To use OpenVPN with Windows, please download and install the latest version available from the OpenVPN website. There are two types of Windows Installers available, one for 32-bit and one for 64-bit Windows systems.
A dialog will appear asking your permission to make changes to your computer, grant it by choosing “Yes”. Now the “OpenVPN Setup Wizard” opens, after clicking “Next >” you get presented the “License Agreement” which you need to agree to by clicking “I Agree”. In the next window you can select the components to be installed, but you can go with the standard selection and just click “Next >”.
You can now optionally change the directory into which the OpenVPN files will be installed, or just click on “Install”. During the installation process a dialog will appear, asking you if you want to install the TAP Network Adapter. This virtual network adapter is required by OpenVPN, so you have to click on “Install”.
Once the installation process is done installing the files, another click on “Next >” leads to the final window offering the option to take a look at the readme file. A click on “Finish” closes the OpenVPN Installer.
The “OpenVPN GUI” has always to be executed as Administrator, as it needs administrative privileges in order to create the necessary network adapters and change the routing. There are two methods to accomplish this:
- By right-clicking and choosing “Run as Administrator”.
- By right-clicking and then choosing “Properties” – “Advanced…” and selecting “Run as administrator” then closing both windows clicking “OK”. From thereon a normal double click will be sufficient to start OpenVPN GUI.
When launching, a dialog pops up asking for permission to make changes to your system, confirm by selecting “Yes”. After starting the OpenVPN GUI, a small icon showing two red displays and a globe appears in the taskbar in the lower right corner.
Now you need to dowload the configuration files from the member area. The required file is usually "win_udp.zip" and is located under "OpenVPN Configuration Files" - "Windows". After downloading the file, it needs to be extracted, and the configuration files need to be copied into your OpenVPN config folder (usually: C://Program Files (x86)/OpenVPN/config). Again administrative privileges are necessary. If any problems occur using the UDP protocol, you can use the TCP version of the configuration files instead.
To terminate the VPN connection, right-click the icon and choose “Disconnect” from the expandable menu of the active configuration (indicated by the checkmark).
Prevent DNS leaks
A DNS leak is a problem for your privacy/anonymity wherein DNS requests (resolving e.g. www.perfect-privacy.com’s IP address) are sent to the DNS server of your Internet provider, instead of using the VPN tunnel and the DNS servers used by the VPN. This can happen under certain circumstances when using OpenVPN with Windows, and is a serious problem if it does, since not all your internet traffic would be going through the VPN tunnel.
To prevent Windows from using DNS IP addresses assigned by the router, it is sufficient to set the IP addresses to use as DNS servers manually in the “Preferences” of your network adapters. To do so, right-click the network icon in the taskbar and select “Open Network and Sharing Center”. At Connections click on your LAN connection. A click on “Properties” opens a new window, in which you need to select “Internet Protocol Version 4 (TCP/IPv4)” and then again click on “Properties”. In the newly appeared window change the DNS setting to “Use the following DNS server addresses” and enter the IP addresses of two free DNS servers, like OpenDNS: 220.127.116.11 and 18.104.22.168. Close the window by clicking “OK”.
If you don’t want to enter your login credentials on every establishment of a connection, you can create a file “password.txt” in your OpenVPN “config” directory (as Administrator). The file needs to contain your username in the first line, and your password in the second line.
Subsequently you need to modify your configuration. The easiest method is to right-click the icon in the traybar and then using the expandable menu and selecting “Edit config”. This opens your editor, you have to change the line “auth-user-pass” to “auth-user-pass password.txt”. From thereon you won’t be asked for login credentials during connection establishment, instead the ones from the “password.txt” will be used. This modification has to be done for every configuration you want it applied to.
Repairing the TAP Adapter
If the establishment of connections fails and you see messages like “TAP in use” in your log (visible during establishment of the connection, as well as via the expandable menu choosing “Log Information”) you probably need to repair your TAP Adapter. In order to repair it, change to the directory “C://Programs/TAP-Windows/bin”, and (as Administrator) execute the batch files “deltapall” and “addtap” in this order. This removes all TAP Adapters, and then sets up a new TAP Adapter.