Windows → Setting up OpenVPN client on Windows 10

About the program

OpenVPN is a free program for Windows with a full-featured VPN implementation. It features open source code, SSL connection support and advanced settings for advanced users. Using this software, you can organize a safe and confidential stay on the Internet.

Support for a wide range of configurations, a large number of settings and the possibility of remote access are huge advantages over other analogues that are distributed free of charge.

Therefore, it makes sense to download OpenVPN on Windows 7, 8, 10 if there is a need for advanced functionality.

Functional

The software allows you to connect as follows: computer client -> proxy server -> Internet. Thanks to this algorithm it was possible to achieve:

• high connection stability;
• anonymity on the Internet;
• security.

In particular, the security of an active connection, provided that the proxy server is working correctly, is also guaranteed when using public access points.

Channels that involve two types of data transmission deserve special attention:

• Point - point.
• Server - clients.

This mechanism ensures: extremely simple user interaction with the software, the highest protection of not only received, but also transmitted packets.

The principle of operation is simple - secure channels are created through which data is transmitted and received, each with a unique encryption, which makes hacking extremely difficult for hackers.

Therefore, the paid version is very popular in small companies and firms.

Free - used by private users to provide access to blocked resources to a greater extent, and to a lesser extent for protection.

Additionally, it should be noted that it is possible to combine several workstations into a virtual network, protected by means built into the software.

Not only personal computers located in the office and connected to each other via LAN, but also PCs located in other countries can be used for remote access.

If you want to evaluate the functionality, we recommend downloading OpenVPN on Windows 7, 8, 10 and only if there is a need to purchase the full version, since for most people the “base” available without a premium package will be enough.

Secure OpenVPN on VPS in a few minutes

Introduction

In connection with recent events and the possible blocking of public VPN services, the idea has matured to make life easier for people and make a script for quickly installing OpenVPN with all the settings and easy issuance of certificates.
The script allows you to create a working server with one command and create configuration files for clients in a unified format (that is, with certificates included in the configuration file). By the way, these files are suitable for mobile devices. The script was created for machines with CentOS 7.x or Ubuntu Server 17.x, use on Ubuntu 16.x. perhaps, but there is OpenVPN 2.3.x in the repositories. If necessary, you can add other distributions, but usually when purchasing a VPS you can choose a system and this is not so important. The script was written in bash in a couple of hours, errors are possible and certainly something could have been implemented simpler and better.

Run the script on a fresh machine, it will overwrite the iptables rules and OpenVPN configuration. And yes, the iptables rules allow ssh port 22, if you change it to another, do not forget to change the port in the script.

Peculiarities

1. The default cipher AES-256-GCM is recommended (which is safe enough for now);
2. By default, auth SHA256 is used (instead of the default SHA1);
3. By default, OpenVPN 2.4.x uses tls-crypt (which makes OpenVPN traffic harder to detect);
4. By default, uses Google DNS and local DNS blocking (setenv opt block-outside-dns) to prevent DNS Leak;
5. All the necessary rules are created in iptables and ip6tables;
6. There is support for IPv6.

How to use

Using the script is very simple, download the openvpnsetup.sh file to your VPS, give it permissions to run chmod +x openvpnsetup.sh and run ./openvpnsetup.sh.
As a result, you receive a configured server, ready to work on the port of your choice. The newclient.sh script is created in the /etc/openvpn folder, which is needed to create client configuration files; it is just as easy to use - ./newclient.sh clientname. The result will be a file /etc/openvpn/bundles/clientname.ovpn, which can be used immediately on the client, just put it in the config folder (if used on Windows) on your machine.

If you want to recreate the server, simply delete everything from the /etc/openvpn folder and run the script again (of course, the client certificates will need to be reissued).

Tips for choosing a VPS for OpenVPN

1. First of all, we look at the price; you can find offers for $3-4 per month, which is cheaper than many VPN services;
2. Choose a VPS closer to you geographically if you want acceptable speeds via VPN. The lower the ping from you to the VPS, the better the speed;
3. Choose the minimum configuration. OpenVPN does not use more than one core and can run on 256MB of memory. A minimum disk space of 3-5GB is also quite sufficient;
4. Some VPS are limited in traffic, but usually it is 1TB per month, if you plan to use more, consider other tariff plans;
5. Before placing an order for a VPS, check whether downloading torrents is allowed (provided that you need them, of course);
6. You can also check whether TUN/TAP devices are enabled in the system. There is a check for this in the script, but it is better to check before purchasing, as it may not be possible to enable them through the support of the VPS provider;
7. Having an IPv6 address, the script allows you to configure a server with IPv6 support and you may want to be able to visit IPv6 resources via VPN.

