Using OpenVPN with Perfect Privacy

Note: Because OpenVPN is installed as a Windows service you will need administrator privileges to proceed with the following steps. Depending on your Windows configuration you will be asked for your administrator password (or whether you want to proceed as Administrator if your Windows user has these privileges) at one or more stages.

Downloading OpenVPN

To use OpenVPN with Windows, please download and install the latest version available from the OpenVPN website. There are two types of Windows Installers available, one for 32-bit and one for 64-bit Windows systems.

Installing

After downloading the installer file, open your “Downloads” folder and start the installation by double clicking on the file you just downloaded.

A dialog will appear asking your permission to make changes to your computer, grant it by choosing “Yes”. Now the “OpenVPN Setup Wizard” opens, after clicking “Next >” you get presented the “License Agreement” which you need to agree to by clicking “I Agree”. In the next window you can select the components to be installed, but you can go with the standard selection and just click “Next >”.

You can now optionally change the directory into which the OpenVPN files will be installed, or just click on “Install”. During the installation process a dialog will appear, asking you if you want to install the TAP Network Adapter. This virtual network adapter is required by OpenVPN, so you have to click on “Install”.

Once the installation process is done installing the files, another click on “Next >” leads to the final window offering the option to take a look at the readme file. A click on “Finish” closes the OpenVPN Installer.

Setup

The “OpenVPN GUI” has always to be executed as Administrator, as it needs administrative privileges in order to create the necessary network adapters and change the routing. There are two methods to accomplish this:

  1. By right-clicking and choosing “Run as Administrator”.
  2. By right-clicking and then choosing “Properties” – “Advanced…” and selecting “Run as administrator” then closing both windows clicking “OK”. From thereon a normal double click will be sufficient to start OpenVPN GUI.

When launching, a dialog pops up asking for permission to make changes to your system, confirm by selecting “Yes”. After starting the OpenVPN GUI, a small icon showing two red displays and a globe appears in the taskbar in the lower right corner.

Now you need to dowload the configuration files from the member area. The required file is usually "win_udp.zip" and is located under "OpenVPN Configuration Files" - "Windows". After downloading the file, it needs to be extracted, and the configuration files need to be copied into your OpenVPN config folder (usually: C://Program Files (x86)/OpenVPN/config). Again administrative privileges are necessary. If any problems occur using the UDP protocol, you can use the TCP version of the configuration files instead.

Establishing the VPN connection

A right-click on the small OpenVPN icon in the taskbar now reveals the installed configurations/servers.

Each configuration expands a menu, the first option of which is “Connect”, after selection you will be prompted for your username and password.

If both have been entered correctly the connection will be established. The VPN IP Address will be shown shortly and the color of the displays in the icon changes to green. The assigned VPN IP Address can be viewed again by hovering the icon with the mouse’s cursor.

To terminate the VPN connection, right-click the icon and choose “Disconnect” from the expandable menu of the active configuration (indicated by the checkmark).

After establishing a VPN connection, you can visit Perfect Privacy CheckIP to make sure your VPN connection works properly.

Prevent DNS leaks

A DNS leak is a problem for your privacy/anonymity wherein DNS requests (resolving e.g. www.perfect-privacy.com’s IP address) are sent to the DNS server of your Internet provider, instead of using the VPN tunnel and the DNS servers used by the VPN. This can happen under certain circumstances when using OpenVPN with Windows, and is a serious problem if it does, since not all your internet traffic would be going through the VPN tunnel.

At Perfect Privacy you get assigned two other randomly chosen Perfect Privacy servers as DNS servers when establishing a VPN connection. The DNS server you use can be viewed on the pages from DNS-OARC or dnsleaktest.com and others.

To prevent Windows from using DNS IP addresses assigned by the router, it is sufficient to set the IP addresses to use as DNS servers manually in the “Preferences” of your network adapters. To do so, right-click the network icon in the taskbar and select “Open Network and Sharing Center”. At Connections click on your LAN connection. A click on “Properties” opens a new window, in which you need to select “Internet Protocol Version 4 (TCP/IPv4)” and then again click on “Properties”. In the newly appeared window change the DNS setting to “Use the following DNS server addresses” and enter the IP addresses of two free DNS servers, like OpenDNS: 208.67.222.222 and 208.67.220.220. Close the window by clicking “OK”.

Automatic Login

If you don’t want to enter your login credentials on every establishment of a connection, you can create a file “password.txt” in your OpenVPN “config” directory (as Administrator). The file needs to contain your username in the first line, and your password in the second line.

Subsequently you need to modify your configuration. The easiest method is to right-click the icon in the traybar and then using the expandable menu and selecting “Edit config”. This opens your editor, you have to change the line “auth-user-pass” to “auth-user-pass password.txt”. From thereon you won’t be asked for login credentials during connection establishment, instead the ones from the “password.txt” will be used. This modification has to be done for every configuration you want it applied to.

Repairing the TAP Adapter

If the establishment of connections fails and you see messages like “TAP in use” in your log (visible during establishment of the connection, as well as via the expandable menu choosing “Log Information”) you probably need to repair your TAP Adapter. In order to repair it, change to the directory “C://Programs/TAP-Windows/bin”, and (as Administrator) execute the batch files “deltapall” and “addtap” in this order. This removes all TAP Adapters, and then sets up a new TAP Adapter.

If you have any questions, comments or other feedback regarding this howto, please use the corresponding thread in our community forums.