Create Your Own VPN Server on Windows: A Beginner’s Tutorial

Please note that by installing and using a VPN server, you may be exposing your home network to potential security risks. I am not responsible for any damages that may occur as a result of following these instructions.

This guide will demonstrate how to set up a VPN server on a Windows 10 computer, enabling you to use your home internet connection as a VPN. While it is possible to create a VPN server on a Linux or MacOS computer, this guide will specifically focus on Windows. I used this method while traveling in China and can confirm that, at the time of writing, it was effective in circumventing the Great Firewall of China.

Here are the different ways to create a VPN server ;

  • Windows 10 integrated VPN server
  • SoftEther VPN server
  • OpenVPN server

To start, you’ll need a Dynamic DNS service; this is only for the Windows 10 VPN server and OpenVPN server, as SoftEther comes with a free DDNS service that is activated by default. Meaning we’re going to create an address that is going to redirect to your home IP, so even if your IP changes the service is going to work. Alternatively, you could call your ISP and pay for a static IP, but a DDNS is just as good and is free.

Here is a list of free DDNS services; simply create an account and install the client on the PC you’re going to use as the VPN server ;

http://freedns.afraid.org/
https://www.noip.com/free
https://www.duckdns.org/
https://www.cloudns.net/dynamic-dns/

And then, of course, you”‘ll have to do some port forwarding from your router to the computer hosting the VPN server ;

Windows VPN server: TCP, port 1723.

SoftEther: TCP, port 1194 + UPD ports 500, 4500 (for L2TP/IPsec).

OpenVPN : TCP, port 1194.

Windows 10 VPN server

For Windows 10 Built-in VPN service, the steps are quite easy ;

Open the Start menu, type ncpa.cpl, and open that control panel item

WinVPN-001.PNG.f090678ac7e44ef7449b38af48178880.PNG

While in Network Connections, click on File>New Incomming Connection

WinVPN-002.PNG.afdf51725787eaeed6898d6125439b5d.PNG

On the menu that opens, select the user account that you want to your for the VPN connection (so that you can log in to the VPN); you can also add a new account just for the VPN connection (that’s what I suggest) by clicking on “Add someone…”.

WinVPN-003.PNG.5c55e741a5e9bc9b066d3b420cd522b7.PNG

Next, check the option “Through the Internet”

WinVPN-004.PNG.b994a70f5c16194b8e39508fe5de3170.PNG

Click next, then “Allow access,” and finally, “close” 

See also  Unlock Your Files on Windows with LockHunter

Now, if you look in Network connections, you’ll see a new device named “Incomming connections.”

WinVPN-005.PNG.120b62f24f61aa0e00b0bec56334d204.PNG

Now, to connect to that VPN from a PC, go to the Settings app, then Network & Internet > VPN > Add a VPN connection and fill the information for the connection (Windows VPN is a PPTP type), the settings are similar when using a phone ;

WinVPN-006.PNG.40ffa3938acacd543becb791f78bd93d.PNG

SoftEther VPN server

To get the SoftEther VPN server software, go to http://www.softether-download.com/en.aspx?product=softether select the following, and click on the first download link (often a beta build, so if you’re not comfortable with a beta build, scroll down until you see an RTM release) ;

SoftEther-001.PNG.4008f8f3965044f1b124e3efe6227ec4.PNG

Once downloaded, run the .exe, click NEXT, then on the list, select SoftEther VPN Server ;

SoftEther-003.PNG.ae8fbeff921f7f010353dfe96b28b2d0.PNG

Accept the license agreement, leave everything as default, and click NEXT a few times; you can also change the install location if you want to ;

SoftEther-004.PNG.555048b76de1721bbc18845f4aae2089.PNG

Click NEXT until SoftEther starts installing, then FINISH and leave the box checked ;

SoftEther-005.PNG.227934b7fa576aed8bfcc3c4fe77a716.PNG

In the server manager, click CONNECT and enter a new password for the server admin ;

SoftEther-006.jpg.99eb4c3afa8e1d855d9f8bb942132c20.jpg
SoftEther-007.jpg.ac43f5aad4f8fd708d176c9c011e4041.jpg

Now, in the Bridge Easy Setup window, select “Remote Access VPN Server,” then click NEXT and YES on the popup ;

SoftEther-008.jpg.db3861380fb36770e6a615380b3dc702.jpg

Choose whatever name you want for your VPN ;

SoftEther-009.jpg.c05abbdcb6edcff68252d5947f51620f.jpg

Now you can set the SoftEther DDNS settings (you can leave it as-is or change it for something else, then EXIT ;

SoftEther-010.jpg.f77f41595c4b963fa752917f37fb79ce.jpg

Now you can activate L2TP and change the IPsec shared key ;

SoftEther-011.jpg.ce3e3ba622023fe3532080ba400fe05d.jpg

The next option is to have Azure cloud VPN service; enabling it will give you another DDNS for free in case the SoftEther DDNS isn’t working. since it’s free, I suggest you enable it! ;

SoftEther-013.jpg.96df157413e27139fe116d8ea34fb3fe.jpg

Finally, you’ll have to create users and select the Ethernet connection for the server (in case you have multiple Ethernet connections) 

Click on “Create Users” and fill out the information and password for the user; you can also generate certificates from the Create user window ;

SoftEther-014.jpg.3839c2436dacb9a56ed1ffb28311e103.jpg
SoftEther-015.jpg.1e4343133b07041cf4908becf20c4645.jpg
SoftEther-016.jpg.de2a82525b4a881f9deb6d373c2a3836.jpg

The VPN connection setup it’s similar to the Windows VPN; simply fill out the information to that you setup on the SoftEther server ;

image.png.2a3acd2881bcef17c241e05840813bdb.png

OpenVPN server

Be aware that OpenVPN is NOT like the Windows VPN server or SoftEther; you will HAVE to go into the command prompt and copy/paste commands; if you’re not comfortable with this, you can consider the previous options.

See also  How to Test the Speed of an SSD or Hard Drive on Windows

Also not that I was not able to make OpenVPN work on my phone, but I was able to have SoftEther and Windows VPN work.

To get the OpenVPN install, follow the link and select the Windows installer ;

Guide taken from https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide

When downloaded, start the installation and select the EasyRSA 2 certificate option ;

OpenVPN-001.JPG.6f4d839cc660aca00c29c156157cb2f8.JPG

Now, open an elevated command prompt window (run as admin) ;

OpenVPN-002.JPG.82b4f6c90e60cf4c80328f51dbbc6c8e.JPG

From the command prompt, navigate to the RSA folder ;

cd "C:\Program Files\OpenVPN\easy-rsa"

Then run the init-config.bat (simply type that in the command prompt) ;

init-config.bat

Next, open the vars.bat file in Notepad;

notepad vars.bat

Then edit the information below (not mandatory; you can put whatever you want ;

set KEY_COUNTRY=US
set KEY_PROVINCE=CA
set KEY_CITY=SanFrancisco
set KEY_ORG=OpenVPN
set KEY_EMAIL=mail@host.domain

Save the file and exit notepad

Now, back in the command prompt, execute the following commands ;

vars.bat

clean-all.bat

Now, you have to build the certificate authority (CA) certificate and key ;

build-ca.bat

During that process, you’ll be asked to fill the following ;

Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:OpenVPN-CA
Email Address [mail@host.domain]:

These will be defaulted to whatever you entered in the notepad. For the Common Name, it’s a good idea to write something.

Now, to build the certificate server and key,

build-key-server.bat server

You will be prompted to fill in similar information; when you get to the Common Name enter SERVER, you can select a password if you want.

When prompted to sign the certificate, choose Y

When prompted to commit, choose Y

Now, to build the client’s keys,

For each client, choose a name to identify that computer, such as “mike-laptop” in this example.

build-key.bat my-laptop

When prompted, enter the “Common Name” as the name you have chosen (I choose “my-laptop”; you can put whatever you want)

Repeat this step for each client computer that will connect to the VPN.

