Openvpn Server

    ✅ Step-by-Step: OpenVPN Server on Windows 10
    1. Download and Install OpenVPN


       Download the Windows Installer (Community Version)

       Install with default settings (include EasyRSA when prompted)

       Reboot if required.

    2. Generate Server and Client Keys Using EasyRSA

    Open Command Prompt as Administrator, then:

    cd "C:\Program Files\OpenVPN\easy-rsa"
    EasyRSA-Start.bat

    Then, inside the EasyRSA shell:

    ./easyrsa init-pki
    ./easyrsa build-ca nopass       # Create Certificate Authority (CA)
    ./easyrsa build-server-full server nopass
    ./easyrsa build-client-full client1 nopass
    ./easyrsa gen-dh                 # Generate Diffie-Hellman parameters
    openvpn --genkey --secret ta.key

    All the .crt, .key, and .pem files will be under pki\.
    3. Create the Server Configuration File

    In C:\Program Files\OpenVPN\config\, create a file named server.ovpn and add:

    port 1194
    proto udp
    dev tun
    ca ca.crt
    cert server.crt
    key server.key
    dh dh.pem
    tls-auth ta.key 0
    server 10.8.0.0 255.255.255.0
    keepalive 10 120
    persist-key
    persist-tun
    comp-lzo
    verb 3

    Copy these files to the same folder:

       ca.crt

       server.crt

       server.key

       dh.pem

       ta.key

    4. Allow OpenVPN Through the Firewall

       Open Windows Defender Firewall.

       Allow OpenVPN Daemon through Private and Public networks.

       Open UDP port 1194 in the firewall:

       netsh advfirewall firewall add rule name="OpenVPN" dir=in action=allow protocol=UDP localport=1194

    5. Enable IP Forwarding in Windows

       Open regedit

       Go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

       Set IPEnableRouter to 1

    Reboot to apply.
    6. Start the OpenVPN Server

       Right-click OpenVPN GUI in Start Menu → Run as Administrator

       Right-click the tray icon → Connect (it will start the server)

    7. Client Setup

       Copy the client config + certs (ca.crt, client1.crt, client1.key, ta.key) to the client machine.

       Create a client.ovpn file with:

    client
    dev tun
    proto udp
    remote YOUR_PUBLIC_IP 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    cert client1.crt
    key client1.key
    tls-auth ta.key 1
    comp-lzo
    verb 3

    📝 Tips:

       Use a dynamic DNS service if your IP changes often (e.g. No-IP).

       Use tun device (not tap) for routing-based VPN.

       Port forward UDP 1194 on your router to your Windows 10 box.
    Published