 Hello everybody! This video will show you how to set up an OpenVPN server for Windows and configure an OpenVPN client and how to organize data exchange channels between remote offices. Sometimes people need to establish a link between remote computers without spending extra money on equipment and software. In doing that, a well-known free program OpenVPN can help a lot, as it provides free implementation of the VPN virtual private network technology. In our channel, you can already find a video on how to create a VPN server with standard Windows tools and how to connect to such server from another PC. You will find the link in the description. Here we go. Hello friends! If you need to recover deleted data, view or restore a remote browser in history. Hetman Software products will help you. Follow the link in the description, download the necessary program for free, install it and analyze the disk. The utility will show you the data you can recover, so you will be able to view it or get it back. In our channel and blog, you will find solutions to any problem, from installing an operating system or configuring it to fixing possible bugs and errors or optimizing mobile gadgets. Our specialists will answer any questions you ask in your comments under the videos or articles. So, we have two computers. One of them will be used as an OpenVPN server and the other as a client. We have to enable them to see each other in the network, on the Internet and enable them to use shared folders and files. Let's begin the setup process. Download OpenVPN from the official website. Choose the version corresponding to your system business. I will give the link to OpenVPN official website in the description. Stop the installation. At step 3, check the inactive boxes. Leave other items at default. In the course of installation, the system creates a virtual network adapter. Select Windows Adapter V9 and its drivers. It is for this interface that OpenVPN will assign the IP address and the OpenVPN subnet mask. Rename it into ServerVPN. Later, I will use this name for the OpenVPN server, which I am going to create on this computer. After that, launch the command prompt as administrator. There is a special video in our channel about all the ways of doing it, so feel free to watch it anytime. You will find the link in the description. Go to the folder where OpenVPN has been installed with the command cd, cd, c, program files, OpenVPN, easy RSA, run init, config, bat. As a result, a file named vars bat will appear in the folder c, program files, OpenVPN, easy RSA. Your file extensions are not displayed in your PC. Turn this function on. It will make your work more convenient. There is also a good video about it. If you want, you can follow the link in the description. Open it with Notepad or Notepad++. This batch file will set the variables for certificate generation. In the part concerning the organization and location, fill in your data. However, you can skip filling in the data as it can be modified later, and this data doesn't affect the work of our VPN server, as it is only for information. Go back to the command prompt started by administrator, and run the following commands. cd, c, program files, OpenVPN, easy RSA, vars, clean all. The answer should be two messages, one file copied one. If you see it, everything is fine. Build DH, build a Diffie-Hellman parameter. If you run this command and see an error, OpenSSL is not recognized as an internal or external command, operable program or batch file, then do the following. Go to properties, control panel, system or write click on this PC. Select advanced system settings, advanced system settings, advanced environment variables. In the section user variables, click on the setting path and then edit. In the window that opens, click on browse directory and specify the path to the folder containing OpenVPN bin. After that, open the command prompt as administrator again, and run the commands that I have described earlier in this video once again. The build DH command should run alright. As a result, in the folder easy RSA keys, a new file named DH4096PAM will appear. With that, enter the commands in the following order. Build CA, create the main certificate. You'll be asked some questions. You can change the data you have previously given in the file vars data, country, region, city, server name, etc. Change the information if necessary. If you don't make any changes, press enter. As a result, in the folder easy RSA keys, two new files named CACRT and CA key will appear. Create key server server VPN, where server VPN is the name of our VPN server. Once again, you will be asked some questions. Press enter. When you see two questions, sign the certificate and one out of one certificate request certified commit, press Y. As a result, in the folder easy RSA keys, you will see new files server VPN CACRT, server VPN CACRT server VPN key. Certificates for the server have been created. Now let's create client keys. Build key client VPN, where client VPN is the client name. The client certificate is going to be created. Press enter, but when asked about command name, for example, your name or your service host name, you should enter the client name. In our case, it is client VPN. In the end, press Y twice. As a result, in the folder easy RSA keys, you will see new files client VPN CACRT, client VPN CSR, client VPN key. For every client, a new certificate is built, but with another name. For example, build key client VPN1, and you should specify it in the common name. Now let's generate the key TA key for packet authentication. To do it, run the command openmpn genkey secret keys TA key. As a result, in the folder easy RSA keys, a new file named TA key will appear. Okay, the key business is over. Now let's move on to create the service and the client's configuration files. In the folder see program files openvpn config create a text file named servervpn ovpn. It will be the service configuration, and enter the following