Open. VPN Server on Windows ~ Defron. Technology, Security, Privacy. Open. VPN is a wonderful VPN system, but it's not so simple to set up on Windows. When I first created this how- to, there wasn't a real cohesive and precise instruction set on how to get an Open. VPN server working on Windows where Windows clients could have all traffic go through the VPN (the alternative is where only directed traffic goes through the VPN: Split tunneling). I prefer all my traffic going through a VPN when connected, less likely for information to leak out. NOTES: 1. Throughout this guide I will use two words: over and over again: server and client.
Select Use the following IP address and Use the following DNS server addresses to change your computer's IP address and/or DNS server addresses. How to Change or Use Custom DNS Server Settings in Windows? Many times people face problems while accessing a particular website. It might be due to website server. Want to change your DNS server? You might need to know more about What DNS Servers Do or you might need to know How to Find the Best DNS Server. There are three. OpenVPN is a wonderful VPN system, but it's not so simple to set up on Windows. When I first created this how-to, there wasn't a real cohesive and precise instruction.
Feel free to modify these, but be sure to modify them EVERYWHERE they are repeated. To help you out I bolded and italicized them everywhere you should change them (except in the config files, they need to be changed in those as well) 2. Everywhere you see quotation marks, it is to signify what you should type (which would be the stuff inside the quotation marks), DO NOT TYPE THE QUOATATION MARKS UNLESS OTHERWISE SPECIFIED! I know this seems long, but it really isn't, I just broke everything down into as basic of steps as I could and explain everything as thoroughly as I can. In the end, it pays off, you have a secure multi- client VPN offering that definitely beats PPTP in terms of security and robustness.
A relatively common practice with Open. VPN is to configure it to use TCP port 4. HTTPS, so even the most most draconian of firewalls won't block it. I don't cover this, instead cover Open. VPN using the default port of 1. UDP. Changing it is simple, just edit the server and client configuration files to use proto tcp and port 4. Make sure to also change your forwarded port and firewall rules to match as well.
Learn why a clean install of the OS is preferred for installing Microsoft Windows Vista, and how to begin a clean install of Microsoft Windows Vista using the newly.
This guide uses the 1. Open. VPN network. This is the default for Internet Connection Sharing (a needed utility to get Internet through Open. VPN on Windows) for Windows 7, which is why I chose it (it should also be the default for Windows Vista, though I cannot test this) On Windows XP, ICS uses 1.
VPN (as it's a popular subnet and would lead to conflicts in various situations). If you wish to change the subnet for Open.
VPN, you must change it in the config file for the server as well as for ICS. This can be done through a registry setting. In HKLM\System\Current.
Control. Set\services\Shared. Access\Parameters you will need to change Scope. Address and Scope. Address. Backup to the first IP address in the range you wish to use. I am not certain if Windows XP can change it or not, but it's worth a shot.
Here is a registry file of the 1. ICS configuration, change the network numbers and run it to change to a different subnet (or do it manually). You can also find it on Paste. Bin. You will also need to know your public IP address or set up a Dynamic DNS service. This can be done by visiting http: //www. Better is to set up no- ip on your server and use their free dynamic dns service (as it'll work even if your home IP changes). You will need to do this for PPTP VPN servers and SSH servers.
I will mention this again when we get to the client configuration file. I will do a quick run- down of how to do this on Windows Vista/7 with Windows Firewall (which are the same in this matter). Image of steps 2- 3 Select UDP and enter in port 1. Select Allow the connection and click next. Select which networks to allow the rule, to be safe, allow for all and click next. Name the rule . When you get to the .
Especially on Vista/7 as this will save you headaches. Proceed to finish the install. Navigate to the installation folder (C: \Open. VPN if you followed my advice), then enter the config folder (C: \Open. VPN\config). Here, create a file server.
It should look like this: http: //pastebin. U0. Me. HKLAbout the server.
You can modify the port number to any number you want, just remember what you set it to. Same for proto (short for protocol) you can change that to tcp, just remember you did so (udp will give you better performance, but may be blocked on some draconian networks)Line 5 is one that may need changing. First, you need to keep . Later on we'll enable Internet Connection Sharing and you may need to change 1.
IP address being forced on you by Internet Connection Sharing (for me this was 1. I'll remind you of this when we get to Server Configuration.
You need to specify the DNS servers, I chose Open. DNS as it makes it easy to test if the tunnel is being used without running something like Wireshark (which is nice), but any DNS server will do.
Open up the command line (As administrator on Vista/7)type . I usually set name to my name and OU to VPNers just because it's simple.- -- -- -- - DO NOT CHANGE KEY. This will start the creation process for the ca. You will be prompted for various things.
The default values are fine until you get to COMMON NAMEWHEN YOU GET TO Common Name enter in . It should look like this: http: //pastebin. Jt. L. About the client configuration file: You need to use the same protocol as you specified on the server configuration file. On line 5, for remote, you need to specify the PUBLIC IP address of the server OR the DNS entry for it. Refer to Note #6 for this information. After the ip address or DNS listing, specify the port.
This needs to be the same port as in the server configuration file. Almost done! Just have some configuration left on the server to go.
Find Open. VPN, right- click it and go to properties. Set it to automatic and start it. Still on the server in services, find Routing and Remote Access (shorthand: RRAS). Set it to automatic and start it. NOTE: At least in a couple of my goes with this, enabling RRAS made my network indicator in the notifications tray signify I had no connection - - I Still had a connection despite being told otherwise.
