0

I've installed Firebird 3 on a Windows server 2012 10 vps on local port 3050.I need to create from anothere computer a secure connection to db/port by internet. Tried also Openvpn but not able to configure it,I have no experience using vpn. please be kind,need some help.thanks

mrapi
  • 143
  • 2
  • 8
  • You're not providing enough details. What OS are you using? How is it configured? What are you trying to do? What did you try? Where did it fail? What are the error messages? – wazoox Mar 29 '19 at 16:53
  • Hi.OS is Windows server 2012. on youtube I've found couple tutorial for setup openvpn but all required one configuration file downloaded from somewhere ..there I give up – mrapi Mar 29 '19 at 16:56
  • There are documentations for openvpn. But you didn't even mention what OS you're using as a client and what is your VPS OS. Your question hasn't got any of the relevant details. – wazoox Mar 29 '19 at 16:59
  • now I edit main post – mrapi Mar 29 '19 at 17:00

1 Answers1

1

OK, so you want to set up OpenVPN server on your Windows 2012 VPS, and connect from a client (undetermined).

It's absolutely required to master basic command line usage, configuration files edition and similar administrative tools before proceeding.

Get the OpenVPN installer from the official website.

You'll need to manage certificates, the easiest way is to use EasyRSA

1° Installing

Install OpenVPN. You must install the OpenSSL components too.

Set up easyRSA (see the README included in the package), basically:

Open a command prompt:

cd "C:\Program Files\OpenVPN\easy-rsa"
init-config.bat

Edit the vars.bat file and set up the variables to something matching your country and other parameters:

set KEY_COUNTRY=FR
set KEY_PROVINCE=IDF
set KEY_CITY=Paris
set KEY_ORG=Mywebsite.com
set KEY_EMAIL=mail@mywebsite.com
set KEY_CN=<Machine Name>
set KEY_NAME=<Machine Name>
set KEY_OU=ICT
set PKCS11_MODULE_PATH=changeme
set PKCS11_PIN=1234

Then run it (I suppose you're still in the right directory):

vars.bat
clean-all.bat

And create your Certificate Authority (CA):

build-ca.bat

Then generate the certificate for your server:

build-key-server.bat server

Accept defaults for all question and reply "y" to the question "sign the certificate".

After that you'll have to create certificate for all the clients that can connect to your VPN:

vars.bat
build-key.bat <client name>

In that case of course replace when asked the machine name by something proper for your client machine ("mrapi_PC" or something similar). last generate the DH parameters:

build-dh.bat

And copy the certificates and keys to the OpenVPN config directory:

copy *.pem *.crt *.key C:\Program Files\OpenVPN\config

Now go to "Service management" and start or restart OpenVPN service. Don't forget to enable it at boot!

2° Server Configuration

Copy the sample configuration files to have a base to work from:

copy "C:\Program Files\OpenVPN\sample-config\server.ovpn" "C:\Program Files\OpenVPN\config"
copy "C:\Program Files\OpenVPN\sample-config\client.ovpn" "C:\Program Files\OpenVPN\config"

Edit the server.ovpn file and replace the "ca", "cert", "key" and "dh" lines with the path to the files you copied earlier on:

# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca "C:\\Program Files\\OpenVPN\\config\\myca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\myserver.crt"
key "C:\\Program Files\\OpenVPN\\config\\myserver.key" 

# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh2048.pem 2048
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"

3° Client Configuration

Edit the file C:\Program Files\OpenVPN\config\client.ovpn we created in chapter 2.

Locate the following line:

remote my-server-1 1194

and replace it with your public IP address or hostname that your clients will use to connect to your OpenVPN server, for example:

remote vpn.mydomain.com 1194

That's it. Copy the client.ovpn file to the client machine.

4° Firewall

Don't forget to open the firewall port 1194/UDP on your VPS to allow OpenVPN to connect.

5° Client

I suppose your client is Windows. Simply install OpenVPN like in section 1 and start the GUI, open the "client.ovpn" file. It should create a network connection to your VPS. From there, all your VPS services (including Firebird) should be accessible until you close down the VPN connection.

This answer was mainly lifted from this website.

wazoox
  • 6,782
  • 4
  • 30
  • 62
  • Hi.thanks for your answer.got tis error when running vars.bat: system was unable to find the specified registry key or value.(installer and command Run as Admin) – mrapi Mar 30 '19 at 12:23
  • Hi.are you kind to help me using easy-rsa v3.I've followed steps from here: https://github.com/OpenVPN/easy-rsa/blob/master/README.quickstart.md but can't get any .ovpn file.thanks – mrapi Apr 04 '19 at 10:11
  • 1
    @mrapi see step 2 in my answer. Use the examples provided and edit them as necessary. – wazoox Apr 05 '19 at 11:51
  • 1
    solved using your help and steps from there: https://www.sys-dev.cat/blog/3/ thanks – mrapi Apr 14 '19 at 09:03
  • just a question:on client side I copy needed files and couple setup into configuration file and that's all,but there is no password required,anyone can copy these files and install a client vpn on another machine,is there a way to secure that on client side?thanks – mrapi Apr 25 '19 at 08:18
  • @mrapi no that's on the server side that you set up the password. – wazoox Apr 29 '19 at 14:36
  • 1
    Hi indeed,I've regenerated needed files omitting [nopass] and works.thanks – mrapi Apr 29 '19 at 16:53