How to Install OpenVPN Server on Windows 10 Pro 22H2

Posted by Asia VPN on November 22, 2023 · 3 mins read

How to Install OpenVPN Server on Windows 10 Pro 22H2 (Build 19045.3448)

Set up OpenVPN

Set up an OpenVPN connection following this guide

Generate a TA key

Generate a TA key and place it in the same folder as the other certificates/keys:

openvpn --genkey --secret ta.key

Update server.ovpn profile

Append the following lines to your server.ovpn profile:

# Route all traffic through VPN
push "redirect-gateway def1"
# Push Google DNS to prevent leak
push "dhcp-option DNS 8.8.8.8"

Update client.ovpn profile

Append the following lines to your client.ovpn profile:

# Block DNS leak
block-outside-dns

Here is my completed configuration file

local 1.2.3.4
port 9194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "block-outside-dns"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so login
client-cert-not-required
username-as-common-name
verb 3
crl-verify crl.pem
explicit-exit-notify
duplicate-cn

Service Tweaks

  1. Open the Services window
  2. Find Routing and Remote Access and set it to: Startup type - Automatic
  3. Start the service

Adapter Tweaks

  1. Open the network adapters window
  2. Right-click your internet adapter (e.g. Ethernet) and then: Properties -> Sharing -> Allow other network users to connect through this computer's Internet connection
  3. (if applicable) From the drop-down list select your OpenVPN TAP adapter (e.g. Ethernet 2)
  4. Note: Only one adapter can be shared at a time, so if you don't see the Sharing tab, make sure no other adapter is being shared.

Registry Tweaks

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Value: IPEnableRouter

Type: REG_DWORD

Data: 0x00000001 (1)

Configure a Static Route (if behind a router)

You have to route all packets sent to the client's virtual IP back to the VPN server.

Example using Cisco router:

  • 10.8.0.0 - virtual network subnet
  • 255.255.255.0 - virtual network subnet mask
  • 192.168.1.175 - VPN server internal IP (in the subnet of the router)

Issues with ICS (Internet Connection Sharing)

There are a few issues you might encounter when using OpenVPN together with ICS:

  • ICS by default automatically assigns a static IP (192.168.137.1) on your LAN adapter, conflicting with OpenVPN IP. To address this, change OpenVPN config to have a consistent IP range or change HKLM\System\CurrentControlSet\services\SharedAccess\Parameters\ScopeAddress to 10.8.0.1.
  • On some later Windows versions, ICS might stop working after a reboot. The way to address this is mentioned in this Microsoft support article.

Below is an example of how to configure the registry:

Registry Configuration ScopeAddress

Final OpenVPN Tweaks

  1. Right-click openvpn-gui.exe and then: Properties -> Compatibility -> Run this program as an administrator
  2. (optional) Configure the OpenVPN server to start and connect automatically:
    3. "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect server.ovpn
← Previous Post Next Post