How to configure OpenVPN

 29 / January / 2006 by Riley

OpenVPN is a tried and true VPN solution. It is totally secure and infinitely configurable. You can install and run this software without relying on a third party. The fact that it’s open source and free really makes it stand out though. OpenVPN can be a little daunting to configure the first time you jump into it, but once you get your configuration worked out, it’s a pleasure to use. Once you have the software running on your network, it’s possible to seamlessly perform a great number of tasks. One of the most popular and practical uses for OpenVPN is to enable secure surfing and home network access when out travelling or on an open wifi access point. It can also be used to connect separate remote networks together into one large network that is fully routable. There’s really no limit to what you can do with OpenVPN.

For the purposes of this article I am going to demonstrate how to set up OpenVPN on a typical home network. The below configuration will give your client PCs a secure internet access anywhere, as well as full access to your home network. The info contained in this tutorial will be aimed at Windows users with a router that has capabilities similiar to the Linksys WRT54G.

OpenVPN Installation:

First, download the install file from http://openvpn.se/download.html (openvpn-2.0.5-gui-1.0.3-install.exe). This is the GUI version of OpenVPN. It’s basically good ole OpenVPN with a minimal graphic interface that is accessible from the system tray.

Install it on the computer that is going to be your OpenVPN server first. This computer is going to need to be turned on and running OpenVPN at all times that you wish to have your virtual network accessible.

If you have any previous versions of OpenVPN installed, then shut down any running instance of it before running the install file.

Run the install program. During the installation you can choose if the GUI program will be started automatically at system startup. The default is yes. I recommend leaving all of the options on the default. All the instructions below assume that you have installed the program in the default directory. At the end of the install you will need to reboot the machine.

Creating certificates:

After rebooting you are going to need to configure the OpenVPN files on your server using the command prompt and a text editor like Notepad.

Go to Start – Run – and type cmd to open the command prompt.

Then enter the command below to move to the correct directory:

cd C:\Program Files\OpenVPN\easy-rsa

Then type this command to run the batch file that will copy the configuration files into place:

init-config

Now open the file vars.bat in a text editor. It should be located here: C:\Program Files\OpenVPN\easy-rsa\ You should change the values of the following variables at the bottom of the file KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL. Don’t leave any of these parameters blank.

Back at the command prompt you are going to enter the following commands in order:

vars
clean-all
build-ca

When you run build-ca you will be prompted for several entries. You can simply hit Enter to accept the default values taken from the vars.bat file you customized. The only parameter that must be explicitly entered is the Common Name. Enter the name of your VPN for this entry. An example would be MyVPN.

Next enter the following command to generate a certificate and private key for the server:

build-key-server server

Make sure you enter server for the Common Name. The rest of the settings can be left on the defaults. You can leave the challenge password and optional company name blank if you like. Type y for yes at the last two queries, “Sign the certificate? [y/n]” and “1 out of 1 certificate requests certified, commit? [y/n]”.

Now enter the following command one at a time changing the name for each:

build-key client1
build-key client2
build-key client3
build-key client4

and so on…

You will be prompted to enter data just like when you built the server key. Make sure if you typed the command build-key client1 that you enter client1 for the Common Name. These entries much match up.

Run the above commands for as many clients as you would like to have on your VPN. I suggest you create more than you think you will need now because it will save you the hassle of having to do it at a later time. Always use a unique common name for each client.

If you would like to password-protect your client keys, substitute build-key-pass for build-key

The final step in this process is to generate Diffie Hellman parameters for the OpenVPN server.

Enter this command to begin the process:

build-dh

This might take a long time.

Note: You only need to do the certificate process listed above on the server.

Example network:

The below config files and settings are configured for the following network scenerio:

Your home router’s IP address is 192.168.1.1 and its subnet mask is 255.255.255.0

Your OpenVPN server attached to that router has its network interface manually set to the IP address of 192.168.1.150 with the subnet mask 255.255.255.0 and a default gateway of 192.168.1.1

The router is configured to port forward port 1194 to the server’s IP address of 192.168.1.150

Note: 1194 is the default port for OpenVPN. It’s probably a good idea to change every instance of the port number 1194 to another port number for better security. Just make sure the router and all the config files are set to the same number.

If any aspect of your network is different, you will need to take that into consideration when following the rest of this guide.

Continue reading How to configure OpenVPN >>



Hamachi VPN Solution

 17 / January / 2006 by Riley

Hamachi is a great program that enables you to easily set up an encrypted private network between remote computers over the open internet. It’s a simple elegant solution without much fuss. It does have some limitations, but it’s definitely an easy and secure way to access your shared folders, enable remote network gaming, and control your machines via Remote Desktop or VNC type programs. The following tutorial will show you how to configure Hamachi to run and automatically connect in Windows 2000, XP, and 2003.