text there. I have already prepared a server file, so let's examine it. Dev note servervpn. The network adapted name of our openvpn server. This parameter is not obligatory, but it is convenient to know what server this configuration file belongs to. Mode server. The service mode of operation. Port 1, 2, 3, 4, 5. The port to which the IP address of our server is reserved as it follows the router. I have already shown port forwarding in another video, so you will find the link in the description. There is also a video about reserving an IP address to a computer. You will find the link in the description as well. Proto. USB 4 server. Data transmission protocol. Dev tunnel mode TLS server. The cryptographic transmission protocol TLS auth. The path to the file TA key. Check it, because in your case it can be different. For the server add 0 after the key path, and 1 for the client. Remember that in openvpn the file path is always using 2 slash symbols. If it contains folder names made of several words and separated by spaces like program files, the entire path should be quoted. TonMTU, TonMTU Extra, and MSSFix are packet size. Path to keys. CA CRT, servervpn CRT, servervpn key, DH 4096 PEM. Server 10, 10, 10, 0, 2, 552, 552, 555, 0, the range of addresses allocated for a VPN network. It can be optional. Client to client. Allow the clients to see each other. Keep alive 10, 120. The so-called lifetime of an inactive session. Cipher AES, 128CBS, choice of encryption cipher. Comp IZO. Set data compression setting in the tunnel. Persist key. Persist on. Don't reread key and tunnel data when the connection is broken. Client. Config. Dear. The path to the client's configuration file on the server. This one we are going to create soon. Verb 3. Debugged mode level. Root delay 5. The time for creation and application of a root. In this case, it's 5 seconds. Root method EXE. This is how root data is entered. Push. This command lets the client know about the server's subnet. That is why 192.168.0.0 indicates the server's subnet. Root enables visibility for the network server and client addresses. That is why 192.168.182.0 indicates the client's subnet. That's all. Let's try starting the server. Double-click on the desktop shortcut OpenVPN GUI or open the file OpenVPN GUI.exe. The OpenVPN icon will appear in the taskbar. Right-click on it and select Connect. If it turns green in several seconds, it's all right. The server is running. If it doesn't happen, read the log file in the folder C, users, username, OpenVPN, server, log. If an error occurs, it will be described in this file and you'll be able to fix it. As you can see, in our case, the server works all right. Next. In the folder config, create a file without extension and name it just as the server. Client VPN. Open it with Notepad and enter the following. If config push 10, 10, 10, 5, 10, 10, 10, 6. This way, we assign to the client the IP address 10, 10, 10, 5, or 6. The address can be different. iRoot 192.168.182.0.2.5.2.5.2.5.2.5.0. In from the server, that network 192.168.2.5.4.0 belongs to the client. Disable. If you uncomment this line, the client will be disconnected. It's good for cases when you need to disconnect a client from the server, while others will be working as usual. That's all. Save it. Now go to the client computer. Install OpenVPN on the client's computer as well, and you don't have to check all the boxes. Copy the following lines from the folder c.programfiles.openvpn.easyrsa keys on the server computer. cacrt clientvpn.crt clientvpn.key tak transfer them to the computer with an OpenVPN client into the folder c.programfiles.openvpn.config. In the same folder, create a file client.ovpn and enter this data. I have already created the file, so let's examine it. Remote 176.1.2.1.1.5.6 address of the server where to connect to. Client. Let the client take the routing data from the server. Port 12345 – the port for OpenVPN. Auto TSP4 client – specify the protocol for OpenVPN. DevTon interface type TLS client – the cryptographic transmission protocol TLS auth. Deposit to the file ta key – check it, because in your case it can be different. For the server, add 0 after the key pass and 1 for the client. Remote cerrt TLS server protection. TUNMTU-TUNMTU-EXTRA-MSS-FIX-PACKET-SIZE Path to keys – CA-CRT. Clientvpn.crt clientvpn.key Cypher AES128CBS – choice of encryption cypher comp-izl – set data compression setting in the tunnel Pursist key – persist ton – don't reread key and tunnel data when the connection is broken. Debug in mode level. Mute 20 – the number of repeating messages. That's all. Save it. Now, one more thing. To enable PIN to internal addresses of our server and client, turn on routing and remote access service. To do it, start the registry editor, open the following key – hkey, local machine, system, current control set, services, TCPIP, parameters, find PE, enable router. Change its value data to 1. Don't forget to restart the computer for the changes to take effect. It should be done for both computers, the server and the client. Next. Set up firewalls and antiviruses on the client and server computers to allow free passage of data packets. I will not go into details as everything depends on the particular software they have installed. After that, start the server. Start OpenVPN GUI or Server or VPN. The server is running now. After it is connected, start OpenVPN on the client computer. Start OpenVPN GUI or Client or VPN. When it is connected, test the link. In the command prompt, enter PIN and the address assigned to the client or the server. It depends on the computer from which you test the link. If the PIN gets through, then all settings are correct. Now let's try accessing the shared folders. First, from the server to the client. As you can see, access is possible. Now from the client to the server. This way, access is also possible. That's all. As you can see, a VPN connection with OpenVPN is created. The bidders can access each other in both directions.