{"id":4481,"date":"2022-03-08T13:23:34","date_gmt":"2022-03-08T06:23:34","guid":{"rendered":"https:\/\/adhi.widjajanto.net\/blog\/?p=4481"},"modified":"2022-03-08T13:23:35","modified_gmt":"2022-03-08T06:23:35","slug":"openvpn-server-di-windows-11","status":"publish","type":"post","link":"https:\/\/adhi.widjajanto.net\/blog\/2022\/03\/08\/openvpn-server-di-windows-11\/","title":{"rendered":"OpenVPN Server di Windows 11"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/OpenVPN_logo.svg_.png\"><img decoding=\"async\" width=\"1024\" height=\"188\" data-src=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/OpenVPN_logo.svg_-1024x188.png\" alt=\"\" class=\"wp-image-4489 lazyload\" data-srcset=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/OpenVPN_logo.svg_-1024x188.png 1024w, https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/OpenVPN_logo.svg_-300x55.png 300w, https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/OpenVPN_logo.svg_-768x141.png 768w, https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/OpenVPN_logo.svg_-1536x283.png 1536w, https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/OpenVPN_logo.svg_-2048x377.png 2048w\" data-sizes=\"(max-width: 1024px) 100vw, 1024px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/188;\" \/><\/a><\/figure>\n\n\n\n<p>Karena pengen aman, ga mau redirect NVR ke Internet, saya pilih pasang VPN server buat bisa cek NVR dari mana saja. Dulu waktu pakai Linux, pasang OpenVPN berasa tinggal klik next juga udah kelar. Kali ini mesin di rumah saya ganti pakai Windows, install OpenVPN jadi super duper ribet. Saya coba catat di sini sebagai referensi.<\/p>\n\n\n\n<p>Saya mengikuti cara dari <a href=\"https:\/\/supporthost.in\/how-to-install-and-configure-openvpn-on-windows-11\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">SupportHost<\/a>, cuman hanya bisa berfungsi untuk Windows &#8211; Windows karena pakai driver WinTAP. Untuk Windows &#8211; Android harus pakai driver WinTUN. Maka ada beberapa konfigurasi yang harus diubah.<\/p>\n\n\n\n<!--more-->\n\n\n\n<h2 class=\"wp-block-heading\">Bagian Server<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Install OpenVPN Server<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Download dari <a href=\"https:\/\/openvpn.net\/community-downloads\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">sini<\/a><\/li><li>Custom Install, semua opsi dipilih<\/li><li>Cek apakah driver OpenVPN Wintun terinstall<\/li><li>Dari jendela Services cek apakah <strong>OpenVPNService<\/strong> terinstall dan running<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/openvpn-wintun.png\"><img decoding=\"async\" width=\"602\" height=\"373\" data-src=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/openvpn-wintun.png\" alt=\"\" class=\"wp-image-4487 lazyload\" data-srcset=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/openvpn-wintun.png 602w, https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/openvpn-wintun-300x186.png 300w\" data-sizes=\"(max-width: 602px) 100vw, 602px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 602px; --smush-placeholder-aspect-ratio: 602\/373;\" \/><\/a><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Bikin File CA (Cert &amp; Key)<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Copas file <strong>vars.example<\/strong> jadi <strong>vars<\/strong> di <strong>C:\\Program Files\\OpenVPN\\easy-rsa<\/strong><\/li><li>Edit file vars, sesuaikan SSL recordnya (Country, Province, dst), simpan<\/li><li>Jalankan <strong>EasyRSA-Start.bat<\/strong>, akan masuk ke konsol EasyRSA<\/li><li>Jalankan command <strong>.\/easyrsa init-pki<\/strong> (akan membuat direktori pki)<\/li><li>Jalankan command <strong>.\/easyrsa build-ca nopass<\/strong> (akan membuat file ca.crt di direktori pki)<\/li><li>Jalankan command <strong>.\/easyrsa build-server-full SERVER nopass<\/strong> (akan membuat file SERVER.crt di direktori pki\\issued)<\/li><li>Jalankan command <strong>openssl verify -CAfile pki\/ca.crt pki\/issued\/SERVER.crt<\/strong> untuk verifikasi<\/li><li>Jalankan command <strong>.\/easyrsa build-client-full CLIENT nopass<\/strong> (akan membuat file CLIENT.crt di direktori pki\\issued. Bikin lagi yang lain jika perlu lebih dari satu concurrent connection)<\/li><li>Jalankan command <strong>openssl verify -CAfile pki\/ca.crt pki\/issued\/CLIENT.crt<\/strong> untuk verifikasi<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Bikin File TLS Key<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Download ZIP file file Easy-TLS dari <a href=\"https:\/\/github.com\/TinCanTech\/easy-tls\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">sini<\/a><\/li><li>Unzip dan copas file easytls ke <strong>C:\\Program Files\\OpenVPN\\easy-rsa<\/strong><\/li><li>Kembali ke konsol EasyRSA<\/li><li>Jalankan commmand <strong>.\/easytls init-tls<\/strong><\/li><li>Jalankan commmand <strong>.\/easytls build-tls-auth<\/strong> (akan membuat file tls-auth.key di direktori pki\\easytls)<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Bikin File Diffie-Hellman Key<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Jalankan command <strong>.