OpenVPN Setup Guide

This is an old revision of the document!

I have reached a milestone!!! I figured out how to setup a VPN to my home computer, which allows me do access my local network.

Problem is, I cant seem to get ta.key to generate but im not worried about it right now:

The instructions below are for setting up OpenVPN on Windows using Command Prompt (CMD) and Windows tools.

Download OpenVPN: Go to the OpenVPN website and download the OpenVPN installer for Windows.
Install OpenVPN: Run the installer and make sure to include the TAP network adapter and the EasyRSA tool during the installation.

EasyRSA is used to create the security certificates for your VPN. Here are the instructions for Windows:

Open Command Prompt as Administrator:
1. Click the Start menu, type `cmd`, right-click on Command Prompt, and choose Run as administrator.

Navigate to the EasyRSA folder:

Type the following in CMD (assuming OpenVPN is installed in the default location):

      cd "C:\Program Files\OpenVPN\easy-rsa"

Initialize the Public Key Infrastructure (PKI):
1. Run the following commands in the Command Prompt:

      EasyRSA-Start.bat
      ./easyrsa init-pki

Build the Certificate Authority (CA):
1. Create the Certificate Authority to sign the certificates:

      ./easyrsa build-ca

You will be prompted to set a password for the CA and provide details for the certificate (such as country, organization, etc.).

Generate the Server Certificate and Key:
1. Run this command to create the server certificate:

      ./easyrsa gen-req server nopass
      ./easyrsa sign-req server server

Generate Diffie-Hellman Parameters:
1. For secure key exchange, run:

      ./easyrsa gen-dh

Generate a Client Certificate and Key:
1. Create a certificate for your laptop (client):

      ./easyrsa gen-req client1 nopass
      ./easyrsa sign-req client client1

Generate the HMAC Key for TLS Authentication:
1. For additional security, create a TLS-auth key (HMAC):

      openvpn --genkey --secret ta.key

Now that you have the necessary certificates and keys, you can configure the OpenVPN server:

Navigate to the OpenVPN configuration folder:

    cd "C:\Program Files\OpenVPN\config"

Create a Server Configuration File (server.ovpn):
1. Use Notepad or another text editor to create a file named `server.ovpn` with the following content:

      port 1194
      proto udp
      dev tun
      ca ca.crt
      cert server.crt
      key server.key
      dh dh.pem
      server 10.8.0.0 255.255.255.0
      ifconfig-pool-persist ipp.txt
      keepalive 10 120
      cipher AES-256-CBC
      persist-key
      persist-tun
      status openvpn-status.log
      verb 3

Copy the certificates:
1. Move the following files into the `C:\Program Files\OpenVPN\config` folder:
  1. `ca.crt`
  2. `server.crt`
  3. `server.key`
  4. `dh.pem`
  5. `ta.key`

Log into your router: Access your router's settings using its IP address in your browser.
Set up port forwarding: Forward UDP traffic on port 1194 to your computer’s local IP address (e.g., 192.168.1.x).

Create a Client Configuration File on your laptop:
1. Use Notepad to create a file called `client1.ovpn` with the following content:

      client
      dev tun
      proto udp
      remote [YourHomeNetworkPublicIP] 1194
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      ca ca.crt
      cert client1.crt
      key client1.key
      remote-cert-tls server
      cipher AES-256-CBC
      verb 3

Transfer the following files from your home computer to your laptop (via USB or cloud storage):
1. `ca.crt`
2. `client1.crt`
3. `client1.key`
4. `ta.key`

Install OpenVPN Client: Install OpenVPN on your laptop from the OpenVPN download page.

Import the Client Configuration File: Open the OpenVPN client on your laptop and import the `client1.ovpn` file you created.

Connect from the Laptop: In the OpenVPN GUI on your laptop, select the client configuration and click Connect.
Verify Access: Once connected, you should be able to access devices on your home network.