Client installation involves three basic steps:
1. Get a certificate that identifies the client computer, if this is not already done.
2. Install the OpenVPN package, preferably one pre-packaged with all the configuration files:
a ta.key,
a CA certificate,
a configuration file.
3. Change a single line in the OpenVPN configuration file to match the client machine name.
4.1 Getting a certificate
If this is not handled by Group Policy, a certificate can be gotten manually, assuming you have a PKI in house already.
Before starting, the machine must be a domain member and on the network.
Go to Start > run > and type mmc
Add "Certificates" snap-in (Computer account).
Open the "Personal" folder; Right Click > All Tasks > Request New Certificate.
Select "Computer" as the type of request
Select
4.2 Install the OpenVPN executable
Install with defaults.
During install, you may get a warning about an unsigned driver. This is normal. Click "CONTINUE".
4.3 Configure the client
Open the C:\Program Files\OpenVPN\config folder; Open the ovpn file. At the cryptoapicert line, change the "MACHINENAME" to the name of the client machine, i.e. YOURCLIENT.YOURDOMAIN.COM
cryptoapicert "SUBJ:YOURCLIENT.YOURDOMAIN.COM"
VISTA/Win7: The shortcut should be set to run as Administrator.
You are ready to go.
No comments:
Post a Comment