\/easyrsa gen-dh <\/strong>(akan membuat file dh.pem di direktori pki)<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Bikin File server.ovpn<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Copas file <strong>server.ovpn<\/strong> dari <strong>C:\\Program Files\\OpenVPN\\sample-config<\/strong> ke <strong>C:\\Program Files\\OpenVPN\\config-auto\\<\/strong> dan edit<\/li><li>Parameter port 1194 ganti jadi <strong>port 8xxx <\/strong>(untuk menambah keamanan)<\/li><li>Parameter proto udp ganti jadi <strong>proto udp4 <\/strong>(udp saja tidak jalan, harus udp4 yang menandakan IPv4)<\/li><li>Comment parameter dev tap, uncomment parameter <strong>dev tun<\/strong><\/li><li>Tambahkan parameter <strong>windows-driver wintun<\/strong><\/li><li>Uncomment parameter <strong>dev-node &#8220;OpenVPN Wintun&#8221;<\/strong>, yang ini samakan dengan nama driver di Network Config<\/li><li>Parameter ca, cert, key, dh, dan tls-auth disesuaikan dengan file-file yang di generate dari langkah sebelumnya<\/li><li>Uncomment parameter <strong>push &#8220;redirect-gateway def1 bypass-dhcp&#8221;<\/strong><\/li><li>Uncomment parameter <strong>push &#8220;dhcp-option DNS x.x.x.x&#8221; <\/strong>(ubah sesuai dengan DNS Internet yang dipakai)<\/li><li>Uncomment parameter <strong>push &#8220;route x.x.x.x 255.255.255.0&#8221; <\/strong>dan ubah IP nya sesuai dengan IP LAN. Ini berfungsi untuk routing dari IP VPN ke LAN. Perlu tambahan setting nanti di Gateway<\/li><li>Parameter cipher AES-256-CBC ganti dengan <strong>cipher AES-256-GCM <\/strong>(yang CBC akan memunculkan warning)<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Edit Windows Firewall Rule<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Buka Power Shell di Admin Mode<\/li><li>Jalankan command <strong>New-NetFirewallRule -DisplayName &#8220;OpenVPN&#8221; -Direction inbound -Profile Any -Action Allow -LocalPort 8xxx -Protocol UDP<\/strong><\/li><li>Disable WinTUN dari firewall (lihat gambar)<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/openvpn-disable-firewall-wintun.png\"><img decoding=\"async\" width=\"736\" height=\"658\" data-src=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/openvpn-disable-firewall-wintun.png\" alt=\"\" class=\"wp-image-4483 lazyload\" data-srcset=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/openvpn-disable-firewall-wintun.png 736w, https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/openvpn-disable-firewall-wintun-300x268.png 300w\" data-sizes=\"(max-width: 736px) 100vw, 736px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 736px; --smush-placeholder-aspect-ratio: 736\/658;\" \/><\/a><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Edit Gateway Routing dan Port Forwarding:<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Buka konsol gateway modem<\/li><li>Tambahkan Static Routing (lihat gambar)<\/li><li>Tambahkan Port Forwarding (ihat gambar)<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/openvpn-gateway.png\"><img decoding=\"async\" width=\"523\" height=\"222\" data-src=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/openvpn-gateway.png\" alt=\"\" class=\"wp-image-4484 lazyload\" data-srcset=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/openvpn-gateway.png 523w, https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/openvpn-gateway-300x127.png 300w\" data-sizes=\"(max-width: 523px) 100vw, 523px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 523px; --smush-placeholder-aspect-ratio: 523\/222;\" \/><\/a><figcaption>Static Routing<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/openvpn-gateway-port-forwarding.png\"><img decoding=\"async\" width=\"438\" height=\"403\" data-src=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/openvpn-gateway-port-forwarding.png\" alt=\"\" class=\"wp-image-4485 lazyload\" data-srcset=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/openvpn-gateway-port-forwarding.png 438w, https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/openvpn-gateway-port-forwarding-300x276.png 300w\" data-sizes=\"(max-width: 438px) 100vw, 438px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 438px; --smush-placeholder-aspect-ratio: 438\/403;\" \/><\/a><figcaption>Port Forwarding<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Enable Routing and Remote Access<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Dari jendela Services, ubah <strong>Routing and Remote Access <\/strong>startup type jadi <strong>Automatic<\/strong>, kemudian <strong>Start <\/strong>service nya <\/li><li>Buka regedit, di <strong>HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters<\/strong><\/li><li>Edit <strong>IPEnableRouter<\/strong> jadi 1<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reboot server<\/h3>\n\n\n\n<!