Windows Clients

Make life simple for yourself, install the RC with the GUI interface. It has a better interface for activating client VPN sessions and watching the activity log.

Create the TAP interface using the GUI install c:\Program Files\OpenVPN\bin\tapinstall.exe. Set the name of the created TAP Interface "TAP-ADAPTER-NAME" and note it for use in your OpenVPN client configuration.

Sample Configuration

The names given to files in this example are placholders only, use the naming convention that best fits your requirements.

In this context, we prefer the FQDN url of the server (e.g. EXAMPLE.COM) hosting the OpenVPN server service. For the "remote" command (i.e. client specifies the remote server) to work, the name given to it must resolve to the correct IP address of your server. Obviously you can use an IP address as well.

Use of the FQDN in other areas of the configuration file is convention that should simplify configuration for clients needing access to multiple, separate OpenVPN servers.

File: c:\Program Files\OpenVPN\config\client.ovpn

client
dev tun
dev-node TAP-ADAPTER-NAME # from above configuration
remote EXAMPLE.COM 1194 # use valid URL or IP address
resolv-retry infinite
nobind
persist-key
persist-tun

ca     EXAMPLE.COM-ca.crt # modify certificate authority name
cert  client.EXAMPLE.COM.crt # modify certificate name
key   client.EXAMPLE.COM.key # modify key name
ns-cert-type server 
tls-auth EXAMPLE.COM-ta.key 1  # modify
cipher BF-CBC   #Blowfish (default) OpenVPN windows client seems to cycle through all anyway
comp-lzo
verb 3
route-method exe # may be relevant only for Windows Vista

Vista

With the wonderful elevated user privilege features of Windows Vista, Windows 7 elevated privileges are required.

The privilege elevation is required because running route.exe (to add routes to your network configuration such that you can get through your new VPN gateway to services within) now requires higher privileges.

We configure elevated privileges for:

  • openvpn.exe

  • openvpn-gui.exe

which allows us to use whichever of the client tools is optimal for our client.

The following instructions is specific to openvpn.exe but also applies to openvpn-gui.exe. A standard way of elevating the privileges of a trusted application is to set its properties to always run as an administrator.

  • Start Windows Explorer, (Win-Key+e)
  • Find and select the file openvpn.exe or openvpn-gui.exe ( most likely to be in: c:\Program Files\OpenVPN\bin\ )
  • Right Click on the file, and Select Properties (or highlight the file then select the File Menu, then select Properties)
  • In the "openvpn.exe Properties" dialogue box that appears, select the Compatibility tab
  • In the Compatibility Tab, select "Privilege Level | Run this program as an Administrator"

You will know you have successfully performed this task if in Windows Explorer the application icon now displays a Four Colour Windows Shield in the same location it normally has the curved arrow for "shortcut."