I have reached a milestone!!! I figured out how to setup a VPN to my home computer, which allows me do access my local network.

Problem is, I cant seem to get ta.key to generate but im not worried about it right now:

Future Update: Tailscale is here, use this instead, not worth the hassle of using anything else or setting up VPN.

The instructions below are for setting up OpenVPN on Windows using Command Prompt (CMD) and Windows tools.

• Download OpenVPN: Go to the OpenVPN website and download the OpenVPN installer for Windows.
• Install OpenVPN: Run the installer and make sure to include the TAP network adapter and the EasyRSA tool during the installation.

EasyRSA is used to create the security certificates for your VPN. Here are the instructions for Windows:

• Open Command Prompt as Administrator:
  • Click the Start menu, type `cmd`, right-click on Command Prompt, and choose Run as administrator.

• Navigate to the EasyRSA folder:
• Type the following in CMD (assuming OpenVPN is installed in the default location):

      cd "C:\Program Files\OpenVPN\easy-rsa"
      

• Initialize the Public Key Infrastructure (PKI):
  • Run the following commands in the Command Prompt:

      EasyRSA-Start.bat
      ./easyrsa init-pki
      

• Build the Certificate Authority (CA):
  • Create the Certificate Authority to sign the certificates:

      ./easyrsa build-ca
      

• You will be prompted to set a password for the CA and provide details for the certificate (such as country, organization, etc.).

• Generate the Server Certificate and Key:
  • Run this command to create the server certificate:

      ./easyrsa gen-req server nopass
      ./easyrsa sign-req server server
      

• Generate Diffie-Hellman Parameters:
  • For secure key exchange, run:

      ./easyrsa gen-dh
      

• Generate a Client Certificate and Key:
  • Create a certificate for your laptop (client):

      ./easyrsa gen-req client1 nopass
      ./easyrsa sign-req client client1
      

• Generate the HMAC Key for TLS Authentication:
  • For additional security, create a TLS-auth key (HMAC):

      openvpn --genkey --secret ta.key
      

Now that you have the necessary certificates and keys, you can configure the OpenVPN server:

• Navigate to the OpenVPN configuration folder:

    cd "C:\Program Files\OpenVPN\config"
    

• Create a Server Configuration File (server.ovpn):
  • Use Notepad or another text editor to create a file named `server.ovpn` with the following content:

      port 1194
      proto udp
      dev tun
      ca ca.crt
      cert server.crt
      key server.key
      dh dh.pem
      server 10.8.0.0 255.255.255.0
      ifconfig-pool-persist ipp.txt
      keepalive 10 120
      cipher AES-256-CBC
      persist-key
      persist-tun
      status openvpn-status.log
      verb 3
      

• Copy the certificates:
  • Move the following files into the `C:\Program Files\OpenVPN\config` folder:
    • `ca.crt`
    • `server.crt`
    • `server.key`
    • `dh.pem`
    • `ta.key`

• Log into your router: Access your router's settings using its IP address in your browser.
• Set up port forwarding: Forward UDP traffic on port 1194 to your computer’s local IP address (e.g., 192.168.1.x).

• Create a Client Configuration File on your laptop:
  • Use Notepad to create a file called `client1.ovpn` with the following content:

      client
      dev tun
      proto udp
      remote [YourHomeNetworkPublicIP] 1194
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      ca ca.crt
      cert client1.crt
      key client1.key
      remote-cert-tls server
      cipher AES-256-CBC
      verb 3
      

• Transfer the following files from your home computer to your laptop (via USB or cloud storage):
  • `ca.crt`
  • `client1.crt`
  • `client1.key`
  • `ta.key`

• Install OpenVPN Client: Install OpenVPN on your laptop from the OpenVPN download page.

• Import the Client Configuration File: Open the OpenVPN client on your laptop and import the `client1.ovpn` file you created.

• Connect from the Laptop: In the OpenVPN GUI on your laptop, select the client configuration and click Connect.
• Verify Access: Once connected, you should be able to access devices on your home network.

• Firewall: Ensure that the Windows Firewall or any security software allows VPN connections.
• Dynamic DNS: If your home network's public IP changes regularly, set up Dynamic DNS (DDNS) so you can connect to your home network with a domain name rather than the IP.

Losing internet access after connecting to a VPN is a common issue, especially when you configure OpenVPN to route all traffic through the VPN (full tunneling). Here are the most common reasons for this issue and how to fix it:

• Missing or incorrect NAT configuration on the VPN server: The VPN server is not properly routing traffic from VPN clients to the internet.
• IP forwarding not enabled on the server: The server is not forwarding traffic between the VPN subnet and the external network (your home network).
• DNS issues: The VPN client may not be able to resolve domain names because DNS traffic is not being routed properly.
• Firewall blocking traffic: A firewall on the VPN server may be blocking traffic from the VPN clients.

