OpenVPN Windows Quickstart




OpenVPN requires a configuration file and key/certificate files. You should obtain these and save them to OpenVPN’s configuration directory, usually “C:\Program Files\OpenVPN\config”.

You can run OpenVPN as a Windows system service, by using OpenVPN GUI or from a command-prompt. To use the OpenVPN GUI, double click on the desktop icon or start menu icon. OpenVPN GUI is a system-tray applet, so an icon for the GUI will appear in the lower-right corner of the screen. Right click on the system tray icon, and a menu should appear showing the names of your OpenVPN configuration files, and giving you the option to connect. Starting in OpenVPN 2.4-alpha1 admin privileges are no longer required for launching OpenVPN connections using configuration files stored in the global config directory (usually C:\Program Files\OpenVPN\config).  For further details please refer to OpenVPN GUI documentation:

https://github.com/OpenVPN/openvpn-gui

OpenVPN 2.4-alpha1 and later come bundled with three system services:

OpenVPNService (new, improved background service)
OpenVPNServiceInteractive (required to run GUI as non-admin)
OpenVPNServiceLegacy (deprecated background service)

The installer starts OpenVPNServiceInteractive automatically and configures it to start at system startup. This is done to allow unprivileged users to start OpenVPN connections using OpenVPN GUI without any extra configuration.

OpenVPNService is based on openvpnserv2, a complete rewrite of the OpenVPN service wrapper. It is intended for launching OpenVPN instances that should be up at all times, instead of being manually launched by a user. OpenVPNService is able to restart individual OpenVPN processes if they crash, and it also works properly on recent Windows versions. OpenVPNServiceLegacy tends to work poorly, if at all, on newer Windows versions (8+) and its use is not recommended.

 

BUILDING OPENVPN FOR WINDOWS

Official OpenVPN Windows releases are cross-compiled on Linux using the
openvpn-build buildsystem:

https://community.openvpn.net/openvpn/wiki/BuildingUsingGenericBuildsystem

First setup the build environment as shown in the above article. Then fetch the
openvpn-build repository:

git clone https://github.com/OpenVPN/openvpn-build.git

Review the build configuration:

openvpn-build/generic/build.vars
openvpn-build/windows-nsis/build-complete.vars

Build (unsigned):

cd openvpn-build/windows-nsis
./build-complete

Build (signed):

cd openvpn-build/windows-nsis
./build-complete –sign –sign-pkcs12=<pkcs12-file>\
–sign-pkcs12-pass=<pkcs12-file-password> \
–sign-timestamp=”<timestamp-url>”