Useful Tips

How to connect to an OpenVPN server


This is a step-by-step guide on how to configure an OpenVPN server on Windows Server 2008/2012 operating systems and connect clients to the created virtual private network.

OpenVPN is an open implementation of VPN technology - Virtual Private Network, which is designed to create virtual private networks between a group of geographically remote nodes on top of an open data transmission channel (Internet). OpenVPN is suitable for tasks such as a secure remote network connection to a server without opening Internet access to it, as if you are connecting to a host on your local network. Connection security is achieved by OpenSSL encryption.

How it works?

Upon completion of the OpenVPN configuration, the server will be able to accept external SSL-protected network connections to the virtual network adapter (tun / tap) created when the VPN service was launched, without affecting the rules for processing traffic of other interfaces (external Internet adapter, etc.). It is possible to configure client sharing OpenVPN to a specific network adapter from those present on the server. In the second part of the manual, such a tunneling of user Internet traffic is considered. With this method of forwarding, the host processing the VPN connection will also perform the function of a proxy server (Proxy) - unify the rules of network activity of users and route client Internet traffic on its behalf.

Install OpenVPN on the server

Download and install the latest version of OpenVPN that matches your operating system. Run installer, make sure that the third step of the installation wizard is selected all components for installation.

Please note that in this manual further commands are calculated on the basis that OpenVPN is installed in the default directory "C: Program Files OpenVPN".

We allow the addition of a virtual TAP network adapter in response to the corresponding request and wait for the installation to complete (it may take several minutes).

Key Generation (PKI) certification authority, server, client, Diffie-Hellman algorithm

For pair management key / certificate all nodes of the created private network use the utility easy-rsaworking through the command line similar to the Linux console. To work with it, open the command prompt (Keyboard shortcut Win + rthen type cmd and press Enter)

Download our configuration files and scripts and replace them in the directory C: Program Files OpenVPN easy-rsa.

If the default paths do not match, correct them in all files.

In the configuration file openssl-1.0.0.conf be sure to set the values ​​for the variables that match your data: countryName_default

Note: if the value of the variable contains a space, then enclose it in quotation marks.

Certificate Center and Server key generation

    Rename the index.txt.start file to index.txt, serial.start to serial using the following commands: cd
    cd "C: Program Files OpenVPN easy-rsa"
    ren index.txt.start index.txt
    ren serial.start serial

Let's move on to creating a certificate authority key / certificate. Run the script:. Build-ca.bat

In response to prompts, you can just press Enter. The only exception is the KEY_CN (Common Name) field - be sure to specify a unique name and paste the same name into the name field.

Similarly, we generate a server certificate. Here the value of the Common Name and Name fields is SERVER:. Build-key-server.bat server

Note: server argument is the name of the future file.

For all generated keys, the question will now be asked whether to sign the created certificate (Sign the certificate) on behalf of the certification authority. We answer y (yes).

For each VPN client, you need to generate a separate SSL certificate.

There is an option in the OpenVPN configuration that you can enable by using one certificate for several clients (see file server.ovpn -> option "dublicate-cn"), but this is not recommended from a security point of view. Certificates can be generated in the future, as new customers connect. Therefore, now we will create only one for the client client1:

Run the following commands to generate client keys: cd
cd "C: Program Files OpenVPN easy-rsa"
. build-key.bat client1

Note: argument client1 is the name of the future file.

In the Common Name field, specify the name of the client (in our case, client1).

Diffie Hellman Options

To complete the encryption setup, you need to run the Diffie-Hellman parameter generation script:. Build-dh.bat

Displaying information about creating parameters looks like this:

Transferring created keys / certificates

Generated certificates are in the directory C: Program Files OpenVPN easy-rsa keys. Copy the files below to the directory C: Program Files OpenVPN config:

OpenVPN Server Configuration

In the tree, find the directory HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip Parameters. In the right part of the window, find the variable IPEnableRouterdouble-click to go to the value editing window and change it to 1thereby enabling addressing on the VPS.

