Home > Articles > Cisco Network Technology > General Networking > How to Configure OpenVPN

How to Configure OpenVPN

Article Description

OpenVPN may seem a little daunting at first, but once you get your feet wet this can be an incredibly useful (and free!) tool. In this article, Michael Riley shows you how to use OpenVPN for secure internet surfing on your client PCs. He’ll also help you set up the configuration that will allow you access to your home network while you’re traveling. From installation to troubleshooting, and using helpful OS-specific tips, this tutorial demystifies OpenVPN for the beginning user.

Like this article? We recommend

Comparing, Designing, and Deploying VPNs

Comparing, Designing, and Deploying VPNs


Creating Certificates

After you reboot, you are going to need to configure the OpenVPN files on your server using the command prompt and a text editor, such as Notepad.

Go to Start→ Run→ and type cmd to open the command prompt.

Then, enter the following command in order to move to the correct directory:

cd C:\Program Files\OpenVPN\easy-rsa

Then, type this command to run the batch file that will copy the configuration files into place:


Now open the file vars.bat in a text editor. It should be located at C:\Program Files\OpenVPN\easy-rsa\. Next, you should change the values of the following variables at the bottom of the file. These variables are KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL. Don’t leave any of these parameters blank.

Back at the command prompt, enter the following commands in order:


When you run build-ca, you will be prompted for several entries. You can simply hit Enter to accept the default values taken from the vars.bat file you customized. The only parameter that must be explicitly entered is the Common Name. Enter the name of your VPN for this entry. (An example would be MyVPN.)

Next, enter the following command to generate a certificate and private key for the server:

build-key-server server

Make sure you enter server for the Common Name. The rest of the settings can be left on the defaults. You can leave the challenge password and the optional company name blank if you like. Type y for yes at the last two queries, which are "Sign the certificate? [y/n]" and "1 out of 1 certificate requests certified, commit? [y/n]," respectively.

Now enter the following command one at a time changing the name for each:

build-key client1
build-key client2
build-key client3
build-key client4

and so on . . .

You will now be prompted to enter data just like when you built the server key. Make sure if you typed the command build-key client1 that you enter client1 for the Common Name. These entries much match up.

Run the above commands for as many clients as you would like to have on your VPN. I suggest that you create more than you think you will need now because it will save you the hassle of having to do it at a later time. Always use a unique common name for each client.

If you would like to password-protect your client keys, substitute build-key-pass for build-key.

The final step in this process is to generate Diffie-Hellman parameters for the OpenVPN server.

Enter this command to begin the process:


This might take a long time.

3. Example Network | Next Section Previous Section