Anybody use OpenVPN server on Windows

Discussion in 'Networking' started by IAmATeaf, Jul 17, 2019.

Share This Page

  1. IAmATeaf

    IAmATeaf Getting comfortable

    Joined:
    Jan 13, 2019
    Messages:
    673
    Likes Received:
    318
    Location:
    United Kingdom
    Spent some time setting up an OpenVPN server on a Windows 10 desktop. Got the server configured, setup port forwarding and got a connection established on my iPhone but .....

    I couldn’t find a way to have OpenVPN running all the time without logging on, starting the OpenVPN GUI and then clicking connect to get the server running. This last bit can be done via a command line but the user would then need to be left logged on.

    It does have a service which I started but I then can’t establish a connection unless I do the above.

    Can’t leave the desktop logged on as I run it headless so would rather not do so and this would cause an issue should it be restarted.

    All in all a frustrating day so any hints and tips would be greatly appreciated.
     
  2. IAmATeaf

    IAmATeaf Getting comfortable

    Joined:
    Jan 13, 2019
    Messages:
    673
    Likes Received:
    318
    Location:
    United Kingdom
    Gave up on using OpenVPN as a server. For a product that I want to introduce for additional security I'm not happy with being reliant on a user always being logged in and if I want to use a specific username/password then I have to add the details to a plain old text file and store in the installation folder.

    The hunt goes on for something more appropriate.
     
  3. catcamstar

    catcamstar Getting comfortable

    Joined:
    Jan 28, 2018
    Messages:
    970
    Likes Received:
    589
    Hi,

    I can't image this is not working. Have you followed the instructions on Running OpenVPN as a Windows Service | OpenVPN

    On the other hand, having a stand-alone pc (without any other valuable software running in "server" mode) running for OpenVPN only, I would look into running the OpenVPN on your ASUS router, ER-X or even raspberry pi.

    Hope this helps!
    CC
     
    IAmATeaf likes this.
  4. Valiant

    Valiant Getting the hang of it

    Joined:
    Oct 30, 2017
    Messages:
    164
    Likes Received:
    64
    Location:
    Australia
    I think you did pretty well for getting it running in a single day. I've almost got mine going after several days and yes it was painful. I hope to have it completed properly soon.
    I've got a few friends that I'm helping out and they are not in a position or willing to change over their router. I've configured OpenVPN a while ago on my Netgate PFSense box and it was far easier.
     
    IAmATeaf likes this.
  5. IAmATeaf

    IAmATeaf Getting comfortable

    Joined:
    Jan 13, 2019
    Messages:
    673
    Likes Received:
    318
    Location:
    United Kingdom
    Yep, been there, done that and even got the t-shirt

    That service just exits with a meaningless error message in the event logs, there are no log files created so from what I saw it never even got as far as trying launch the main executable. I then did a goggle and found loads of other posts where it was suggested that I either launch it when the user logs on or I create a scheduled task to launch it when the user logs on. Out of curiosity I also tested this and it works but the minute you change the scheduled task to run on system startup it fails.

    Gave up at this point. It clearly looks like the service wrapper has a bug, not too sure when it will fixed so I just saved the config files and uninstalled as it was doing my head in.
     
  6. brighthelmstone

    brighthelmstone n3wb

    Joined:
    Apr 10, 2019
    Messages:
    1
    Likes Received:
    2
    Location:
    England
    This is only my opinion so please accept this post as a well meaning response to your messages.

    I think you are doing OpenVPN a dis-service by not following the multitude of instruction pages provided on VPN Software Solutions & Services For Business | OpenVPN

    I will try and lend assistance in the particular issue you have reported but this information is provided here:
    https://openvpn.net/community-resources/running-openvpn-as-a-windows-service

    Create a server .ovpn file and place in:
    C:\Program Files\OpenVPN\config

    Make sure this ovpn file works correctly by testing it using the interactive program OpenVPN GUI (Run it with admin rights).
    Log file for the GUI program is here:
    C:\Users\{user-name}\OpenVPN\log

    When you know the ovpn file works correctly, run it as a service:
    Open services.msc
    Set the OpenVPNService as StartUp Type = Manual
    Then start the service.
    If you have this line in your ovpn file: log openvpn.log
    Then the log file will be here:
    C:\Program Files\OpenVPN\config

    Check OpenVPN is working correctly. (hint, use the 'OpenVPN Connect' app on mobile phone. Disable wifi so you are using mobile data (i.e. your network internet connection not your local wifi). This is ensure you can connect to OpenVPN 'out and about' rather than just when at home.

    Now you can set the OpenVPN service as Startup Type = Automatic (Delayed Start)
    (I use delayed start as found OpenVPN was being started too early when PC rebooted)
    This means the OpenVPN service will run at PC start, not just when someone has logged in.
    You may wish to edit the PC power options to prevent it going to sleep or hibernating.

    In your router that connects to the internet (ISP) do this:
    Disable UPnP (not necessary for OpenVPN but always best to do).
    Direct the OpenVPN port (as specified in your ovpn file) to forward to the IP of your OpenVPN server machine.
    That is the IP your PC uses on your local network (the same as is included on your ovpn file).
    Ovpn file line: local {local ip number}
    My ISP blocks the default port 1194, so I picked a port between 49152-65535.
    Ovpn file line: port {port number}

    Your ISP probably changes the IP you use 'on the internet' occasionally. For you to connect home you need to know what IP your home is connected to. To find the present IP, Google 'whats my IP'
    For a permanent solution, use a Dynamic DNS service such as noip.com
    I believe this site provides a free DDNS service here: IPCT DDNS | IP Cam Talk

    Good Luck!
     
    catcamstar and alastairstevenson like this.
  7. IAmATeaf

    IAmATeaf Getting comfortable

    Joined:
    Jan 13, 2019
    Messages:
    673
    Likes Received:
    318
    Location:
    United Kingdom
    I’ve done most of that, using the GUI I had it connected/running and tested it by connecting from my phone. So all the required configs were in place.

    The only real issue for me was trying to get it running as a service.

    I’ve saved all the config files so I might revisit it at some stage, maybe I have missed something. At the moment I’m looking at using the built in VPN service within Windows, so will have a play around with that. Have configured the server, just need to find a suitable client that will work on IOS.
     
  8. Valiant

    Valiant Getting the hang of it

    Joined:
    Oct 30, 2017
    Messages:
    164
    Likes Received:
    64
    Location:
    Australia
    When I initially configured OpenVPN, on the first occasion I right clicked on my server configuration file (server.opvn) and started it with the 'start OpenVPN on this config file'. Once I confirmed it was operational, I got it working as a service without any problems and I didn't have to do anything fancy, I just set the OpenVPN service to 'Automatic' and started it. I rebooted my machine and confirmed it started ok and I connected ok. I didn't use the GUI at all but the 'OpenVPN GUI' is visible in the system tray when I restarted the box.

    There's documentation in various places, I also found this helpful - Easy_Windows_Guide – OpenVPN Community