Page 1 of 1

Windows XP as OpenVPN server with redirect-gateway

Posted: Tue Mar 22, 2011 6:14 am
by Bebop
Diagram:
Image

Goal:
  • Your Windows XP PC becomes an Internet gateway, using OpenVPN server mode. Traffic can be tunneled from any OpenVPN client.
Scope:
  • This example assumes that you already know how to install OpenVPN and setup keys and/or certificates. For the scope of this example, information about key and certificate management will not be provided.
Overview:
  • We'll setup a server.ovpn, a client.ovpn, and some Windows XP settings. Keep in mind that .ovpn is the Windows equivalent of .conf in Linux.
The Code

server.ovpn

Code: Select all

port 1194
proto udp
dev tun
server 10.0.0.0 255.255.255.0   #you may choose any subnet. 10.0.0.x is used for this example.

ca ca.crt                    #certs are optional. you may choose to go with keys or passwords instead.
cert my-server.crt
key my-server.key  
dh dh1024.pem

push "redirect-gateway def1"

push "dhcp-option DNS 8.8.8.8" 

#the following commands are optional
keepalive 10 120         
comp-lzo                   
persist-key                
persist-tun                
verb 3                      
Client.ovpn

Code: Select all

client
dev tun
proto udp
remote public.ip.of.winXP.server 1194   

resolv-retry infinite
nobind
persist-key
persist-tun

ca ca.crt
cert client.crt
key client.key
ns-cert-type server

comp-lzo
verb 3
explicit-exit-notify 2
ping 10
ping-restart 60

route-method exe
route-delay 2
Windows XP settings for forwarding VPN traffic

Code: Select all

Start -> Right-click My Computer -> Manage
Services
Right-click Routing and Remote Access -> Properties -> Automatic
Right-click Routing and Remote Access -> Start

Next:

Control Panel
Network Connections
Local Area Connection   (or whichever is your primary Internet interface [with your WAN ip])
Properties
Advanced
Tick the box "Allow other network users to connect through this computer's Internet connection"
From the drop-down list select "Local Area Connection 2", or whatever is the connection name of your TAP OpenVPN server interface.

Start->run->regedit (you type regedit)*

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value: IPEnableRouter
Type: REG_DWORD
Data: 0x00000001 (1)

*Since this is Windows XP, you should restart Windows after making changes to registry
Notes:
  • This is very similar Windows 7 solution. If you know an easier or more efficient set of methods, please do share. If you know a proper method for forwarding DNS, also please do share.

Re: Windows XP as OpenVPN server with redirect-gateway

Posted: Wed Mar 21, 2012 1:38 pm
by fourwed
I am using the same method by turning on the Internet connection sharing (ICS) to the TAP interface in my windows xp (OpenVPN server). It works fine.

Recently, I have upgraded my Internet to 200M and I want to utilize all bandwidth without upgrading my wifi router. Therefore, I am planning to plug the 200M WAN directly to my windows xp (OpenVPN server) and then share it to other computers in my home via another LAN interface. This means that I will using my windows xp as a router.

My question is, is there any solution to replace the "ICS to TAP interface", so that I could release the ICS to another LAN interface?

Re: Windows XP as OpenVPN server with redirect-gateway

Posted: Sat Apr 21, 2012 12:04 am
by bee_kay
1) Great job Bebop! It's *almost* exactly what I need, just the wrong flavor of OS - I need a CentOS configuration example.
2) Search tools, and Index, are quite poor, and won't let me search for the same functionality for LINUX host.
3) I am newbie to this tool, and need this instantly if not sooner, so any URLs, topic IDs, or configuration suggestions would be greatly appreciated.

Re: Windows XP as OpenVPN server with redirect-gateway

Posted: Sat Apr 21, 2012 12:06 am
by bee_kay
Sorry for not reading more closely! I just spotted your "remember in Linux, these files are .conf"
-Bee Kay-

Re: Windows XP as OpenVPN server with redirect-gateway

Posted: Wed Mar 20, 2013 1:31 pm
by scarabeuz
after completing this guide openvpn client will not get the public IP of the Windows XP server, is it right?

Re: Windows XP as OpenVPN server with redirect-gateway

Posted: Fri Apr 05, 2013 9:37 pm
by jmarshallh
hi, just questions about this tuto :

_ when activate ICS , your LAN is 198.168.0.0 ?
_ i read that a new ip is created 192.168.0.1 and that we CAN'T modify it, so if my lan is 192.168.10.0 it won't work
_ when i read your conf : i didn't notice a tun device : where is the line dev-node ?
_ i tried what you explain and it doesn't work for me ! maybe problem of lan 192.168.10.0 ?

thanks for ideas ....

Re: Windows XP as OpenVPN server with redirect-gateway

Posted: Fri Apr 05, 2013 9:59 pm
by jmarshallh
edit : i understand that dev node is not necessarily needed :) sorry :oops:

Re: Windows XP as OpenVPN server with redirect-gateway

Posted: Wed Jun 12, 2013 2:59 pm
by GC23
Thank you for this tutorial, it helped me a lot with my XP settings and I was able to successfully browse the internet over my vpn server.

One question I had, however, (as I am trying to understand the processes involved) is what does the line:

push "dhcp-option DNS 8.8.8.8"

do from a networking standpoint exactly?

Re: Windows XP as OpenVPN server with redirect-gateway

Posted: Mon Oct 14, 2013 11:19 pm
by charmander
Bebop,

There is a problem with your instructions.
Control Panel
Network Connections
Local Area Connection (or whichever is your primary Internet interface [with your WAN ip])
Properties
Advanced
Tick the box "Allow other network users to connect through this computer's Internet connection"
From the drop-down list select "Local Area Connection 2", or whatever is the connection name of your TAP OpenVPN server interface.
There is no drop down list in the xp network location you talk about. After you check "allow other network users....", there is a "settings" button. When you click this, you are presented with "select the services running on your network that internet users can access". There are some common ones there already that you can enable, but none are "local area connection 2" or your VPN interface.

You can hit "add", where you are expected to enter the information manually. It would be helpful if you explained what should be entered there.

Re: Windows XP as OpenVPN server with redirect-gateway

Posted: Wed Jun 18, 2014 6:26 pm
by kshutch
I am not sure exactly how or why, but the select list will show in XP. I did not see it at first, none of the services in the settings list were what I needed either.

I was previously trying to do all of this using netsh, so I had to undo those changes (if you did nothing with netsh before this, then do not worry about it)

I then went back into the Local Area Connection properties-->Advanced and ticked to allow others to connect to this internet connection.

I had my other local area connection that the tap drive is on turned off (just not connected) and then I clicked to add a service. I made the
service called opvn, on the computers name I was at (), with the default openvpn ports 1194 for both internal and external. When I hit ok on this window, then ok on the service list window, the select list then showed as mentioned above. I was then able to select the Local Area Connection associated with the tap driver.

I am going to remove everything I did and redo it to make a guide...this whole process took me almost 6 hours to figure out and that is a long time for me. I connected to another network though, checked my ip, then connected to open vpn and my ip was changed.

This certainly works though the tinkering-with-it factor is pretty high.