    We proceed to configure the VPN server directly, use our configuration file called server.ovpn and place it in the C: Program Files OpenVPN config directory.

Open the file, find the paths to the keys (see below). We check in it the paths to the previously copied certificates ca.crt, dh1024.pem / dh2048.pem, server.key, server.crt and, if necessary, change: port 1194
proto udp
dev tun
ca "C: Program Files OpenVPN config ca.crt"
cert "C: Program Files OpenVPN config server.crt"
key "C: Program Files OpenVPN config server.key"
dh "C: Program Files OpenVPN config dh2048.pem"
push "redirect-gateway def1"
push "dhcp-option DNS"
keepalive 10 120
verb 3

Now you need to enable traffic forwarding between the adapters. Follow these steps: Control Panel -> Network and Internet -> Network and Sharing Center -> Change adapter settings. Choose an adapter that looks to the external Internet (the TAP adapter is responsible for the VPN connection). In our example, this is Ethernet 2.

Double-click to open The properties adapter and go to the tab Access, check all items. Save the changes.

Next, you need to enable IP addressing.

Use the Windows search to find the REGEDIT.exe application.

Immediately configure the OpenVPN service to autostart at system startup. Open Services Windows We find in the list OpenVPN -> RMB -> Properties (Properties) -> Launch: Automatically

This completes the basic setup of the VPN server. Find file C: Program Files OpenVPN config server.ovpn -> right-click -> "Start OpenVPN on this config" to start the virtual private network server and the configuration file we prepared.

OpenVPN Client Configuration

OpenVPN client applications are available for all popular OSs: Windows / Linux / iOS / Android. For MacOS, a client is used Tunnelblick. All of these applications work with the same configuration files. Only a few differences of several options are possible. You can learn about them by examining the documentation for your OpenVPN client. In this guide, we will consider connecting a Windows client using the same distribution package that we installed on the server. When using applications for other operating systems, the configuration logic is similar.

  1. Install the current version of OpenVPN on the client computer.
  2. We copy the client certificate files created earlier on the server to the C: Program Files OpenVPN config directory (2 certificates with the extension .crt and a key with the extension .key) and use our client configuration file client.ovpn. After copying to the user's device, the last file is deleted from the server or transferred from the config folder to avoid any confusion in the future.
  3. Open the client.ovpn file. Find the line remote my-server-1 1194 and specify the ip address or domain name of the vpn server in it:
    remote 1194

For example: remote 1194

  • Find paths to certificates. We indicate in it the path to the previously copied certificates ca.crt, client1.key, client1.crt as in the example below:
    # See the server config file for more
    # description. It's best to use
    # a separate .crt / .key file pair
    # for each client. A single ca
    # file can be used for all clients.
    ca "C: Program Files OpenVPN config ca.crt"
    cert "C: Program Files OpenVPN config client1.crt"
    key "C: Program Files OpenVPN config client1.key"
    # This file should be kept secret
  • Save the file. Client setup is now complete.
  • Testing an OpenVPN Connection

    Launch the OpenVPN server, for this, go to the C: Program Files OpenVPN config directory and select the server configuration file (we have server.ovpn -> RMB -> "Start OpenVPN on this config file").

    Run the client, for this, go to the directory C: Program Files OpenVPN config and select the client configuration file (we have client.ovpn -> RMB -> "Start OpenVPN on this config file").

    A connection status window will appear on the screen. After a few seconds, it will be minimized to tray. The green indicator of the OpenVPN shortcut in the notification area indicates a successful connection.

    Check the availability of the OpenVPN server from the client device by its internal address of the private network:

    1. Push the keys Win + r and enter the window that appears cmd to open a command prompt.
    2. Execute the command ping to the address of our server in a virtual private network ( ping
    3. If VPN is configured correctly, packet exchange with the server will begin

    Using the tracert utility, we will check which route packets from the client go. In the console, enter the following command: tracert
    From the result of the utility, we see that first the packets are sent to the VPN server, and only then to the external network.

