Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Create an OpenVPN Windows server that proxies internet traffic
Tested on Windows 10 x64, Anniversary Update

Set up OpenVPN

  1. Set up an OpenVPN connection following this guide

  2. Generate a TA key and place it in the same folder as the other certificates/keys:

openvpn --genkey --secret ta.key
  1. Append the following lines to your server.ovpn profile:
# Route all traffic through VPN
push "redirect-gateway def1"
# Push Google DNS to prevent leak
push "dhcp-option DNS"
  1. Append the following lines to your client.ovpn profile:
# Block DNS leak

Service tweaks

  1. Open the Services window
  2. Find Routing and Remote Access and set it to: Startup type - Automatic
  3. Start the service

Adapter tweaks

  1. Open the network adapters window
  2. Right-click your internet adapter (e.g. Ethernet) and then: Properties -> Sharing -> Allow other network users to connect through this computer's Internet connection
  3. (if applicable) From the drop-down list select your OpenVPN TAP adapter (e.g. Ethernet 2)

Note: Only one adapter can be shared at a time, so if you don't see the Sharing tab, make sure no other adapter is being shared.

Registry tweaks

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value: IPEnableRouter
Data: 0x00000001 (1)

Configure a static route (if behind router)

You have to route all packets sent to the client's virtual IP back to the VPN server.

Example using Cisco router: - virtual network subnet - virtual network subnet mask - VPN server internal IP (in the subnet of the router)

router setup

Final OpenVPN tweaks

  1. Right-click openvpn-gui.exe and then: Properties -> Compatibility -> Run this program as an administrator
  2. (optional) Configure the OpenVPN server to start and connect automatically:
"C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect server.ovpn

This comment has been minimized.

Copy link

@stefanos-apostolopoulos stefanos-apostolopoulos commented May 17, 2019

i want to run it as personal vpn server with internet access so these lines inside the server/client .ovpn must be the only one? or add them on sample?


This comment has been minimized.

Copy link

@maoanz maoanz commented Oct 1, 2019

I have been searching around for 2 days until I came to your post, it solves my problem.
I was thinking about configuration of OpenVPN, and there are a lot of post about openvpn configuration.
But in fact it's more about the configuration on windows that hosts the OpenVPN server.
Thanks a lot !


This comment has been minimized.

Copy link

@pskifast pskifast commented Apr 11, 2020

As previously stated by maoanz, I was too looking for this for a whole day! The key to get it working is not the VPN server config itself so much, but rather the static routing on the GW. Thank you very much!


This comment has been minimized.

Copy link

@caihongxu caihongxu commented May 20, 2020

There are a few issues I encountered when using OpenVPN together with ICS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment