Beginning OpenVPN 2.0.9 — Save 50%
Build and integrate Virtual Private Networks using OpenVPN
Installing OpenVPN is easy and platform independent. In this article by Markus Feilner, we will see how to install it on Windows Server, Vista, and Mac OS X. For both operating systems, there are software packages available that can be downloaded very easily from the relevant web sites.
Obtaining the software
There are only a few prerequisites that have to be met if you want to install OpenVPN on Windows, if you are running versions later than Windows 2000. Mac OS X is required on Apple platforms. Installation of OpenVPN can be done in one of the following ways:
- For Microsoft Windows operating systems, you have to download the binary .exe file from http://openvpn.net/index.php/open-source/downloads.html or the package containing a graphical user interface from http://openvpn.se/. Those who dare to use the release candidate of version 2.1, or a forthcoming version 2.1 will find that the Windows GUI is already integrated (since OpenVPN 2.1rc13 from October 2008).
- On Macintosh systems running Mac OS X, there is a graphical installation wizard and management tool called Tunnelblick.
Note that OpenVPN versions that are not tagged as stable should never be used in the production environment. There may be security issues and bugs that cause the code to crash or open your complete network to intruders. The stable versions have been tested for stability and security flaws, and will not be published as stable until they meet the developer team's requirements.
Installing OpenVPN on Windows
If you want to install OpenVPN on Windows, you have to make a choice before downloading. You can install the original OpenVPN software from a link such as http://www.openvpn.net/release/openvpn-2.0.9-install.exe (this is still my preferred suggestion) or install the OpenVPN GUI from http://openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe. This package contains the OpenVPN software plus a GUI to bring up or close down tunnels. Especially, if you set up an OpenVPN client—be it a laptop or desktop PC for a home worker, which is only connecting temporarily to your VPN—the Windows user will want to have an easy-to-use, clickable interface. However, if you do not want the users to interact with the VPN tunnels, then the original OpenVPN software will do, and, as mentioned, beginning with release candidate 13 of version 2.1, the GUI is integrated.
OpenVPN can be made to run as a service on the Windows PC, which means it is started automatically on startup. It can be configured to enable the tunnel automatically or forced by a click of a mouse. The installation is pretty straightforward and should not pose any problem to the experienced Windows user. The following sections show you a guided installation process. If you are prompted that the driver has not passed Windows Logo testing, click on Install.
Downloading and starting installation
Download the newest version of the OpenVPN GUI from http://openvpn.se/ to your local drive. Log in as the administrator or a privileged user, and double-click on the downloaded file to start the Setup Wizard. If you are using a desktop firewall, you will be prompted to allow OpenVPN to be installed and connected to the Internet later.
The OpenVPN GUI installation wizard, probably the most convenient way to install OpenVPN on Windows, is started. Click on Next to proceed and agree to the terms of the license agreement (I Agree). Even though OpenVPN and the OpenVPN GUI are freely available under the open source General Public License (GPL), you still have to accept a license agreement. You should read the license to make sure that your planned use of OpenVPN conforms to it. Click on I Agree to proceed.
Selecting the components and location
The next dialog window offers a choice on the top of OpenVPN components that you may want to install. The standard selection of components change makes sense to is suitable for most cases.
In this dialog, you have several options to choose from. Even if you normally don't need to make changes here, the following table gives you an overview of the entries and when you should install which feature. The Client Install is a system that only connects to another OpenVPN system, whereas the Server Install is an OpenVPN system that allows incoming connections.
As you can see, the only differences are the RSA management and the option to run OpenVPN as a service. Both can be configured using different methods later, such as the configuration file, the Windows system management, or software like xca that we will use to generate and administer certificates.
Press Next to continue installation and choose the path that you want to install OpenVPN to. This normally defaults to C:Program FilesOpenVPN, and there are usually very few reasons to change that. Click on Install to confirm.
While OpenVPN is installing, you can read its output in the installation window and follow the creation of folders, files, and shortcuts and the installation of drivers (TAP) for networking.
