Very nice !! Has been explained very systematically and step wise, Also blog post is well drafted. Very rare video on youtube explaining openvpn "Server" setup on windows 👍. Also can you a please also guide me how to setup a OpenVPN server on Windows 10 home edition ? i guess it should work there too with an alternative server manager tool ?. We sometimes require it for office work for employees working remotely.
Hi my issue is : I made this folder : C:\Program Files\OpenSSL-Win64\bin\demoCA ewcerts and when I run this command : openssl ca -days 3650 -extensions usr_cert -cert certs\ca.crt -keyfile certs\ca.key -out client1.crt -infiles certs\client1.csr My Error is : Using configuration from C:\Program Files\OpenSSL-Win64\bin\openssl.cfg ca: ./demoCA/newcerts is not a directory ./demoCA/newcerts: No error but I have that directory !
Error adding request extensions from section v3_req F0000000:error:11000079:X509 V3 routines:v2i_AUTHORITY_KEYID:no issuer certificate:crypto\x509\v3_akid.c:145: F0000000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:crypto\x509\v3_conf.c:48:section=v3_req, name=authorityKeyIdentifier, value=keyid:always,issuer I get this error when I input "openssl req -days 3650 -nodes -new -keyout certs\server.key -out certs\server.csr -config C:\OpenSSL-Win64\bin\openssl.cfg" I've gone over your steps and looked up for some help online but can't fix the issue
This is by far the best video I have seen, I have a question, how do revoke client certificates and also add a layer of user/password to client when connecting? Thanks in Advance!
Revoke client certificate can be done through easy-ras scripts like "revoke-full" along with "crl-verify" scripts. Another option is use openssl commands like openssl ca -revoke client1.crt -keyfile certs\ca.key -cert certs\ca.crt -config C:\OpenSSL-Win64\bin\openssl.cfg Additionally The openvpn scripts plugins like auth-pam.pl can be used for user/pass client authentication along with other necessary changes needed.
@@SupportHostIN Thank you very much for your reply. Could you possibly do a video on this? I am thinking it could beneficial for others to know how to revoke a list of clients.
similar error after connection openvpn Options error: Unrecognized option or missing or extra parameter(s) in server.ovpn:78: ca (2.5.5) supporthost please help
When i run the command "openssl req -days 3650 -nodes -new -x509 -extensions v3_ca -keyout certs\ca.key -out certs\ca.crt -config C:\OpenSSL-Win64\bin\openssl.cfg" The output is like this: "req: Use -help for summary"
Hi! really awesome guide i just have a question: Is it possible to do all this in a way that my coworkers (i.e. the clients) can access the LAN IP addresses like a NAS, but would not pass through all their other internet traffic on my network?
By default, when an OpenVPN client is active, only network traffic to and from the OpenVPN server site will pass over the VPN. General web browsing, for example, will be accomplished with direct connections that bypass the VPN unless we enabled to route all client traffic towards OpenVPN server.
When i run the command "C:\OpenSSL-Win64\bin\demoCA>openssl ca -days 3650 -extensions usr_cert -cert certs\ca.crt -keyfile certs\ca.key -out server.crt -infiles certs\server.csr" i have this error "Unable to load certificate request C0110000:error:0480006C:PEM routines:get_name:no start line:crypto\pem\pem_lib.c:763:Expecting: CERTIFICATE REQUEST" , can help me ?
sir, at time line 21:08 you copy paste the command lines to create CA certificate. but for me it's giving error 'openssl' is not recognized as internal or external command, openable program or batch file. donno how you got this. please explain.
looks like somehow the openssl binary path is not defined correctly at Windows environment PATH. If its correctly defined try to reboot your OpenVPN server and see if that helps.
Sorry I mean you have a blog where you posted material on the subject, Is it fine by you if I use your screenshots for my own work where I need to describe but do not have the time to perform implementation right now.
@@SupportHostIN Mr I need your work as a reference and will refer to where I took the screenshots from which is the link to your blog and I ask you because I need your permission please.
I get Error when connect on server: 2022-05-28 10:31:32 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible. 2022-05-28 10:31:32 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers. 2022-05-28 10:31:32 --pull-filter ignored for --mode server Options error: You must define CA file (--ca) or CA path (--capath) Use --help for more information. Please help
The video is so good. It's really awesome. Please help me for the below When i run the command "openssl req -days 3650 -nodes -new -x509 -extensions v3_ca -keyout certs\ca.key -out certs\ca.crt -config C:\OpenSSL-Win64\bin\openssl.cfg" The output is like this: "req: Use -help for summary"
@@SupportHostIN I have typed the command manually "openssl req -days 3650 -nodes -x509 -extensions v3_ca -keyout certs\ca.key -out certs\ca.crt -config C:\Program Files\OpenSSL-Win64\bin\openssl.cfg" again facing the same error. Please help me on this. (Note: I have used the OpenSSL path inside of program files that's why I have changed the same in command).
