OpenVPN/Windows

The critical parts of deploying this VPN is to maintain security of your secret key--anybody with this key and the configuration file could connect to your server. The other consideration is that you could have IP address conflicts if you're connecting from a LAN that uses the same IP address range. See below if this is the case.Instructions (Windows)

  1. Download Windows Installer. Choose the latest "stable" version, in the installation package. (note: Windows Vista is not currently supported).
  2. Run the installer, with the following notes.
  3. At the Choose Components stage, accept the defaults, and optionally also check the"My Certificate Wizard." This will make future certificate management easier.
  4. Click the Continue Anyway button when you get the Windows warning:
  5. When the installer has finished, you should see a new icon in your system tray. That's the VPN.
  6. Download the zip file with your config file. Extract all the files in this zip to: C:\Program Files\OpenVPN\config
  7. Right-click the VPN system tray icon and click "Connect."

If you have a firewall, you will need to disable it on the new "Local Area Connection" interface in Network Connections to be able to access Windows shares on the intranet. You will also need to configure your firewall to allow OpenVPN to access the Internet through your main network connection. Also, if you're running Windows XP SP2, getting this interface to work the first time can be tricky--try disabling it, and then re-enabling it.
Congratulations! You're now connected!
To disconnect, double-click the system tray icon (which turns green when you're connected), and click Disconnect.
You should be able to browse the LAN as if you were there, and get to all the internal resources.IP Address Conflicts

There are several common IP address ranges, and if any of them are used for your office, you cannot use the same subnet at the remote end. 192.168.1.*

If your home LAN uses a conflicting subnet, you're going to need to change it to get it to work correctly. Valid private IP addresses include: 10.0.0.0 -> 10.255.255.255

Almost all consumer networking equipment use one of a few network ranges by default, depending on the brand: 192.168.0.* (Netgear, Dlink)

Pick a higher subnet and you should be fine. Freelock Computing uses 192.168.9., 192.168.10., and 192.168.19.. To make it easier for us to provide support, you should avoid all of those subnets and pick higher ones, say 192.168.93.