Obtaining the software
There are only a few prerequisites that have to be met if you want to install OpenVPN on Windows, if you are running versions later than Windows 2000. Mac OS X is required on Apple platforms. Installation of OpenVPN can be done in one of the following ways:
- For Microsoft Windows operating systems, you have to download the binary .exe file from http://openvpn.net/index.php/open-source/downloads.html or the package containing a graphical user interface from http://openvpn.se/. Those who dare to use the release candidate of version 2.1, or a forthcoming version 2.1 will find that the Windows GUI is already integrated (since OpenVPN 2.1rc13 from October 2008).
- On Macintosh systems running Mac OS X, there is a graphical installation wizard and management tool called Tunnelblick.
Note that OpenVPN versions that are not tagged as stable should never be used in the production environment. There may be security issues and bugs that cause the code to crash or open your complete network to intruders. The stable versions have been tested for stability and security flaws, and will not be published as stable until they meet the developer team’s requirements.
Installing OpenVPN on Windows
If you want to install OpenVPN on Windows, you have to make a choice before downloading. You can install the original OpenVPN software from a link such as http://www.openvpn.net/release/openvpn-2.0.9-install.exe (this is still my preferred suggestion) or install the OpenVPN GUI from http://openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe. This package contains the OpenVPN software plus a GUI to bring up or close down tunnels. Especially, if you set up an OpenVPN client—be it a laptop or desktop PC for a home worker, which is only connecting temporarily to your VPN—the Windows user will want to have an easy-to-use, clickable interface. However, if you do not want the users to interact with the VPN tunnels, then the original OpenVPN software will do, and, as mentioned, beginning with release candidate 13 of version 2.1, the GUI is integrated.
OpenVPN can be made to run as a service on the Windows PC, which means it is started automatically on startup. It can be configured to enable the tunnel automatically or forced by a click of a mouse. The installation is pretty straightforward and should not pose any problem to the experienced Windows user. The following sections show you a guided installation process. If you are prompted that the driver has not passed Windows Logo testing, click on Install.
Downloading and starting installation
Download the newest version of the OpenVPN GUI from http://openvpn.se/ to your local drive. Log in as the administrator or a privileged user, and double-click on the downloaded file to start the Setup Wizard. If you are using a desktop firewall, you will be prompted to allow OpenVPN to be installed and connected to the Internet later.
The OpenVPN GUI installation wizard, probably the most convenient way to install OpenVPN on Windows, is started. Click on Next to proceed and agree to the terms of the license agreement (I Agree). Even though OpenVPN and the OpenVPN GUI are freely available under the open source General Public License (GPL), you still have to accept a license agreement. You should read the license to make sure that your planned use of OpenVPN conforms to it. Click on I Agree to proceed.
Selecting the components and location
The next dialog window offers a choice on the top of OpenVPN components that you may want to install. The standard selection of components change makes sense to is suitable for most cases.
In this dialog, you have several options to choose from. Even if you normally don’t need to make changes here, the following table gives you an overview of the entries and when you should install which feature. The Client Install is a system that only connects to another OpenVPN system, whereas the Server Install is an OpenVPN system that allows incoming connections.
As you can see, the only differences are the RSA management and the option to run OpenVPN as a service. Both can be configured using different methods later, such as the configuration file, the Windows system management, or software like xca that we will use to generate and administer certificates.
Press Next to continue installation and choose the path that you want to install OpenVPN to. This normally defaults to C:Program FilesOpenVPN, and there are usually very few reasons to change that. Click on Install to confirm.
While OpenVPN is installing, you can read its output in the installation window and follow the creation of folders, files, and shortcuts and the installation of drivers (TAP) for networking.
Recent Windows systems will warn you about the TUN/TAP driver that is about to be installed. As Microsoft can’t validate the origin of the driver, its security subsystem warns you with the following dialog (Windows Server 2008):
Click on Install this driver software anyway and see the OpenVPN installer complete the installation. If you’ve made it so far, you have successfully installed OpenVPN on your Windows system. If you want to read the Readme file, then activate the checkbox Show Readme before you click on Finish.