NOW SpinRite 6.1 – Fast and useful for spinning and solid state mass storage!

Last Edit: May 04, 2013 at 18:12 (4,099.46 days ago)created by Steve Gibson

Welcome to GRC's OpenVPN HowTo Guide

These pages will guide Windows users with any level of networking experience through the entire process of installing and configuring a complete, practical, workable, reliable, super-secure, and completely FREE Virtual Private Network (VPN) system of their own.

Like GRC's web site, this guide is primarily intended for Windows users; but they are also readily adaptable for users of Macintosh, Linux, and Unix systems. Since I am also an avid user and advocate of FreeBSD Unix, I have included pages specific to that flavor of Unix as well.

The VPN system constructed from these pages will allow authorized mobile remote users to easily, reliably and securely connect to their small office / home office (SOHO) networks. State of the art strong authentication and encryption are employed from end to end to guarantee that only authorized users are able to connect, and that those connections cannot be intercepted, monitored, or altered in any way. Once connected in this manner, the VPN fully secures all network traffic of the remotely connected machine and provides access to the user's internal home or office network and to the Internet through their SOHO network's Internet connection.

The Holy Grail

These guide pages grew out of a quest for "The Holy Grail" of reliable and secure remote personal Internet connectivity. This quest was originally and thoroughly described during a classic series of five "Security Now!" audio podcasts with Leo Laporte, made during November and December of 2005:

    Virtual Private Networks (VPN): Theory

    VPN Secure Tunneling Solutions

    PPTP and IPSec VPN Technology

    "Hamachi" Rocks!

    VPNs Three: Hamachi, iPig, and OpenVPN

You may use the links above to listen to these standard MP3 audio files in either high quality or smaller reduced quality, and also reference their accompanying episode notes and full text transcripts.

What is "OpenVPN"

As described on the software's home page (, OpenVPN describes itself as . . .

"a full-featured SSL VPN solution which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls."

Written by James Yonan, OpenVPN is under continual development and evolution, and is currently available in versions for Windows 2000/XP and higher, Linux, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Solaris.

Why did I create this guide?

OpenVPN's greatest strength is its extremely high degree of configuration flexibility. It is truly a "Swiss Army Knife" VPN tool that handily accomplishes pretty much any "VPNish" task. But this tremendous flexibility comes at the cost of somewhat daunting complexity. Scroll down through the current release version's complete manual page to get an idea of OpenVPN's command-line and config-file configuration options.

Furthermore, a complete, turnkey, "soup to nuts" personal VPN solution requires OpenVPN's integration with interconnected components such as network bridging solutions, SOHO router configuration, and operating system configuration.

As you will learn on the following "Howto guide goals" page here, I have carefully and narrowly defined what I mean by a "Personal VPN Solution" — and it is exactly and only that which I describe. By deliberately limiting our target to the solution most useful to mobile remotely connecting users, I am able to offer a step-by-step guide with "pre-canned" configuration files which completely eliminates the need to understand OpenVPN's many options.

And users who want more are, of course, able to start with GRC's working configuration and extend or modify it from there.

The pages that follow . . .

The pages that follow will guide you, step-by-step, through the installation and configuration of an extremely robust, secure, remote access solution for networked computers. If you take the time to read what's here, you will learn to create and maintain an elegant OpenVPN-based solution of your own.

To learn what the resulting system will and will
not do, please read our Howto guide goals.

We encourage you to read through these pages in sequence (many are short):

1  Intro and background 
8  Create virtual NICs 
15  Dynamic DNS Service 
2  Howto guide goals  
9  Win 2000 bridging 
16  Testing the system 
3  Howto guide overview 
10  Win XP bridging 
17  HotSpot VPN Service 
4  Routing vs bridging 
11  FreeBSD bridging 
18  OpenVPN Alternatives 
5  Plan before you begin 
12  GRC's config files 
19  Howto guide FAQ 
6  Install OpenVPN client 
13  Secure certificates 
7  Install OpenVPN server 
14  Port forwarding 
20  Send us feedback 

Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2024 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: May 04, 2013 at 18:12 (4,099.46 days ago)Viewed 39 times per day