server : Wed Mar 09 20:04:31 2022 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible. Wed Mar 09 20:04:31 2022 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers. Wed Mar 09 20:04:31 2022 --pull-filter ignored for --mode server client: Wed Mar 09 20:09:55 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Wed Mar 09 20:09:55 2022 TLS Error: TLS handshake failed
ok, in the openvpn config file at the ciphers defined section use "data-ciphers-fallback BF-CBC" as the error mentioned itself. After that OpenVPN service will start.
it would be a very nice idea if all these commands are in text files to download. the blog is not accessible.
It is an excellent tutorial, very well explained for beginners like me.
Please keep the good work!
Thanks, will do!
@@SupportHostIN podrias compartir los txt?
your tutorial worked perfectly for me, I'm a beginner, you helped me a lot.
Thank you for sharing
Really very useful video! Great thanks from Russia!
you can upload a text file?
Very nice !! Has been explained very systematically and step wise, Also blog post is well drafted. Very rare video on youtube explaining openvpn "Server" setup on windows 👍.
Also can you a please also guide me how to setup a OpenVPN server on Windows 10 home edition ? i guess it should work there too with an alternative server manager tool ?. We sometimes require it for office work for employees working remotely.
Thanks a ton. In case Windows 10 home edition acting as OpenVPN server, I am not sure how to NAT. May be you need to relay on your router for that.
I installed openSSL as in the video, however, i cant find the openssl,cfg. any suggestions?
Me tooo
Hi my issue is :
I made this folder : C:\Program Files\OpenSSL-Win64\bin\demoCA
ewcerts
and when I run this command :
openssl ca -days 3650 -extensions usr_cert -cert certs\ca.crt -keyfile certs\ca.key -out client1.crt -infiles certs\client1.csr
My Error is :
Using configuration from C:\Program Files\OpenSSL-Win64\bin\openssl.cfg
ca: ./demoCA/newcerts is not a directory
./demoCA/newcerts: No error
but I have that directory !
Error adding request extensions from section v3_req
F0000000:error:11000079:X509 V3 routines:v2i_AUTHORITY_KEYID:no issuer certificate:crypto\x509\v3_akid.c:145:
F0000000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:crypto\x509\v3_conf.c:48:section=v3_req, name=authorityKeyIdentifier, value=keyid:always,issuer
I get this error when I input "openssl req -days 3650 -nodes -new -keyout certs\server.key -out certs\server.csr -config C:\OpenSSL-Win64\bin\openssl.cfg"
I've gone over your steps and looked up for some help online but can't fix the issue
This is by far the best video I have seen, I have a question, how do revoke client certificates and also add a layer of user/password to client when connecting? Thanks in Advance!
Revoke client certificate can be done through easy-ras scripts like "revoke-full" along with "crl-verify" scripts.
Another option is use openssl commands like openssl ca -revoke client1.crt -keyfile certs\ca.key -cert certs\ca.crt -config C:\OpenSSL-Win64\bin\openssl.cfg
Additionally The openvpn scripts plugins like auth-pam.pl can be used for user/pass client authentication along with other necessary changes needed.
@@SupportHostIN Thank you very much for your reply. Could you possibly do a video on this? I am thinking it could beneficial for others to know how to revoke a list of clients.
Could you share the txt?
Options error: Unrecognized option or missing or extra parameter(s) in server.ovpn:191: push (2.5.3)
Use --help for more information.
Help pls....
similar error after connection openvpn Options error: Unrecognized option or missing or extra parameter(s) in server.ovpn:78: ca (2.5.5)
supporthost please help
error due to quotes, use " , not “
As per the error, there will be an invalid entry at line number 191. Check the entry and see if there any invalid character
@@SupportHostIN thanks
@@temamorg can u please help me an give the ovpn file .. i facing the same error and its not going away even when change the "
When i try connect openvpn at client, i got message : TLS handshake failed, maybe can you tell me where is wrong? Thanks
Very good 2022!!!!!!!!!!!!!!!!!
Thank you
When i run the command "openssl req -days 3650 -nodes -new -x509 -extensions v3_ca -keyout certs\ca.key -out certs\ca.crt -config C:\OpenSSL-Win64\bin\openssl.cfg"
The output is like this: "req: Use -help for summary"
Normally such output will get if there any syntax error in the command. Some characters or symbols have entered wrongly on your end.
Hi! really awesome guide i just have a question: Is it possible to do all this in a way that my coworkers (i.e. the clients) can access the LAN IP addresses like a NAS, but would not pass through all their other internet traffic on my network?