Installation:

To install Hamachi, simply download and run the install file from the Hamachi website: http://hamachi.cc/download Version 0.9.9.9 was the version I used for all of my testing. I recommend installing Hamachi in the default folder and not having it run automatically, especially if you would like to have it run as a service, like I describe below. After the installation you will need to reboot the computer.

After rebooting the machine start up Hamachi from the newly created shortcut. It will give you instructions to set up your account. Basically, you pick a nickname and it phones home to the Hamachi server to obtain your unique 5.X.X.X IP address. You might want to do this step at the same time on all your computers you plan to access with Hamachi. That way they will all get IP addresses close to one another. You then click “create new network” and enter a network name and password. I recommend using a site like https://www.grc.com/password to obtain a secure password.

Once you have installed Hamachi on all the computers you plan on using, you will need to click the button to “Join existing network” on all the other PCs. Enter your network name and password and click “Join”. Once it detects the the other computers it will place a green dot next to their entry in the list. You should then be able to access network shares and remote desktop or VNC into the computers. Use the assigned 5.X.X.X IP address to access each computer. One limitation of Hamachi is that you cannot currently use the program to securely surf the net from a remote location without using some kind of remote control app. Another program called OpenVPN is much better suited for that and other advanced routing tasks. I will cover OpenVPN in another article.

Running Hamachi as a Windows service:

I highly recommend running Hamachi as a Windows service. It takes a little more effort, but here’s how you do it.

You need two utilities – instsrv.exe and srvany.exe. Both can be found in the Windows Server Resource Kits. You can find the Windows 2003 Server Resource Kit here. But it is rather large and won’t install on Pre-XP Windows machines. So you might be better off doing a Google search for a site like this.

Once you have these utiltites, copy them into your Hamachi directory. (I’m going to assume that you used the default directory from here on out.)

Go to Start – Run – and type cmd to open the Command Prompt

Type these commands in order and hit enter after each:

cd C:\Program Files\Hamachi\
instsrv AutoHamachi “c:\program files\hamachi\srvany.exe”

This will add Hamachi as an available service in Windows.

Continue reading Hamachi VPN Solution >>



Customizing Windows 2000 Server

 16 / January / 2006 by Riley

Windows 2000 server doesn’t look very pretty, but it is very stable and fast. With a little work though you can tweak the interface to look however you want. Here’s some of the tools and methods I’ve come across to make this OS look better.

Resource Hacker

Resource Hacker lets you customize almost every aspect of the Windows OS interface from all the boot screens, dialog boxes, start menu, and system icons. It’s a freeware program and you can download it here: http://www.angusj.com/resourcehacker/

To customize Windows 2000 you first need to find the correct system files to edit. The most important ones are these:

Found in c:\WINNT\

explorer.exe

Found in c:\WINNT\system32\

MSGINA.dll

ntoskrnl.exe

shell32.dll

USER32.dll

Resource Hacker takes a little getting used to, but it’s basically straight forward. Just make sure you backup all of these files before messing with them. Also, once you edit any of these files Windows won’t let you save them in the original file folder while it’s up and running. There’s a few ways around this, but the simplest is just to boot up into DOS (or a program like ERD Commander) and copy the files over there. Here is some of the interfaces that are contained in each file:

– explorer.exe contains the string variable for the text on the start button.

– USER32.dll contains the icon for the start button.

– ntoskrnl.exe contains the Windows 2000 boot logo image in the bitmap section.

– MSGINA.dll contains a lot of the dialog boxes interfaces like login and shut down as well as the text strings that are used in them.

– shell32.dll contains all the system icons including the ones used in the start menu.

Microangelo

I had some problems trying to replace the icons in shell32.dll in Resource Hacker. I recommend just opening shell32.dll in an icon editor like Microangelo and doing it directly there.

You can get Microangelo here: http://www.microangelo.us/

Changing the Logon Background Color

A. Start Regedit B. Go to HKEY_USERS\.DEFAULT\Control Panel\Colors\Background C. Change the three numbers from the default of 58 110 165 to the RGB values you want D. For example 110 110 255 is a fairly light blue, 0 0 0 would be black E. Log off and log back on again to see the change.

There are also several other variables in this folder that you can play with the RGB values of to change different aspects of the bootup and shutdown screens.

Customize Internet Explorer

And if you’re tired of seeing “- Microsoft Internet Explorer” after the title of every web page then here’s how to change it to something else:

Find the following key in the registry:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

Then find the entry “Window Title” (if it is not there, then create it) and change the text to whatever you like.

Continue reading Customizing Windows 2000 Server >>



Welcome!

 14 / January / 2006 by Riley

The site is now live.