1. Ensure IP Forwarding Is Enabled on the VPN Server

The server must forward traffic between the VPN network and the internet.

On Linux:

• Enable IP forwarding by modifying the system configuration:
  • Open the file `/etc/sysctl.conf`:

      sudo nano /etc/sysctl.conf
      

• Find the line:

      #net.ipv4.ip_forward = 1
      

• Remove the `#` (uncomment the line) and save the file, or add the line if it doesn't exist:

      net.ipv4.ip_forward = 1
      

• Apply the changes:

      sudo sysctl -p
      

On Windows:

• Ensure that the Routing and Remote Access feature is enabled in Windows to allow IP forwarding.
  • Go to Control Panel > Network and Sharing Center > Change Adapter Settings.
  • Right-click on the OpenVPN TAP Adapter, select Properties, and then go to the Sharing tab.
  • Ensure Internet Connection Sharing is enabled and the correct network (Wi-Fi or Ethernet) is selected for sharing.

2. Set Up NAT (Network Address Translation) on the VPN Server

If NAT isn't properly set up, traffic won't be routed to the internet from the VPN clients. This is common in full tunneling setups.

On Linux:

• Run the following command to set up NAT, replacing `eth0` with your internet-facing interface:

    sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
    

• `10.8.0.0/24` is the default OpenVPN subnet (adjust if you're using a different subnet).
• `eth0` is your internet-facing network interface (this could also be `wlan0` if using Wi-Fi).
• Make sure the rule persists after reboot:

    sudo iptables-save > /etc/iptables/rules.v4
    

On Windows:

• Enable Internet Connection Sharing (ICS) between your internet-facing adapter (Wi-Fi or Ethernet) and the OpenVPN TAP adapter:
  • Right-click on your main network adapter (Wi-Fi or Ethernet), select Properties, then go to the Sharing tab.
  • Select Allow other network users to connect through this computer's Internet connection and choose the OpenVPN TAP adapter from the dropdown.

3. Verify the DNS Configuration on the Client

Sometimes, even if traffic is being routed through the VPN, the DNS settings may not be configured properly, preventing domain names from being resolved (for example, if you can access websites by IP but not by domain name).

* Ensure DNS Servers Are Pushed from the Server:

In your server configuration file (`server.ovpn` or `server.conf`), make sure DNS servers are being pushed to the clients. Add the following lines if they are missing:
<code>
push "dhcp-option DNS 8.8.8.8"  # Google's DNS
push "dhcp-option DNS 8.8.4.4"  # Secondary DNS
</code>

* Modify the Client Configuration (`client.ovpn`):

In your client configuration file (`client.ovpn`), ensure DNS settings are configured correctly:
<code>
dhcp-option DNS 8.8.8.8  # Google DNS
dhcp-option DNS 8.8.4.4
</code>

* Reconnect the client and verify if the DNS issues are resolved.

4. Test and Verify Routing

After implementing these fixes, reconnect to the VPN and test if the internet connection is working:

• Check your external IP: Visit WhatIsMyIP.com and verify that the IP address shown is your home network’s public IP (indicating that all traffic is routed through the VPN).
• Ping a website:

Open Command Prompt (on Windows) or a terminal (on macOS/Linux) and type:

  <code>
  ping google.com
  </code>
  * If you can ping the domain, DNS is working correctly.
  * If the ping succeeds with an IP address but fails with a domain name, DNS may still be misconfigured.
* **Check the routing table (optional)**:
  On Windows, open Command Prompt and type:
  <code>
  route print
  </code>
  On Linux/macOS, use:
  <code>
  netstat -rn
  </code>
  Ensure that the default gateway (`0.0.0.0`) is pointing to the VPN interface (`10.8.0.1` or similar).

5. Check Firewall Rules

If the above solutions don’t work, verify that firewalls on both the server and the client are not blocking the VPN traffic.

On the VPN server:

• Ensure the firewall is not blocking outbound traffic from the VPN subnet (`10.8.0.0/24` by default).
• On Linux, check iptables rules to ensure traffic from the VPN interface is allowed.

On the client machine:

• Check if the local firewall (e.g., Windows Defender Firewall) is blocking VPN traffic.

To fix the issue where you lose internet connectivity after connecting to the VPN:

• Enable IP forwarding on the VPN server.
• Set up NAT to route VPN client traffic to the internet.
• Push DNS settings from the server and configure them on the client.
• Test the internet connection and verify the routing table.

Let me know if you'd like more detailed help with any of the steps!