Very nice !! Has been explained very systematically and step wise, Also blog post is well drafted. Very rare video on youtube explaining openvpn "Server" setup on windows 👍. Also can you a please also guide me how to setup a OpenVPN server on Windows 10 home edition ? i guess it should work there too with an alternative server manager tool ?. We sometimes require it for office work for employees working remotely.
Hi my issue is : I made this folder : C:\Program Files\OpenSSL-Win64\bin\demoCA ewcerts and when I run this command : openssl ca -days 3650 -extensions usr_cert -cert certs\ca.crt -keyfile certs\ca.key -out client1.crt -infiles certs\client1.csr My Error is : Using configuration from C:\Program Files\OpenSSL-Win64\bin\openssl.cfg ca: ./demoCA/newcerts is not a directory ./demoCA/newcerts: No error but I have that directory !
Error adding request extensions from section v3_req F0000000:error:11000079:X509 V3 routines:v2i_AUTHORITY_KEYID:no issuer certificate:crypto\x509\v3_akid.c:145: F0000000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:crypto\x509\v3_conf.c:48:section=v3_req, name=authorityKeyIdentifier, value=keyid:always,issuer I get this error when I input "openssl req -days 3650 -nodes -new -keyout certs\server.key -out certs\server.csr -config C:\OpenSSL-Win64\bin\openssl.cfg" I've gone over your steps and looked up for some help online but can't fix the issue
This is by far the best video I have seen, I have a question, how do revoke client certificates and also add a layer of user/password to client when connecting? Thanks in Advance!
Revoke client certificate can be done through easy-ras scripts like "revoke-full" along with "crl-verify" scripts. Another option is use openssl commands like openssl ca -revoke client1.crt -keyfile certs\ca.key -cert certs\ca.crt -config C:\OpenSSL-Win64\bin\openssl.cfg Additionally The openvpn scripts plugins like auth-pam.pl can be used for user/pass client authentication along with other necessary changes needed.
@@SupportHostIN Thank you very much for your reply. Could you possibly do a video on this? I am thinking it could beneficial for others to know how to revoke a list of clients.
similar error after connection openvpn Options error: Unrecognized option or missing or extra parameter(s) in server.ovpn:78: ca (2.5.5) supporthost please help
When i run the command "openssl req -days 3650 -nodes -new -x509 -extensions v3_ca -keyout certs\ca.key -out certs\ca.crt -config C:\OpenSSL-Win64\bin\openssl.cfg" The output is like this: "req: Use -help for summary"
When i run the command "C:\OpenSSL-Win64\bin\demoCA>openssl ca -days 3650 -extensions usr_cert -cert certs\ca.crt -keyfile certs\ca.key -out server.crt -infiles certs\server.csr" i have this error "Unable to load certificate request C0110000:error:0480006C:PEM routines:get_name:no start line:crypto\pem\pem_lib.c:763:Expecting: CERTIFICATE REQUEST" , can help me ?
Hi! really awesome guide i just have a question: Is it possible to do all this in a way that my coworkers (i.e. the clients) can access the LAN IP addresses like a NAS, but would not pass through all their other internet traffic on my network?
By default, when an OpenVPN client is active, only network traffic to and from the OpenVPN server site will pass over the VPN. General web browsing, for example, will be accomplished with direct connections that bypass the VPN unless we enabled to route all client traffic towards OpenVPN server.
sir, at time line 21:08 you copy paste the command lines to create CA certificate. but for me it's giving error 'openssl' is not recognized as internal or external command, openable program or batch file. donno how you got this. please explain.
looks like somehow the openssl binary path is not defined correctly at Windows environment PATH. If its correctly defined try to reboot your OpenVPN server and see if that helps.
I get Error when connect on server: 2022-05-28 10:31:32 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible. 2022-05-28 10:31:32 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers. 2022-05-28 10:31:32 --pull-filter ignored for --mode server Options error: You must define CA file (--ca) or CA path (--capath) Use --help for more information. Please help
Sorry I mean you have a blog where you posted material on the subject, Is it fine by you if I use your screenshots for my own work where I need to describe but do not have the time to perform implementation right now.
@@SupportHostIN Mr I need your work as a reference and will refer to where I took the screenshots from which is the link to your blog and I ask you because I need your permission please.
The video is so good. It's really awesome. Please help me for the below When i run the command "openssl req -days 3650 -nodes -new -x509 -extensions v3_ca -keyout certs\ca.key -out certs\ca.crt -config C:\OpenSSL-Win64\bin\openssl.cfg" The output is like this: "req: Use -help for summary"
@@SupportHostIN I have typed the command manually "openssl req -days 3650 -nodes -x509 -extensions v3_ca -keyout certs\ca.key -out certs\ca.crt -config C:\Program Files\OpenSSL-Win64\bin\openssl.cfg" again facing the same error. Please help me on this. (Note: I have used the OpenSSL path inside of program files that's why I have changed the same in command).
server : Wed Mar 09 20:04:31 2022 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible. Wed Mar 09 20:04:31 2022 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers. Wed Mar 09 20:04:31 2022 --pull-filter ignored for --mode server client: Wed Mar 09 20:09:55 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Wed Mar 09 20:09:55 2022 TLS Error: TLS handshake failed
ok, in the openvpn config file at the ciphers defined section use "data-ciphers-fallback BF-CBC" as the error mentioned itself. After that OpenVPN service will start.