Generate Diffie Hellman parameters. (This is necessary to set up the encryption and can take a few minutes)

build-dh.bat


Generate a shared-secret key (Required when using tls-auth)
 

"C:\Program Files\OpenVPN\bin\openvpn.exe" --genkey --secret "C:\Program Files\OpenVPN\easy-rsa\keys\ta.key"

Copy the sample server configuration file to the easy-rsa folder.

"C:\Program Files\OpenVPN\sample-config\server.ovpn" "C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn"


Edit server.ovpn in notepad.

"C:\Program Files\OpenVPN\easy-rsa\keys\server.ovpn"


In the config file, find the following lines:

ca ca.crt
cert server.crt
key server.key
dh dh2048.pem


And edit them as follows:

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"

Save and close the file

See also  2 Free Software Tools to Recover Your Windows Product Key

Now for the client’s config file, this is similar to the server configuration ;

Copy the sample server configuration file to the easy-rsa folder with the client’s Common Name as the file name (each client will have a different file name)

"C:\Program Files\OpenVPN\sample-config\client.ovpn" "C:\Program Files\OpenVPN\easy-rsa\keys\my-laptop.ovpn"


Edit the client’s config file.

"C:\Program Files\OpenVPN\easy-rsa\keys\mike-laptop.ovpn"


Find the following lines:

ca ca.crt
cert client.crt
key client.key


Edit them as follows:

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\my-laptop.crt"
key "C:\\Program Files\\OpenVPN\\config\\my-laptop.key"

Notice that the name of the client certificate and key files depends upon the Common Name of each client.
You can also include the ca, cert, and key content in the client file. You have to copy the file content inside the tag <ca></ca>, <cert></cert> and <key></key>.
Edit the following line, replacing “my-server” with your server’s public Internet IP Address or Domain Name (see the DDNS section at the start of this post).

remote my-server 1194


Save and close

Copy these files from C:\Program Files\OpenVPN\easy-rsa\keys\ to C:\Program Files\OpenVPN\config\ on the server:

ca.crt
ta.key
dh2048.pem
server.crt
server.key
server.ovpn
"C:\Program Files\OpenVPN\easy-rsa\keys\ " "C:\Program Files\OpenVPN\config\ " ca.crt ta.key dh2048.pem server.crt server.key server.ovpn


NOTE: The space at the end of the path in each string is important.


Copy these files from C:\Program Files\OpenVPN\easy-rsa\keys\ on the server to C:\Program Files\OpenVPN\config\ on each client (my-laptop, in this example):
 
ca.crt
ta.key
my-laptop.crt
my-laptop.key
my-laptop.ovpn

Finally, to start OpenVPN, on both client and server, run OpenVPN from:
Start Menu -> All Programs -> OpenVPN -> OpenVPN GUI.

Double-click the icon which shows up in the system tray to initiate the connection. The resulting dialog should close upon a successful start.

On the server, you will need to go into the services start the OpenVPN service, and change its startup type to automatic ;

OpenVPN-003.JPG.4e9cc39e0e50898e9eea8454d8a62a94.JPG

VPN traffic obfuscation

The only server here that seems to support obfuscation is OpenVPN; if you’re interested in that, then here are some resources that could help ;

https://community.openvpn.net/openvpn/wiki/TrafficObfuscation

https://www.pluggabletransports.info/implement/openvpn/

https://hamy.io/post/000f/obfs4proxy-openvpn-obfuscating-openvpn-traffic-using-obfs4proxy/

https://www.sparklabs.com/support/kb/article/setting-up-an-obfuscation-server-with-obfsproxy-and-viscosity/

5/5 - (1 vote)

Mohamed SAKHRI

I am Mohamed SAKHRI, the creator and editor-in-chief of Tech To Geek, where I've demonstrated my passion for technology through extensive blogging. My expertise spans various operating systems, including Windows, Linux, macOS, and Android, with a focus on providing practical and valuable guides. Additionally, I delve into WordPress-related subjects. You can find more about me on my Linkedin!, Twitter!, Reddit

Leave a Comment