Run OpenVPN on Windows, Mac and Linux/Unix - Page 2
Client Configuration File
#client config file start client dev tap proto udp
remote XXX.XXX.X.XXX 1194 #Change the Xs to the static public IP address of your home or office network. If you do not have a static IP enter you dyndns name (like yourhost.dyndns.org) here. If you changed the port from 1194 to another port number in the server config change the 1194 here to the appropriate port number
route 192.168.1.0 255.255.255.0 vpn_gateway 3 #Change this to the IP address scheme and subnet of the local network your server is on.
resolv-retry infinite nobind persist-key persist-tun
ca "C:\Program Files\OpenVPN\easy-rsa\keys\ca.crt" #change this to “/etc/openvpn/ca.crt” on Linux/BSD/Unix systems
cert "C:\Program Files\OpenVPN\easy-rsa\keys\client1.crt"# change this to “/etc/openvpn/client1.crt” on Linux/BSD/Unix systems key
key "C:\Program Files\OpenVPN\easy-rsa\keys\client1.key" # change this to “/etc/openvpn/client1.key” on Linux/BSD/Unix systems. This key file should be kept secret
cipher BF-CBC # Blowfish (default)If you prefer, you can use one of the two ciphers listed below
#cipher AES-128-CBC # AES #cipher DES-EDE3-CBC # Triple-DES comp-lzo verb 1 # user nobody # remove the first # at the start of the line for Linux/BSD/Unix systems # group nobody # remove the first # at the start of the line for Linux/BSD/Unix systems # end of client config file
Save this configuration file as a text file called client1.ovpn, and save it to
c:Program FilesOpenVPNconfig (Windows) or
/etc/openvpn (Linux/BSD/Unix) on your client device
Setting Up the Router
There are a couple of configuration changes that need to be made to the router connected to your server in order for OpenVPN to work properly.
Port forwarding ensures that any traffic sent to your router from the Internet on port 1194 (or the port that OpenVPN is configured to use in the configuration files) is forwarded to the local IP address of your server machine. To ensure this does not change you need either to configure the server machine to have a static local IP address, or to configure the DHCP server in your router to always assign the same local IP address to your server.
To configure port forwarding, log on to your router’s configuration page, find the option for port forwarding, and enter the following information:
- Name: OpenVPN
- Protocol: UDP
- Starting Port: 1194 (change this as necessary)
- End Port: 1194 (change this as necessary)
Forward to: 192.168.1.15 (change this to the local IP address of your OpenVPN server)
You’ll also the following routing information on your router’s “routing” or “advanced routing” page, to ensure that data can travel between the OpenVPN link and other devices on your home or office network:
- Route name: OpenVPN
- Destination LAN IP: 192.168.10.1 (change this to the virtual IP address specified in the server configuration file)
- Subnet Mask: 255.255.255.252
- Default Gateway: 192.168.1.15 (change this to the IP address of your home computer)
- Starting the server using Windows: Start OpenVPN GUI, then right click on the program’s icon in the system tray, select “server” and then “connect”.
- Starting the server using OS X: From the Tunnelblick OpenVPN GUI select Connect “server”
- Starting the server using Linux/BSD/Unix: Start a terminal window, then as root (or using sudo) type:
openvpn -config /etc/openvpn/server.ovpn
To confirm OpenVPN is working, try pinging another device connected to your LAN using its LAN IP address.
You can also open a browser on your client machine, and check your IP address by visiting a site like http://whatsmyip.org/ If OpenVPN is working correctly the IP address of your server, not your client machine, will be shown.