Install an OpenVPN server and connect to it on windows

March 22, 2012 by
Filed under: linux, security, troubleshooting 

Follow the tutorial on linode to install openvpn:

Both openvpn and dnsmasq shall be installed on the server.

And on the file /etc/openvpn/server.conf, the following line must be exist and not commented :
push “redirect-gateway def1”

By default the line is :
;push “redirect-gateway def1 bypass-dhcp”
The semi-colon should be removed, and “bypass-dhcp” should be removed too.

redirect-gateway option to configure the VPN as the default gateway (implemented on Linux and Windows only).

redirect-gateway bypass-dhcp option to add a route
allowing DHCP packets to bypass the tunnel, when the
DHCP server is non-local. Currently only implemented
on Windows clients.

Another tip: In the local directive in the begging of server.conf, ip address of your server should be configured:

On the client, just install OpenVPN GUI on windows, and download client.conf, ca.crt, client1.crt, client2.key to the OpenVPN/Config folder from the VPN server. The config folder is located at C:\Program Files\OpenVPN\config on my system.

And rename client.conf to vpn-server.ovpn (a mandatory step), start OpenVPN client and click connect.

Some faqs:
1.How to tell if openvpn is installed correctly on the sever.
Just run netstat -na|grep 1194 to check whether it is listening, and check whether the process is running by ps. 1194 is the listening port configured at server.conf

2.Why I cann’t telnet to the 1194?
openvpn is an UDP server by default, you can’t telnet to an UDP port.

3.How could I check if my client is connected to the server?
If the OpenVPN tray turn to green, you are connected to the server.
And you can ping the vpn server, if it replies, it is connected:

4.Why I could not visit some sites on the world after connected to the openvpn server.
If your local DNS server is polluted and you are not redirect DNS lookup to VPN server, you will still not be able to open the blocked site. On the vpn server, dnsmasq must be installed, and the following exact line exist at server.conf
push “redirect-gateway def1”

5.How could check the route process to a host such as twitter from linux/windows?
on linux: traceroute
on windows: tracert

You can also run nslookup on windows, and host/digg on linux for debugging.

Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)


Comments are closed.