Make life simple for yourself, install the RC with the GUI interface. It has a better interface for activating client VPN sessions and watching the activity log.
Create the TAP interface using the GUI install c:\Program Files\OpenVPN\bin\tapinstall.exe. Set the name of the created TAP Interface “TAP-ADAPTER-NAME” and note it for use in your OpenVPN client configuration.
The names given to files in this example are placholders only, use the naming convention that best fits your requirements.
In this context, we prefer the FQDN url of the server (e.g. EXAMPLE.COM) hosting the OpenVPN server service. For the “remote” command (i.e. client specifies the remote server) to work, the name given to it must resolve to the correct IP address of your server. Obviously you can use an IP address as well.
Use of the FQDN in other areas of the configuration file is convention that should simplify configuration for clients needing access to multiple, separate OpenVPN servers.
File: c:\Program Files\OpenVPN\config\client.ovpn
client dev tun dev-node TAP-ADAPTER-NAME # from above configuration remote EXAMPLE.COM 1194 # use valid URL or IP address resolv-retry infinite nobind persist-key persist-tun ca EXAMPLE.COM-ca.crt # modify certificate authority name cert client.EXAMPLE.COM.crt # modify certificate name key client.EXAMPLE.COM.key # modify key name ns-cert-type server tls-auth EXAMPLE.COM-ta.key 1 # modify cipher BF-CBC #Blowfish (default) OpenVPN windows client seems to cycle through all anyway comp-lzo verb 3 route-method exe # may be relevant only for Windows Vista
With the wonderful elevated user privilege features of Windows Vista, Windows 7 elevated privileges are required.
The privilege elevation is required because running route.exe (to add routes to your network configuration such that you can get through your new VPN gateway to services within) now requires higher privileges.
We configure elevated privileges for:
which allows us to use whichever of the client tools is optimal for our client.
The following instructions is specific to openvpn.exe but also applies to openvpn-gui.exe. A standard way of elevating the privileges of a trusted application is to set its properties to always run as an administrator.
- Start Windows Explorer, (Win-Key+e)
- Find and select the file openvpn.exe or openvpn-gui.exe ( most likely to be in: c:\Program Files\OpenVPN\bin\ )
- Right Click on the file, and Select Properties (or highlight the file then select the File Menu, then select Properties)
- In the “openvpn.exe Properties” dialogue box that appears, select the Compatibility tab
- In the Compatibility Tab, select “Privilege Level | Run this program as an Administrator”
You will know you have successfully performed this task if in Windows Explorer the application icon now displays a
Four Colour Windows Shield
in the same location it normally has the curved arrow for “shortcut.”