You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Windows

Installing

  1. Download the Windows OpenVPN installer from: https://openvpn.net/index.php/open-source/downloads.html
  2. Run the installer
    1. During the installation process, a second installer for the TAP/TUN driver will start. You also need to install this driver.
    2. When asked to select components of the OpenVPN installation, you do NOT need the easy-rsa component.
    3. You may also want to check, under Advanced, to not remember passwords.
    4. Whether or not to have the OpenVPN gui start at login is up to you.
  3. If you wish to be able to run OpenVPN as a non-administrative user:
    1. Add the user to the "Network Configuration Operators" group
      1. For Windows10, login as an administrative user.
      2. Right click the Start menu
      3. Choose "Computer Management"
      4. In the left tab, expand Computer Management, System Tools, Local Users and Groups, Groups
      5. In the right tab, double click "Network Configuration Operators"
      6. Click "Add"
      7. Type in the username or domain\username and click "OK"
      8. Again click "OK"
      9. The user will need to re-login if already login'ed to the computer
    2. Download and install the "subinacl" tool from microsoft.com
    3. Start an administrative command prompt

    4. Run (filling in the non-administrative username or DOMAIN\username for "[username]" below) -- example is for 64-bit Windows:

      cd "C:\Program Files (x86)\Windows Resource Kits\Tools
      subinacl /SERVICE "OpenVPNService" /GRANT=[username]=TO

  4. Obtain config files and keys for your netid from CNF Computing. Store those in a folder someplace (eg on your desktop).

Connecting

  1. Open the folder with your config files.
  2. Right-click the config file, usually named: cnf510-[netid].ovpn
  3. Choose "Start OpenVPN on this config file"
  4. For AUTH username, enter your netid
  5. For AUTH password, enter in a code from your DUO token, or enter in an alias for the device you want DUO to call or push via the DUO app
    1. Aliases for devices can be found at: https://twostep.netid.cornell.edu
  6. To disconnect, close the terminal window that opened

 

  • No labels