How to set up OpenVPN on Windows 7

How to set up OpenVPN on Windows 7

OpenVPN is a very popular cross platform open source VPN protocol. Many VPN providers offer a tailored version of the open source OpenVPN client to aid in the installation and configuration of the protocol for their service. Some providers even add custom features to their clients. However, many users desire to install the peer reviewed open source code for extra peace of mind. Some users, go a step further, preferring to compile the source code themselves to ensure they are getting binaries that are guaranteed to match the peer reviewed open source code.

Whilst, it is hard to confirm that a custom client does not contain a backdoor or other vulnerabilities, downloading the binaries from the OpenVPN website is a fairly safe choice when done properly. There is a certain amount of trust that you place in your VPN provider that their service is set up properly and they really are protecting your privacy and security. However, even the highest quality software is often found to have unforeseen bugs and vulnerabilities. This is where the strength of widely peer reviewed open source code comes in. If you are a Windows user and desire to use the OpenVPN binaries then this guide is for you.

Tutorial with Screenshots

1. The first thing you are going to want to do is download the binaries or source code from the official OpenVPN website. You can find the official downloads https://openvpn.net/index.php/open-source/downloads.html. You will almost certainly want to download the latest release, but you can check the release notes to see if you might have a reason to download an earlier release.

For Windows 7 you will want to download the installer for Windows Vista or later. The 32 bit version should work for everyone, but if you have a 64 bit operating system you should gain a little extra efficiency with the 64 bit version.

OpenVPN Client Download
Official signed source code and binaries download

It is a good idea to download the GnuPG signature and verify your download with GnuPG or PGP. OpenVPN offers instructions on verifying signatures at this link.

2. Once you have downloaded and verified your binary click on it to run the installer. You will most likely be prompted by Windows UAC to verify that you really want to run this binary.

User Access Control
Say yes to UAC to continue install

Once you verify with a Yes that you want to continue the install you will move through the installer’s steps.

3. Carefully read and follow the prompts. You should be fine with the default components, but advanced users might wish to add or remove some components.

OpenVPN Win7 Components
Default components should be fine for most users

Select your components and click Next to continue the installation.

4. Choose your installation destination and click Install to continue. This should begin installing OpenVPN to your specified destination.

Installation of the OpenVPN client.
Installation of the OpenVPN client.

You might see a warning asking you if you want to install “TAP” drivers. These are required for OpenVPN to work and you will need to answer yes and allow the TAP drivers to be installed. When the install is done click Next to finish.

5. You will now want to run the OpenVPN GUI to configure your newly installed client. The Windows OpenVPN GUI will have been installed if you stuck with the default components during install. Most Windows users will want to install the GUI unless they are comfortable with the command line and wish to use it instead.

Your VPN provider should provide you with OpenVPN config files setup for their service. The OpenVPN GUI will read any *.ovpn files under the ./config directory of the installation path, including subfolders. Visit your provider’s website and download their OpenVPN config files and copy them into your ./config directory.

OpenVPN Config file directory
OpenVPN config files with subdirectories

6. Once you have some configuration files installed, then you can run the GUI and connect to your service. It is important to note that the OpenVPN GUI will need to be run with administrator privileges in order to work. You can right click on the OpenVPN GUI icon and then click on Run as administrator.

Run OpenVPN GUI as Administrator
Run OpenVPN GUI as Administrator

You might wish to make this a permanent property. You can do this by right clicking on the OpenVPN icon and selecting Properties. Then click the Compatability tab and check the Run this program as an administrator box.

Run as administrator
Check box to make program always run as administrator

7. Now it is time to connect to your service! If you set the privilege level to be permanent you can double click the icon, otherwise right click and select the Run as administrator option.

It is a bit subtle, but if you look in your system tray you should now see an icon for the OpenVPN GUI. If it is not there click the system tray arrow to Show hidden icons.

System tray OpenVPN GUI icon
System tray icon

When you right click on the system tray icon you will be given a menu of possible connections. These will correspond to the *.ovpn files you copied into the ./config directory.

Select the profile you wish to connect to and click the Connect option. Most providers use a username/password authentication to their servers. You will need to enter the provider supplied credentials for your account.

User authentication
User authentication

After clicking OK you will connect to your provider and should see something like this;

Now connected
Now connected

Notice that the icon lock changed to a closed lock, and the screen background is now green indicating that you are connected to the VPN.

You can verify your connection by going to google.com and searching for “what is my ip” which should return the VPN server’s IP and not your ISP’s IP. If you do not know your ISP’s assigned IP you can check with google.com before connecting to your VPN.

What is my IP?
What is my IP?

8. When you wish to disconnect from your VPN you can double click the system icon and this will bring up a log window that has a couple of options.

Log window

If you click the Disconnect button this will disable your VPN. The OpenVPN GUI system tray icon will change from green back to grey and the lock will open.

You may notice in the log window above that there was an error; “route addition failed using CreateIpForwardEntry: Access is denied.” This is because I did not run the GUI with administrator privileges. Yet you will also notice that the client is reporting that it is connected, which it is. However, nothing will be routed through the VPN because I did not provide sufficient privileges to the OpenVPN client to change the routing table. It is always a good idea to verify that your IP has been changed to that of your VPN server.

That is all there is to it. Now you can enjoy the peace of mind that using an open source VPN client provides.


To learn more about this protocol, I highly recommend checking out my guide to OpenVPN, which includes recommendations of VPN providers offering the protocol.

Like this article? Spread the word!
Tweet about this on Twitter
Twitter
Share on Facebook
Facebook
0Share on Reddit
Reddit
0Share on Google+
Google+
0Share on LinkedIn
Linkedin
Share on VK
VK

My hacking career began at age 12, when my father brought home a Sinclair ZX-81 computer kit and a lifelong fascination with computing was born. I became a privacy and security advocate after learning of the US Government's criminal investigation against Phil Zimmermann. Years later I found myself in Silicon Valley being paid to hack Phil's PGP code. I soon tired of the rat race and moved to the Northwoods of Minnesota where I have over 2 million acres of protected wilderness to roam. Here I indulge in my passions for wilderness and technology and as an advocate for computer security and privacy.

Leave a Comment