It only happened on a few of my computers, so it may or may not happen to you (if it does, see if you can access any website. If you can there's no problem)You will need to modify a registry entry, so open up regedit and go to HKEY. In there change IPEnable. Router to 1 (defualt is 0). IPEnable. Router.
Right- click the adapter that says TAP- Win. WIN- 6. 4) Adapter and select .
Rename it to . Uncheck IPv. Vista/7 + some XP computers with it configured). Now we go onto Internet Connection Sharing (ICS) configuration.
You may wish to review Note #5 as it covers some details on how to use a different subnet, as well as the . A reminder is my guide assumes you are using 1. Windows XP. Edit as appropriate. This part is not necessary if you have checked the registry entry for ICS and made sure it is correct for your needs, but is a useful way to double- check as you'll get a warning popup. While still having the My. Tap Properties open, Select IPv.
Give it a static IP of 1. Right- click your LAN adapter (the one you gave a static IP in step zero) and go to Properties. Go to the sharing tab (advanced on Windows XP) and check . If not, don't worry: that just means you have no other adapters to share with other than My.
Tap. Image of Steps 9+1. Uncheck the lower box titled .
If you did optional step 8 for Server Configuration, you'll get a popup that says something about how My. Tap will be set to 1. If yours said a different IP address, you will need to modify server. Open. VPN service, alternatively you can set the ICS network range in your registry.
Run this registry file to use the guide's 1. Pastebin) or configure it manually using regedit and navigating to HKLM\System\Current. Control. Set\services\Shared. Access\Parameters and editing Scope. Address and Scope. Address. Backup to use the desired IP address range (you specify the first IP address in the range). You can check to make sure that the IP address for My.
Tap is correct by running ipconfig /all in the command line and making sure it matches that in your server. Right- click the adapter that says TAP- Win. WIN- 6. 4) Adapter and select .
Rename it to . Just change your client. LAN ip address (NOT the address you set for My. TAP on the server, but the static IP you set for the LAN adapter).
Launch Open. VPN GUI (as Administrator on Vista/7). A tray Icon should appear for Open. VPN (a little red- monitored computer with a globe). Right- click it and select . After a few seconds to a minute, you should hopefully connect and be assigned an IP address. To verify traffic is going through the tunnel, assuming you used Open. DNS, you can test it simply using an Open.
DNS check. You now have a secure basic VPN setup More robust than Microsoft's default PPTP offering as well as allowing multiple clients. You can improve the security by looking into ta. You'll need to go elsewhere to learn how to do these, or I may cover them in a future post. Finally, there are a few things you should know. Some Things Very Important To Note.
If you have issues with resolving DNS, uncomment register- dns from the client file. On some networks with a short dhcp timeout, your client may have issues with getting a new address lease due to Open.
VPN sending the request through the VPN. Disconnecting from Open.
VPN and running . Internet Connection Sharing (ICS) is a tricky one, but I've gotten it mostly figured out through the Shared.
Access registry options. You can read up on configuring ICS here. On Windows XP it uses 1. I've yet to verify if that can be changed.
Strictly speaking, the subnetting you are giving your Open. VPN server may not be absolutely correct. This doesn't matter for a handful (3) clients, but it may stop you from having too many clients. This appears to either be related to the version of Windows used, related to the NIC used, or related to whether the NIC used is a wireless NIC and cannot be changed.
You should get subnet mask of 2. I got was 2. 55. 2. When the Open. VPN client should pull the correct information when it connects, so as long as you don't exceed the limit, it's not an issue. Slightly related is the below: I don't know if this was because my virtual machine is crashy, but I noticed that the My.
Having problems updating Windows 7? Try changing DNS settings. Microsoft may have republished its botched August update, but some Windows 7 users are reportedly still having problems with Windows Update. Fortunately, they've also found a simple solution. On Wednesday, Microsoft reinstated its August update, which had caused font issues and system crashes on some machines.
And that caused its own set of issues. A number of threads have cropped up on Microsoft's support site complaining that the update has apparently disabled and/or corrupted Windows Update.
Windows IT Pro listed about five, including this thread, which directly addresses the problem. So far, Microsoft support staff haven't stepped in with an official response, and the original security bulletin shows its most recent update took place on Wednesday. If you're still having problems updating your Windows 7 systems, there are two possible solutions: First, try downloading the System Update Readiness Tool found near the bottom of the linked page. Microsoft notes the update process could take 1. The easier solution, and the one that seems to work, is simply to change your DNS settings to use Google's DNS servers, with the IP addresses 8. If you can't change the DNS settings for your router, you may just have to set them for each Windows computer on your home network. No one seems to be quite sure why this works, only that it does.
As Windows IT Pro points out, it might have something to do with the problems that Time Warner Cable customers had accessing Microsoft's Web sites. Keep in mind that by routing your Internet traffic through Google's servers, you're explicitly telling Google what websites you're visiting and what content you're accessing, instead of your ISP.
That may or may not be a concern, depending on your attitudes toward Internet privacy and who you trust with that information. One alternative to Google's DNS services is Open. DNS, which provides similar services, although mistyped queries are sent to a landing page that will serve you ads. We can't say for certain whether using Open.
DNS settings will solve the Windows 7 problem, however. Nevertheless, if you're still struggling with the recent updates, give it a try. To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.