By default, when an OpenVPN client is active, only network traffic to and from the OpenVPN server site will pass over the VPN. General web browsing, for example, will be accomplished with direct connections that bypass the VPN unless we enabled to route all client traffic towards OpenVPN server.
Hi. Please assist
openssl req -days 3650 -nodes -new -x509...
Error checking x509 extension section v3_ca
looks like some kind of syntax issue at v3_ca section.
When i run the command "C:\OpenSSL-Win64\bin\demoCA>openssl ca -days 3650 -extensions usr_cert -cert certs\ca.crt -keyfile certs\ca.key -out server.crt -infiles certs\server.csr" i have this error "Unable to load certificate request
C0110000:error:0480006C:PEM routines:get_name:no start line:crypto\pem\pem_lib.c:763:Expecting: CERTIFICATE REQUEST" , can help me ?
were you able to fix the issue? I too facing the same exact problem.
great job. Thank you
Thank you too!
sir, at time line 21:08 you copy paste the command lines to create CA certificate.
but for me it's giving error
'openssl' is not recognized as internal or external command, openable program or batch file.
donno how you got this. please explain.
looks like somehow the openssl binary path is not defined correctly at Windows environment PATH. If its correctly defined try to reboot your OpenVPN server and see if that helps.
@@SupportHostIN did not help
@@SupportHostIN For sure, you need to set correct value path after add OPENSSL_CONF (pointing to 'openssl.cfg' bin directory).
Is it also possible to ping local network on network side (computers)?
yes, its possible. Advertise your local network through VPN Server.
Sorry I mean you have a blog where you posted material on the subject, Is it fine by you if I use your screenshots for my own work where I need to describe but do not have the time to perform implementation right now.
Sorry, Please don't
@@SupportHostIN Mr I need your work as a reference and will refer to where I took the screenshots from which is the link to your blog and I ask you because I need your permission please.
How can I connect using more than 3 clients?
I don't think any such limitation exits for the community edition.
I can't see open.cfg file in C:\OpenSSL-Win64\bin any idea?
Did you mean openssl.cfg ?. Normally it should be there
@@SupportHostIN I have problem with persmsion when edit file opvn. Do you have any idea to fix?
try to run the file editor program as administrator.
@@SupportHostIN How to find username and password about Remote access management. I have type username and password about VPS but it wrong
@@oTu5894 Logins need to be created
hi, it's ok if I use your screenshots in the video for further work?
sorry, I didn't get you
C:\OpenSSL-Win64\bin\demoCA>openssl req -days 3650 -nodes -new -x509 -extensions v3_ca -keyout certs\ca.key -out certs\ca.crt -config C:\OpenSSL-Win64\bin\openssl.cfg
"openssl" is not an internal or external command, operable program, or batch file.
somehow your openssl binary path not updated in windows environment section. Try to reboot your VPN server and see if that helps.
@@SupportHostIN does not work
I get Error when connect on server:
2022-05-28 10:31:32 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
2022-05-28 10:31:32 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2022-05-28 10:31:32 --pull-filter ignored for --mode server
Options error: You must define CA file (--ca) or CA path (--capath)
Use --help for more information.
Please help
looks like you haven't set cipher values and ca file locations on your config file.
The video is so good. It's really awesome.
Please help me for the below
When i run the command "openssl req -days 3650 -nodes -new -x509 -extensions v3_ca -keyout certs\ca.key -out certs\ca.crt -config C:\OpenSSL-Win64\bin\openssl.cfg"
The output is like this: "req: Use -help for summary"
okay, it could be the - character which become some en dashes instead of hyphens while you copy/pasted. Try to manually type it and see if that helps.
@@SupportHostIN I have typed the command manually "openssl req -days 3650 -nodes -x509 -extensions v3_ca -keyout certs\ca.key -out certs\ca.crt -config C:\Program Files\OpenSSL-Win64\bin\openssl.cfg" again facing the same error. Please help me on this.
(Note: I have used the OpenSSL path inside of program files that's why I have changed the same in command).
ho ok. It could be because of the space in the program files folder name.
@@hareeshubx3071 any solution !
tks tks tks
You're welcome!
server :
Wed Mar 09 20:04:31 2022 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
Wed Mar 09 20:04:31 2022 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Wed Mar 09 20:04:31 2022 --pull-filter ignored for --mode server
client:
Wed Mar 09 20:09:55 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Mar 09 20:09:55 2022 TLS Error: TLS handshake failed
ok, in the openvpn config file at the ciphers defined section use "data-ciphers-fallback BF-CBC" as the error mentioned itself. After that OpenVPN service will start.
@@SupportHostIN client TLS Error: TLS key ? modem open port? huawei HG8245H
or pls put your openssl.cfg for download direct pls
Okay, I will
@@SupportHostIN thank
For Godsake dude use AI to do voice overs. PLEASE