\\Program Files\\OpenVPN\\config\\To
key "C:\\Program Files\\OpenVPN\\config\\To
ns-cert-type server
cipher BF-CBC
tun-mtu 1500
fragment 1300
mssfix 1450
route-method exe
route-delay 2
##########################
Can anyone suggest some configurations that would work? As I mentioned it needs to be able to route all http, ftp, skype, and RDP across it.
Many thanks!!
Tony
I have a Windows 2003 server which I am trying to configure OpenVPN to run on, and then to have all data from my client routed over the server.
The requirement is due to working in a number of countries which have ISP restrictions that block some of the sites and servers that I work on. Previously I have used the built in Remote Access and Routing on Windows to setup a PPTP VPN and this worked fine but I am now using a Mac laptop and the Mac OS seems to have issues staying connected to PPTP VPNs for more than a few minutes.
So now I am trying to use OpenVPN to accomplish the same thing but having no luck, I have generated the ca.crt, the server certificate and client certificates. The TAP interfaces are present in the list of network connections.
I have disabled the previously configured VPN using the Remote Access and Routing.
I have enabled IP routing in the Windows Registry by setting the following:
HKEY_LOCAL_MACHINE\SYSTEM\
IPEnableRouter = dword:00000001
Here is the server .ovpn file:
(substituted some of the ip address with w.x.y.z)
##########################
port 1194
proto udp
dev tap
tls-server
ca "C:\\Program Files\\OpenVPN\\config\\ca
cert "C:\\Program Files\\OpenVPN\\config\\se
key "C:\\Program Files\\OpenVPN\\config\\se
dh dh1024.pem
mode server
ifconfig 10.22.8.1 255.255.255.0
ifconfig-pool 10.22.8.10 10.22.8.15 255.255.255.0
push "route-gateway 10.22.8.1"
push "dhcp-option DNS w.x.y.z"
push "redirect-gateway def1"
keepalive 10 120
comp-lzo
max-clients 4
persist-key
persist-tun
status openvpn-status.log
verb 3
##########################
Here is the client .ovpn file:
(substituted some of the ip address with w.x.y.z)
##########################
remote w.x.y.z
proto udp
client
dev tap
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
ca "C:\\Program Files\\OpenVPN\\config\\ca
cert "C:\\Program Files\\OpenVPN\\config\\To
key "C:\\Program Files\\OpenVPN\\config\\To
ns-cert-type server
cipher BF-CBC
tun-mtu 1500
fragment 1300
mssfix 1450
route-method exe
route-delay 2
##########################
Can anyone suggest some configurations that would work? As I mentioned it needs to be able to route all http, ftp, skype, and RDP across it.
Many thanks!!
Tony
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
thanks for the information so far, I copied and pasted your server configuration from above and restarted it as you described and I got the following error:
Options error: --mode server requires --tls-server
btw the version I am using is 2.0.9
ASKER
Hi,
I just added the tls-server line and it seems to run fine now. To test it I've just sat and watched the BBC iPlayer (restricted to the UK) from a hotel room in Tokyo for a half hour :-)
Many thanks!!!
I just added the tls-server line and it seems to run fine now. To test it I've just sat and watched the BBC iPlayer (restricted to the UK) from a hotel room in Tokyo for a half hour :-)
Many thanks!!!
ASKER
Thanks a lot :-)
Alright! Congrats!
If you want to tighten up your setup in the future, consider buying the eBook listed at OpenVPN.net. It goes into more detail about each option available in OpenVPN. There's still a little more info I wish it would have, but I can usually find an explanation somewhere in the forums or elsewhere online.
Again, congrats on the success!
If you want to tighten up your setup in the future, consider buying the eBook listed at OpenVPN.net. It goes into more detail about each option available in OpenVPN. There's still a little more info I wish it would have, but I can usually find an explanation somewhere in the forums or elsewhere online.
Again, congrats on the success!
;comp-lzo
in server.ovpn instead of
comp-lzo
We want to disable compression until you're initially running.