The script is available on GitHub.
Bonus: result of anonymity check on 2ip.ru:

Checking for ＷＩＴＣＨ？:

Checking for DNS Leak:

Advantages and disadvantages

Time to dwell in more detail on the advantages and disadvantages of OpenVPN for Windows 7, 8, 10. Let us immediately note that there are many more advantages and we have mentioned only the most significant of them.

Advantages:

• Implementation of confidential and secure exchange of information within the created network. To carry out transmission, the application uses the UDP or TCP protocol.
• Information protection is ensured through encryption. The TLS protocol and the OpenSSL library are used. The latest versions of the software use the PolarSSL library, which provides greater reliability of the security system.
• Providing additional protection by identifying each party involved in the exchange of information. The intervention of an intermediary becomes impossible - including interception, distortion and transmission, and deletion of data.
• Safe surfing on the Internet. Browser tools are not used.
• Replacing the IP address with one chosen independently or automatically. The user's location and real IP will remain confidential.
• Access to various web resources that were previously blocked.
• The ability to scale the system by connecting hundreds or thousands of clients to the network if necessary.

Flaws:

• the need to install a client;
• the paid version is too expensive for ordinary users;
• Difficulties with software settings.

If you consider yourself a confident PC user and understand the intricacies of VPN operation, we recommend trying this service with your own client. It allows you to achieve both anonymity on the Internet and increased protection, and has a place in commercial projects. On our website you can choose the best VPN for your computer.

How to install and use OpenVPN

• Download OpenVPN for Windows from the official link at the bottom of this review, run the file and follow the instructions.
• Download the connection configuration file. ovpn, to connect to the relay server. You can download the OpenVPN Config file at - https://www.vpngate.net/en/.
• Select the VPN server you want to connect to and click on the *.ovpn file to download it. Next, you need to move the *.ovpn file to the config folder - C:\Program Files\OpenVPN\config.
• Click on the OpenVPN GUI icon and select run as administrator.
• The connection status will be displayed on the screen.
• After these manipulations, a virtual network adapter is created in the Windows system and this adapter will receive an IP address that starts with 10.211. The virtual adapter will receive the default gateway address (you can check the configuration with the ipconfig /all command on the command line). Use the tracert 8.8.8.8 command to make sure that traffic will pass through the VPN server.

Windows → Setting up OpenVPN client on Windows 10

Hello again. This last article is dedicated to OpenVPN in general and client configuration in particular. This time we will set up a client for Windows 10, but all this will also work on previous versions of this operating system. The task is the following, to ensure the client’s connection to our OpenVPN server, which we set up in the article: Setting up an OpenVPN Linux server using Ubuntu as an example, we can already set up the Ubuntu client, there’s just a little bit left to do, which is what we’ll do now. To start setting up, we need to download this very client for Windows, I downloaded it for a 64-bit OS. Everything is simple here, download the client from the site openvpn.net/index.php/download/community-downloads.html Start the installation and follow the instructions of the installer, according to the Next -> Next -> OK Go to the directory with OpenVPN installed

C:\Program Files\OpenVPN\config

We need to create a file there, let's call it client.ovpn with the contents:

# Connection type - client client # Through which device we connect dev tun What protocol will we use proto tcp # proto udp # OpenVPN server address and port (you can specify IP or URL) remote openvpn.example.org 1194 # Encryption type, as in OpenVPN server cipher AES-256-CBC # Certificate of the certification authority ca ca.crt # Certificate and client key cert user.crt key user.key # The client supports encryption tls-client # Specify the path to the TLS key tls-auth ta.key 1 # Enable data compression comp-lzo # Do not use a specific port for operation nobind persist-key persist-tun # Logging level if you need more details, then set it to 9 for debugging verb 3 # Number of records after which the log will be written #mute 20

We need to get 4 files from the OpenVPN server:

ca.crt ta.key user.crt user.key

Where: ca.crt and ta.key, the first is the certificate of the certification authority, the second is the OpenVPN server encryption key, every user must have them! user.crt and user.key key and user certificate, each user has their own, i.e. are created personally

All that remains is to launch the OpenVPN client:

Click connect:

A connection log will appear, which will disappear when the connection is established:

The connection icon will turn green, which means the connection is established and working normally, and a box will also appear in which the assigned IP address will be written

For Windows clients there is a peculiarity: you must specify IP addresses from a range of 4 addresses, i.e. if you want to assign the client the address 172.16.10.4 then the connection at the other end must be from the range:

172.16.10.1 172.16.10.2 172.16.10.3 172.16.10.4 172.16.10.5 172.16.10.6 172.16.10.7 172.16.10.8 172.16.10.9 172.16.10.10 17 2.16.10.11 172.16.10.12 Otherwise the connection is lost, it’s that simple.

