Create an OpenVPN Windows server that proxies internet traffic

OpenVPN Internet Proxy Windows.md

Tested on Windows 10 x64, Anniversary Update
17.09.2017

Set up OpenVPN

1. Set up an OpenVPN connection following this guide

2. Generate a TA key and place it in the same folder as the other certificates/keys:

openvpn --genkey --secret ta.key

3. Append the following lines to your server.ovpn profile:

# Route all traffic through VPN
push "redirect-gateway def1"
# Push Google DNS to prevent leak
push "dhcp-option DNS 8.8.8.8"

4. Append the following lines to your client.ovpn profile:

# Block DNS leak
block-outside-dns

Service tweaks

1. Open the Services window
2. Find Routing and Remote Access and set it to: Startup type - Automatic
3. Start the service

Adapter tweaks

1. Open the network adapters window
2. Right-click your internet adapter (e.g. Ethernet) and then: Properties -> Sharing -> Allow other network users to connect through this computer's Internet connection
3. (if applicable) From the drop-down list select your OpenVPN TAP adapter (e.g. Ethernet 2)

Note: Only one adapter can be shared at a time, so if you don't see the Sharing tab, make sure no other adapter is being shared.

Registry tweaks

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value: IPEnableRouter
Type: REG_DWORD
Data: 0x00000001 (1)

Configure a static route (if behind router)

You have to route all packets sent to the client's virtual IP back to the VPN server.

Example using Cisco router:

10.8.0.0 - virtual network subnet
255.255.255.0 - virtual network subnet mask
192.168.1.175 - VPN server internal IP (in the subnet of the router)

Final OpenVPN tweaks

1. Right-click openvpn-gui.exe and then: Properties -> Compatibility -> Run this program as an administrator
2. (optional) Configure the OpenVPN server to start and connect automatically:

"C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect server.ovpn