4de8 OpenVPN/Windows - Telecomix Crypto Munitions Bureau


From Telecomix Crypto Munitions Bureau

Jump to: navigation, search


[edit] Windows OpenVPN Tutorial

[edit] Whachu tawkin baat foo'? / Introduction

This tutorial assumes you are running a Windows XP system. I am sure the process is fairly similar for Vista / Windows 7 but may require different versions of OpenVPN GUI, or a slightly different installation procedure. Windows 7 users: install the latest OpenVPN GUI package with administrator rights and in Vista Service Pack 2 compatibility mode. Make sure before launching the client that it will run in Vista SP2 mode and with administrator privileges. Version 2.1.1 has been tested as working with Windows 7 64 bit and is available here

In essence "Danger! Here be dragons!" ...etc

[edit] Set us up the bomb / Installation

Firstly you'll need to grab the latest copy of OpenVPN GUI from here. Be sure to download the installation with the Tap Drivers, the top link at the time of writing.

This application is by far the simplest (and pwettiest) way of running OpenVPN under windows.

Next, run it and install it wherever you want, it doesn't matter as long as you know where it is.

For the sake of simplicity you might as well tick all the boxes during installation just so you have everything, should you realize you need it later (you probably won't, but a couple of kilobytes extra isn't going to dent your harddrive too badly, unless you're still in the 90's, in which case i lol in you general direction).

The installer will throw up a complaint about unsigned drivers when trying to install the TAP interface, be sure to click 'Install anyway / Continue / Allow' (I can't remember the exact wording). Just be sure to let it install them, your computer won't blow up, I promise.

After the installer has finished installing, that generally means the installation is complete.

Proceed to high five the nearest person or animal and continue to the next step of this tutorial.

[edit] How do i shot web? / Configuration

  • Windows-openvpn -- Example config file that works with one of the Telecomix Crypto Munitions Beurau servers.

Assuming all went well and nothing blew up (it wasn't the TAP drivers, really) then you can now run OpenVPN GUI and should get a rather retro and ugly looking network icon in your system tray (bottom right).

If this eye sore of an application is going to be of any use, you'll need:

  • A server to connect to,
  • Certificates
  • A Client config file

In most cases you should be provided with these things from the kind person / faceless corporation providing you with access to their OpenVPN server.

  • WinD0ze Pr0 note - Snobby linux users looking down upon you for using a 'n00bish' operating system may accidently provide you with a client config ending in the extension '.conf'. Since we are running windows, OpenVPN GUI and don't like having to type 2 pages worth of commands to get things done, this needs to be changed to '.ovpn' to work for us.

Typically you should receive three certificates in the form of: 'ca.crt', '(username).crt' and '(username).key'. Keep these stored securely, don't allow anyone access to these files. They are 'you'. Seriously, DO NOT LET THEM ANYONE ACCESS THESE FILES.

Store these anywhere (safe and private), but be sure to check the client config file. The config will tell OpenVPN GUI where to look for these files, and so it must point the program to the right place for the connection to made.

Look for these lines in the config:

cert \blabla\newfolder\gayporn\ca.crt
key \blabla\newfolder\gayporn\lol.key
ca  \blabla\newfolder\gayporn\lol.crt

Obviously don't look for those specfic locations, but be sure that they match where your certificates actually are, and the names of the files on your harddrive.

  • Since openvpn is elitest and hates us poor Windows users, be sure to use double black slashes for folder indication, and also to include the entire directory in speech marks (i.e. "C:\\Program Files\\.." etc) otherwise it will not work.

Also have a look for this line in the config:

dev (something goes here)

Whatever is after that line is the name of the adapter the config is looking for, be sure to rename the tap adapter made during installation to match this.

To do this go:

Start -> Control Panel -> Network Connections

And it should be called 'Local Area Connection 2' or something similar, and will be disconnected. Confirm this is the right one by holding the mouse over the icon, if it's the one we're after it will display 'TAP-Win32 Adapter V8' or something very similar (perhaps suffixed with #2 or so).

Then rename this adapter to match the line in the config you were sent.

And to the last step you may now proceed padawn, either the easiest or perhaps the most headaching of the entire tutorial.

[edit] Spray and Pray / Connection

After double checking your config, making sure it points to the certificates correctly, and nothing is on fire, you can now make a connection. Right click the tray icon, find the name of your client config in the pop-up menu, then roll over it and click connect.

Now pray that everything works, and if god loves you, you should have connected succesfully and be met with a popup in the lower right about your tap interface being assigned to an IP.

Confirm this by googling 'what is my ip' and clicking on of the top links, and comparing your IP against your usual IP.

Personal tools