OpenVPN on Windows works surprisingly well
I’ve been using OpenVPN for a few years on Linux to establish site to site VPNs. It has never let me down, and i was always able to get the configuration working in the way I wanted it, without much effort and fiddling. Another nice ability of OpenVPN is that it can work it’s way through almost any firewall, which can be especially nice when working with restricted internet access.
A few days ago, i’ve got into a situation where I needed to get to a site to site VPN up as quickly as possible, behind a restrictive firewall. I’ve started with the obvious route, and found a few resources referring to OpenVPN on the net.
One of them is the OpenVPN GUI, which is mostly aimed at roadwarrior scenarios. The Windows installation notes and the Windows section in the howto are quite sparse. As such, my expectations weren’t high.
Installing OpenVPN results in the creation of a virtual ethernet adapter, that’s backed by the TAP driver (which is not signed). The install went fine, and configuration was the same as on Linux.
The Windows installer automatically installs as service that defaults to a disabled state, which when started launches OpenVPN for all *.ovpn files in %ProgramFiles%\OpenVPN\config. Simple, but efficient. Logs get written to %ProgramFiles%\OpenVPN\log.
After creating an appropriate configuration, i put it into the config dir, started the service, and everything just worked. Right out of the box. Without thinkering. Without error messages. It just worked.
As such, the application clearly shows it’s Linux/Unix origin, but it works nicely. Windows administrators that have never worked with a unix-like operating system might be put off by the application. I would still suggest everyone to take a look at OpenVPN for some low cost VPN improvisations.
Maurice Hilarius:
If someone was a “Windows Administrator” and would be “put off” by that then I suggest that their claim to be an “administrator” is dubious at best.
28. September, 2007, 06:16Ihsan Dogan:
I’m using OpenVPN already for quite some while. It’s a realiable and cheap solution.
1. October, 2007, 11:16Clay Maney:
Is this a site-to-site tunnel you’re setting up or a remote client connection? I’m *very* interested in a site-to-site setup like this.
18. October, 2007, 16:47Lukas Beeler:
Clay,
18. October, 2007, 16:52This is a site-to-site tunnel.
Clay Maney:
The way I’m reading the documentation, this can be done with a machine with 1 physical interface (plus the virtual TUN or TAP interface). Is that correct? Or did you need a box with two?
Another consideration: do you have any experience with flash based systems? We’ve had problems shipping systems before because of hard-drive failures due to rough shipping. I’d love to build a flash-based system because of it’s lack of critical moving parts.
Thanks for the quick reponse!
18. October, 2007, 16:59Clay Maney:
Scratch that last comment. I think I’d be better off with two interfaces so I could hand out DHCP, etc. on one and then have the other plug into the hotel network. Thanks again.
18. October, 2007, 17:10Lukas Beeler:
Hi Clay,
You do not need multiple physical interfaces to use OpenVPN, but if you have multiple networks interconnected, it sure makes things a lot easier.
Flash is rather hyped right now, and while the whole no-moving-parts is an advantage for sure, a properly shipped harddrive won’t break. You’ll need lots of packaging though. All IBM/HP server we’ve received in the past few had zero HD DOAs.
18. October, 2007, 17:13Satish:
Dear Lukas Beeler,
Could you please send the the configuration files to setup an site-site vpn? I have already using openvpn but not as site-site.
Thanks in advance.
13. November, 2007, 09:27