    Now you have a virtual private network ready for use, which allows you to make secure network connections between its clients and the server using open and territorially remote Internet connection points.

    System requirements

    • Windows 10, 8.1, 8, 7, Vista 32 | 64-bit (latest version)
    • Windows XP 32 | 64-bit (version 2.3.16 only)
    • Mac OS X 10.7.5+, Intel-64 only (Tunnelblick app)
    • Android 4.0 and higher (OpenVPN Connect app)
    • iOS 6.0 or later. Compatible with iPhone and iPad (OpenVPN Connect app).

    1. Install the OpenVPN client application

    Windows:OpenVPN Windows Installer
    Linux: Use the version from the repository
    Android:Openvpn connect (Android 4.0 and higher)
    iOS (iPhone, iPod, iPad):Openvpn connect

    Safe Surf Tool

    OpenVPN offers a cost-effective and easy alternative to other VPN technologies that are well-oriented to small businesses and large enterprises. The simple and intuitive OpenVPN interface eliminates the many subtleties that are common to other VPN implementations. The OpenVPN security model is based on SSL, the industry standard for secure communications.

    OpenVPN implements a secure OSI layer 2 or 3 network extension using SSL / TLS and uses flexible client authentication methods based on certificates, permeability cards and / or two-factor authentication. OpenVPN takes into account user and group access policies based on the firewall rules applied to the virtual VPN interface. OpenVPN is not a web proxy and does not work with a web browser.

    2. Download and import configuration files

    Select the country of your interest from the table on the list of VPN servers and download the OpenVPN configuration files (UDP | TCP). For those who do not own the information, we will explain: UDP and TCP are connection protocols. UDP is a faster protocol, but it also consumes more power on mobile devices, and may not be available on some networks. TCP may work a little slower, but allows you to connect through proxy servers and is widely available.

    Next, you should import the downloaded configuration files into the system:
    Windows: copy the .ovpn files to the folder C: Program Files OpenVPN config ,
    Android, iOS, Mac OS: click on the .ovpn files in the file manager and they are imported independently.

    Compatible with various devices

    Among the advantages of OpenVPN are cross-platform, stability and flexible scalability to hundreds or thousands of clients, relatively easy installation and support of dynamic IP addresses and NAT.

    OpenVPN provides an extensible VPN infrastructure that has been designed to provide maximum flexibility and enable distribution of a customized installation package for clients or enhance alternative authentication methods through the OpenVPN plug-in module interface.

    OpenVPN offers a management interface that can be adapted for remote control or centralized management of the OpenVPN daemon. The management interface can be adapted to create a graphical interface or a predictive external application for OpenVPN.

    3. Launch the OpenVPN client application

    Before the first launch of the application in the OS Windows, right-click on the OpenVPN shortcut, select "Properties", open the "Compatibility" tab and check the box "Run as administrator." After starting, the OpenVPN icon will appear in the tray, right-click on it, select the configuration file you need from the list and establish the connection by clicking the left mouse button.

    AT Linux run OpenVPN with the command: sudo openvpn / path to the .ovpn configuration file

    On other operating systems, use the graphical utility.

    Innovative Connectivity Technologies

    TLS is the latest evolution of the SSL protocol family developed by Netscape for its secure web browser. TLS and its predecessors SSL have become widespread on the network in recent years and have been carefully analyzed for vulnerabilities.

    In turn, this analysis led to the subsequent activation of the protocol, so today SSL / TLS is considered one of the most secure protocols. TLS is a great choice for authentication and key exchange mechanisms for a VPN product.

    Configuring OpenVPN for Windows

    This manual demonstrates how to connect to the VPN Gate relay server using the OpenVPN client on Windows XP, 7, 8, 10, Server 2003, 2008, 2012.

    1. Install the OpenVPN client application for your operating system. Run the installation file. The installation wizard opens. Follow the on-screen prompts to complete the installation of the application.

    2. Download and download the OpenVPN connection configuration file (file. Ovpn). This procedure is required only for the initial setup of the connection.

