OpenVPN configuration

OpenVPN is a free and open source software application that implements virtual private network (VPN) solutions for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.

Full manual for OpenVPN installation and configuration you can find at manufacturer site: openvpn.net.

Connecting to working OpenVPN

If you want to connect WTware to working OpenVPN infrastructure, you may use your OpenVPN configuration file. Pay attention: WTware is not good for learning OpenVPN. Firstly check your configuration on another Windows or Linux computer, and only after successfull tests apply OpenVPN configuration to WTware.

Rename tested configuration file to openvpn.cfg and place it to configs directory on boot disk. To add this file to CD image you may use special program, i.e. UltraISO. Keys must be stored in configuration file. Example of openvpn.cfg configuration file with stored keys. Add in configuration file line:

daemon

If in your VPN tls-auth key is used and in configuration file there is such line:

tls-auth ta.key 1
then after key embedding add into configuration file one more parameter, key-direction, to specify key direction. Should be like this:
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
073b0025464cdeaa6189247397d0f2f6
4c2cb415f7b662af421d3ea7c9d50c10
61ebd5ed93d04c2f863b4a6cc4ce6b32
b981297a1eb35d83e75b3051b162c286
653032398c3bc539bec746c778d67c16
dad74a45ce4e85e57bb04b3675f43ecc
e020210c3d252957e86b087804338c3a
2cec5f08306d276a54558cff885a7296
330ce026485ae88a0099430002a570f1
20b774bf64501ae28ed6650a2bc463ce
032a4c9495dd2849550ad09af18cb953
8aa516354e7a6f302fb7d9f66d1dad7f
9fe7683d84dd90d0985dff7dc2881b24
87884d98ffaafecff27d10d554e2f5a7
78226ee0561cb8f815a10b132b097579
9a9a92359aa0574a95715a1df0e51484
-----END OpenVPN Static key V1-----
</tls-auth>

Creating new OpenVPN

Minimal Windows OpenVPN configuration manual for WTware:

  1. Download Windows Installer.
  2. Install to terminal server. During installation tick too checks:
    Install OpenVPN

  3. Run command line as administrator:
    Run command line as administrator

  4. What should be entered is highlighted by red color:
    Installation log

  5. Create configuration file "C:\Program Files (x86)\OpenVPN\config\wtware.ovpn":
    dev tun
    ca "C:/Program Files (x86)/OpenVPN/easy-rsa/keys/ca.crt"
    cert "C:/Program Files (x86)/OpenVPN/easy-rsa/keys/server.crt"
    key "C:/Program Files (x86)/OpenVPN/easy-rsa/keys/server.key"
    dh "C:/Program Files (x86)/OpenVPN/easy-rsa/keys/dh1024.pem"

    server 10.8.0.0 255.255.255.0
    client-to-client
    comp-lzo

    For this configuration file terminal server IP will be IP 10.8.0.1. This IP you should specify in WTware configuration file server=parameter. If terminal server has another IP, don't forget to turn on routing on server with openvpn and specify route to terminal on terminal server.


  6. Run command line as administrator, type:
    Command line

    Red frame - the command to run.
    Blue frame - this text is printed before terminal connects.
    Green frame - this text is printed after terminal connects.

Items 1-6 you are to perform once, during server configuration. Then create keys for terminal. Make sure that terminal connects. Restart server. Automatically during server boot openvpn service will start for every file with .ovpn extension from "C:\Program Files (x86)\OpenVPN\config\" directory.

Terminal needs for work three files with keys: ca.crt, client.crt and client.key. The first file is common for all OpenVPN clients. The second and the third files it's better to name by MAC-address. It's useful when keys for tens of terminals are saved to one flash-disk and terminals use this flash-disk during installation. Example of correct keys generation for terminal with MAC-address 00.0C.29.DF.50.E3:

Keys generation

In such case set of files with keys consists of such three files: ca.crt, 00.50.56.2E.6D.80.crt and 00.50.56.2E.6D.80.key. It's case sensitive!

Ready keys are placed into C:\Program Files (x86)\OpenVPN\easy-rsa\keys\

Keys are ready. Then actions for each boot way differ.

Boot from CD

  • Create compact-disk .iso image and then edit it manually. Files with keys should be saved to configs directory.

Boot from USB

  • Install WTware to flash-disk.
  • Save files with keys to configs directory.
  • Boot terminal from flash-disk. Press Del and in terminal menu specify OpenVPN server address.

Boot from HDD

  • Install WTware to harddisk.
  • Copy files with keys to USB flash-disk root directory.
  • Boot terminal from harddisk. Press Del and in terminal menu specify OpenVPN server address.
  • During boot terminal will ask for flash with keys. Insert USB flash-disk.