Recent Windows systems will warn you about the TUN/TAP driver that is about to be installed. As Microsoft can't validate the origin of the driver, its security subsystem warns you with the following dialog (Windows Server 2008):
Click on Install this driver software anyway and see the OpenVPN installer complete the installation. If you've made it so far, you have successfully installed OpenVPN on your Windows system. If you want to read the Readme file, then activate the checkbox Show Readme before you click on Finish.
eBook Price: $35.99
Book Price: $59.99
Testing the installation—a first look at the panel applet
After the installation of OpenVPN GUI, OpenVPN is started and a panel applet is created. In the following screenshot, it is the icon close to the left, with the two red computer screens connected with a globe. Although this image is from Windows Server 2008, it looks pretty much the same on other Windows systems:
The applet provides a convenient method for Windows users to control and configure (partly) OpenVPN. However, as there is no interface for configuration yet, the configuration file can only be edited by using an editor, and until a first configuration is created, the context menu may look rather poor. Right-click on the panel applet as shown in the following screenshot:
Later, when we have configured the first connection, this menu will be populated with new entries. With entries showing, such as Connect and Disconnect, you can start and stop the configured tunnels. At the same time, the start menu is populated with new entries. Consider the following screenshot:
The rest of the configuration setup is done within a text editor like Notepad. The following image shows the file C:WindowsProgram FilesopenVPNsample-configclient:
Installing OpenVPN on Mac OS X (Tunnelblick)
Of course there is also OpenVPN software for Mac OS X. Its name is Tunnelblick and it is free open source software, released under the GPLv2 license, and it contains a graphical installation wizard. You can download it from http://code.google.com/p/tunnelblick/. It comes as a disk image file (.dmg), including the command-line application (by the OpenVPN project) and the Tunnelblick GUI for Macintosh computers. It works on all Mac OS X later than Tiger (10.4).
If you need more detailed information on installing and uninstalling Tunnelblick, the online readme http://www.tunnelblick.net/README.txt file is the best place to look. It contains a full list of the files that are installed on your system. For version 3.0, these files are as follows:
To uninstall Tunnelblick from your system, you just need to delete these files and reboot your machine.
But before that, let's install Tunnelblick. The installation is started simply by double-clicking on the file Tunnelblick-Complete.mpkg to start the installation wizard.
An installation wizard will guide you through five steps. Simply choose the installation location and type and the wizard will solve all your questions. The file README.txt contains information on installing, uninstalling, and the configuration of OpenVPN with special regards to Macintosh and OS X 10.3 or later.
Testing the installation—the Tunnelblick panel applet
After installation, you will find the Tunnelblick icon in the system tray of your panel.
If you select the menu entry Edit Config File…, then you will be presented with the standard configuration file in a text editor, as shown in the following screenshot:
If you need more information on OpenVPN on Macintosh, the following links are good places to visit:
- Detailed installation instructions for Mac OS X 10.3: http://www.helsinki.fi/atk/english/hy-ppp/hy-vpn/hy-vpn-mac.html
- Homepage of the Tunnelblick OpenVPN wrtGUI for Macintosh: http://www.tunnelblick.net/
This article showed that installation of OpenVPN is very easy on both Windows and Mac. There are working and very reliable software packages , and installation GUIs for both platforms.
If you have read this article you may be interested to view :
- Networking with OpenVPN
- Advantages and History of OpenVPN
- Installing OpenVPN on Linux and Unix Systems: Part 1
- Installing OpenVPN on Linux and Unix Systems: Part 2
eBook Price: $35.99
Book Price: $59.99
About the Author :
Markus Feilner is a Linux professional from Regensburg, Germany, and has been working with open-source software since the mid 1990s. His first contact with UNIX was a SUN cluster and SPARC workstations at Regensburg University (during his studies of geography). Since the year 2000, he has published several documents used in Linux training all over Germany. In 2001, he founded his own Linux consulting and training company, Feilner IT.
He was working as a trainer, consultant, and systems engineer at Millenux, Munich, where he focused on groupware, collaboration, and virtualization with Linux-based systems and networks.
Since 2007, he is an editor at the German Linux-Magazine, where he is writing about Open-Source-Software for both printed and online magazines, including the Linux Technical Review and the Linux Magazine International www.linux-magazine.com. He regularly holds speeches and lectures at conferences in Germany.
He is interested in anything about geography, traveling, photography, philosophy (especially that of open-source software), global politics, soccer and literature, but always has too little time for these hobbies.
Markus Feilner supports Linux4afrika - a project bringing Linux computers into African schools. For more information please visit www.linux4afrika.de!