On this optimistic note, I will end my story; if you have any questions, ask them in the comments.

Download OpenVPN

By downloading OpenVPN to a computer running Windows 7, 8, 10, you can get not only access to blocked resources, but also a full-fledged multifunctional combine that allows you to use the software, including for commercial purposes.

The program allows you to create a network for more convenient work of employees inside the office and far beyond its boundaries - in the presence of freelancers or out-of-state workers associated with your work obligations.

Windows 7, 8, 10, Vista

Windows XP 32-bit

OpenVPN server configuration

After this, we set up the server configuration, for which we go to the config folder and create a server.ovpn file, where we paste the following:

port 1120 proto tcp dev tun dev-node OpenVPN ca E:\\OpenVPN\\certs\\ca.crt cert E:\\OpenVPN\\certs\\barnak-SRV.crt key E:\\OpenVPN\\certs\ \barnak-SRV.key # This file should be kept secret dh E:\\OpenVPN\\certs\\dh1024.pem server 10.10.20.0 255.255.255.0 push "route 10.10.20.0 255.255.255.0" keepalive 10 120 cipher AES- 128-CBC # AES comp-lzo max-clients 10 status openvpn-status.log verb 4 mute 20 sndbuf 0 rcvbuf 0

What's what:

• port 1120, — port number to which clients will connect;
• proto tcp, — protocol type (tcp or udp). TCP is a slower option, but if you're going through a proxy, it's the only way;
• dev tun, — connection mode (tun or tap, tunnel or bridge). In general, bridge mode is needed for specific applications (such as those that use the IPX protocol, they need to send broadcast messages, etc.). Usually tunnel mode is sufficient;
• dev-node OpenVPN, - the name of your adapter (used only for tap connection mode). Go to the properties of the network adapter and change the name to the one you like best:
• ca E:\\OpenVPN\\certs\\ca.crt, - path to the CA certificate. Pay attention to our upbringing. Booze, partying, disco and punk backslash (\) is indicated twice here;
• cert E:\\OpenVPN\\certs\\barnak-SRV.crt, — path to the server certificate;
• key E:\\OpenVPN\\certs\\barnak-SRV.key, — path to the server’s private key;
• dh E:\\OpenVPN\\certs\\dh1024.pem, — path to the Diffie-Hellman key sequence;
• server 10.10.20.0 255.255.255.0, - virtual subnet and mask of your VPN connection. When you connect to the server, you will receive a network address from this range. In this case, the first address is always used by the server;
• push “route 10.10.20.0 255.255.255.0,” - our virtual subnet is indicated here. This command is needed so that when a connection is established, your VPN clients can connect not only directly to you, but also to other VPN computers on your network. At the same time, you can add several routes in this way;
• keepalive 10 120 - is responsible for checking the availability of the partner. Will send pings every 10 seconds if no response is received from the partner within 120 seconds;
• cipher AES-128-CBC, - encryption algorithm. Leave this one, it is the most reliable of those offered
• comp-lzo, - data compression over a VPN connection (to reduce traffic);
• max-clients 10, — how many clients can connect to you at the same time;
• status openvpn-status.log, - the name of the log, which will contain brief information about who connected, etc.:
• verb 4, — level of detail of logs. The more, the higher the detail;
• mute 20, — Do not display more than 20 identical messages in the log (so as not to clog it);
• sndbuf 0, - buffer for sent packets. 0 means OpenVPN will use the system settings, which usually increases your throughput;
• rcvbuf 0, - buffer for received packets. Similar to the previous one.

For a more detailed configuration file, we can go to the sample-config folder and open the configuration file there with a text editor. There are comments for each option.

After you have prepared the settings file, apply them by double-clicking on the file. The OpenVPN window will open and the server will start:

If you just have a blank screen, then open the log file (\OpenVPN\log\;.log). It will tell you why the VPN won't start.