    * .Ovpn format configuration file is needed to connect to the VPN Gate relay server through the OpenVPN protocol.

    You can download the configuration file (OpenVPN Config file) on the list of open free relay servers at Select the VPN server you want to connect to and click on the corresponding * .ovpn file to download it to your desktop or download folder.

    After saving the file to the computer, it will be displayed as an OpenVPN icon. However, you cannot establish a connection by simply double-clicking on the file.

    You need to move the * .ovpn file to the “config” folder of the main OpenVPN installation directory.

    Open the folder C: Program Files OpenVPN config and copy the * .ovpn file into it.

    3. VPN connection

    Right-click on the “OpenVPN GUI” icon on the desktop and select the option “Run as administrator”. Otherwise, the VPN connection cannot be established.

    The OpenVPN GUI icon will appear in the notification area of ​​the taskbar (system tray). In some cases, the icon may be hidden, click on the arrow icon to show all hidden icons.

    Right-click on the OpenVPN GUI icon and click on “Connect”.

    Start a VPN connection. The connection status will be displayed on the screen. If you see a dialog box asking for a username and password. Enter “vpn” in both fields. This window appears very rarely.

    If the VPN connection is successfully established, a pop-up message will appear as in the screenshot.

    4. Internet without limits

    When the VPN connection is established, Windows creates the virtual network adapter TAP-Windows Adapter V9. This adapter will receive an IP address that begins with “10.211" The virtual adapter will receive the default gateway address.

    You can verify the network configuration by running the ipconfig / all command on the Windows command line.

    When the connection is established, all network traffic will pass through the VPN server. You can verify this using the tracert command on the Windows command line.

    As shown in the screenshot above, if packets pass through "", then your connection is relayed through one of the VPN Gate servers. You can also go to the VPN Gate home page to view the global IP address.

    You will be able to see the location visible from the network, which will differ from your actual location.

    Configuring OpenVPN for MacOS

    This manual demonstrates how to connect to the VPN Gate relay server using the Tunnelblick application. Tunnelblick is an OpenVPN graphical client version. for MacOS systems.

    1. Install the Tunnelblick app

    Download and install the latest version of the Tunnelblick app. During installation, instructions will be displayed on the screen.

    After installation is complete, the following screen will appear. Select the “I have configuration files” option.

    The screen will show instructions for adding configuration to Tunnelblick.

    Click OK to close the window.

    2. Download and download the OpenVPN connection configuration file (.ovpn file). This procedure is required only for the initial setup of the connection.

    * .Ovpn format configuration file is needed to connect to the VPN Gate relay server through the OpenVPN protocol.

    You can download the configuration file (OpenVPN Config file) on the page of the list of open free relay servers Select the VPN server you want to connect to and click on the corresponding * .ovpn file to upload it to the Downloads folder.

    To install the * .ovpn configuration file, drag it to the Tunnelblick icon in the menu bar or to the list of configurations in the "Configurations" tab of the "VPN Details" window. If you need to install several configuration files at once, select all of them and then drag them.

    You will need to enter your MacOS username and password during the upload.

    3. Подключение к VPN

    Нажмите по иконке Tunnelblick на верхней панели инструментов MacOS и выберите опцию “Соединить [название конфигурации]”. Будет запущено подключение к VPN.

    Появится статус подключения к VPN, как показано на скриншоте. После успешной установки подключения, в основном окне Tunnelblick будет показываться состояние “Соединен”.

    4. Интернет без ограничений

    Когда соединение установлено, весь сетевой трафик будет проходить проходить через VPN-сервер. Вы также можете перейти на основную страницу VPN Gate, чтобы посмотреть глобальный IP-адрес. Вы сможете увидеть видимое из сети местоположение, которое будет отличаться от вашей фактической локации.

    При подключении к VPN вы сможете посещать заблокированные веб-сайты и играть в заблокированные игры.

    Нашли опечатку? Выделите и нажмите Ctrl + Enter