--nextpage-->\n\n\n\n<h2 class=\"wp-block-heading\">Bagian Client, Windows<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Install OpenVPN<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Install program yang sama dipakai oleh server<\/li><li>Custom Install, pilih opsi OpenVPN GUI dan Drivers nya saja<\/li><li>Copas dari server file ca.crt, CLIENT.crt, CLIENT.key, dan tls-auto.key ke dalam direktori C:\\Program Files\\OpenVPN\\config di mesin client<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Bikin client.ovpn<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Copas file <strong>client.ovpn <\/strong>dari <strong>C:\\Program Files\\OpenVPN\\sample-config<\/strong> ke <strong>C:\\Program Files\\OpenVPN\\config\\ <\/strong>dan edit<\/li><li>Comment parameter dev tap, uncomment parameter <strong>dev tun<\/strong><\/li><li>Tambahkan parameter <strong>windows-driver wintun<\/strong><\/li><li>Uncomment parameter <strong>dev-node &#8220;OpenVPN Wintun&#8221;<\/strong><\/li><li>Parameter proto udp ganti jadi <strong>proto udp4<\/strong><\/li><li>Parameter <strong>remote xxxx.xxxx.xxxx.net.id 8xxx <\/strong>(URL remote IP server dan port nya)<\/li><li>Parameter ca, cert, key, dan tls-auth disesuaikan dengan file-file yang di copy dari server<\/li><li>Parameter cipher AES-256-CBC ganti dengan <strong>cipher AES-256-GCM<\/strong><\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Bagian Client, Android<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Install OpenVPN Connect<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Install dari <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=net.openvpn.openvpn&amp;hl=en&amp;gl=US\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">PlayStore<\/a><\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Bikin File-file Untuk Android<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Copas <strong>client.ovpn <\/strong>yang buat Windows, edit parameter ca, cert, key, dan tls-auth tanpa direktori<\/li><li>Copas client.ovpn, ca.crt, CLIENT.crt, CLIENT.key, dan tls-auth.key ke satu direktori di Android<\/li><li>Import file <strong>client.ovpn <\/strong>dari OpenVPN Connect<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/Screenshot_2022-03-08-13-12-49-640_net.openvpn.openvpn.jpg\"><img decoding=\"async\" width=\"473\" height=\"1024\" data-src=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/Screenshot_2022-03-08-13-12-49-640_net.openvpn.openvpn-473x1024.jpg\" alt=\"\" class=\"wp-image-4488 lazyload\" data-srcset=\"https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/Screenshot_2022-03-08-13-12-49-640_net.openvpn.openvpn-473x1024.jpg 473w, https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/Screenshot_2022-03-08-13-12-49-640_net.openvpn.openvpn-138x300.jpg 138w, https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/Screenshot_2022-03-08-13-12-49-640_net.openvpn.openvpn-768x1664.jpg 768w, https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/Screenshot_2022-03-08-13-12-49-640_net.openvpn.openvpn-709x1536.jpg 709w, https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/Screenshot_2022-03-08-13-12-49-640_net.openvpn.openvpn-945x2048.jpg 945w, https:\/\/adhi.widjajanto.net\/blog\/wp-content\/uploads\/2022\/03\/Screenshot_2022-03-08-13-12-49-640_net.openvpn.openvpn.jpg 1080w\" data-sizes=\"(max-width: 473px) 100vw, 473px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 473px; --smush-placeholder-aspect-ratio: 473\/1024;\" \/><\/a><\/figure>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Karena pengen aman, ga mau redirect NVR ke Internet, saya pilih pasang VPN server buat bisa cek NVR dari mana saja. Dulu waktu pakai Linux, pasang OpenVPN berasa tinggal klik next juga udah kelar. Kali ini mesin di rumah saya ganti pakai Windows, install OpenVPN jadi super duper ribet. Saya&#46;&#46;&#46;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[9,8],"tags":[338,308,340,337,339],"class_list":["post-4481","post","type-post","status-publish","format-standard","hentry","category-diy","category-it-freaks","tag-android","tag-openvpn","tag-routing","tag-windows-11","tag-wintun"],"_links":{"self":[{"href":"https:\/\/adhi.widjajanto.net\/blog\/wp-json\/wp\/v2\/posts\/4481","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/adhi.widjajanto.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/adhi.widjajanto.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/adhi.widjajanto.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/adhi.widjajanto.net\/blog\/wp-json\/wp\/v2\/comments?post=4481"}],"version-history":[{"count":2,"href":"https:\/\/adhi.widjajanto.net\/blog\/wp-json\/wp\/v2\/posts\/4481\/revisions"}],"predecessor-version":[{"id":4490,"href":"https:\/\/adhi.widjajanto.net\/blog\/wp-json\/wp\/v2\/posts\/4481\/revisions\/4490"}],"wp:attachment":[{"href":"https:\/\/adhi.widjajanto.net\/blog\/wp-json\/wp\/v2\/media?parent=4481"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/adhi.widjajanto.net\/blog\/wp-json\/wp\/v2\/categories?post=4481"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/adhi.widjajanto.net\/blog\/wp-json\/wp\/v2\/tags?post=4481"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}