In a previous tutorial, we learned how to create an OpenVPN server on an Alibaba ECS instance. To create an encrypted tunnel between the local machine and the remote server we will also need a VPN client. Therefore, we will learn how to install and configure the OpenVPN GUI client on a computer running the Windows 10 operating system.
Install the OpenVPN Client
Go to OpenVPN’s official download page. Scroll down until you find the download links. At the moment of writing the tutorial, they looked like this:
The web address, aspect of the page or links may change in the future, so look for anything mentioning an “installer” or “setup”, and a file that ends with “.exe”, pertaining to the OpenVPN GUI or client.
After you download the executable file, run the installer:
In the “Choose Components” step, leave the default selections as they are:
Import the .ovpn Client Profile
After you’ve finished installing the OpenVPN GUI client, open the program, either by double clicking on the icon that has been added to the desktop, or by pressing the Windows logo key to bring up the Start Menu, and then typing “openvpn”.
The result of this action may confuse some users because nothing seems to happen after launching the application. But actually, the utility opens in the background and adds an icon to the taskbar system tray, in the bottom-right corner. The icon you should look for has been highlighted in yellow in the following picture:
In some cases, this icon may be automatically hidden, but you can click on the arrow pointing up ^ to show the hidden icons.
Right-click on the OpenVPN system tray icon and select Import file…:
Browse to the location where you saved your “.ovpn” profile and import it. A dialog should appear, mentioning that the file has been imported successfully. Now, when you right-click on the tray icon, the menu will have additional items available:
Manage OpenVPN Connections
From the menu mentioned earlier, click on Connect. A dialog will open showing some status messages, as the OpenVPN server and client communicate. The dialog quickly closes when the connection is successful but you can reopen it by right-clicking on the system tray icon and selecting Show Status.
Fix DNS Leaks
A DNS query, explained in a condensed and oversimplified form, is simply your computer asking a server “What is the IP address of example.com?”. In an optimal setup, a DNS query should first get encrypted on your local computer and then sent to your VPN server. This way, your Internet Service Provider (ISP) or users on your local network cannot capture and read these queries to see what sites you are visiting.
If you go to https://ipleak.net/, you may notice DNS servers from your ISP appearing on that list. Sometimes they may not pop up at first try, but if you reload the page a few times, they’re bound to appear. That shouldn’t happen when you’re tunneling Internet traffic through a VPN. In most setups, the OpenVPN server tells your client what DNS servers to use and the client configures the local network settings accordingly. However, Windows 10 in an attempt to speed up DNS queries, tries to spread out DNS requests to the fastest resolvers it can find, bypassing the network settings set by your VPN client. Another way DNS can leak is if your router advertises itself as a resolver on your local network. Because of this, your computer will send a DNS query to your router, in unencrypted form, and the router will send it to the ISP, also unencrypted.
For privacy reasons, you may want to avoid these leaks of information. Right-click on the OpenVPN GUI and Disconnect. Then right-click again and select Edit Config. Scroll down to the end of the file and add this line:
Connect to your OpenVPN server again and then refresh the https://ipleak.net/ site. The only DNS servers that should appear on that list now, should be those pushed by your server to your client.
There are two potentially useful settings you can enable. Right-click on the system tray icon and select Settings…, then in the window that pops up tick the box that says Launch on Windows startup. This way the OpenVPN GUI utility can automatically launch and add itself to the system tray area, every time Windows boots up.
The other useful setting you can tick is Append to log. Normally, the OpenVPN client only keeps a log file of the last session. But at some point in the future, you may need to consult status messages of previous sessions you opened. This might help you find out when a particular problem started, keep track of the times you opened and closed sessions, etc.
Delete Imported Client Profiles
While it’s easy to import OpenVPN profile files, it’s not immediately obvious how to remove them. In the options dialog, if you go to the Advanced tab you will find out where profile and log files are stored:
By opening Windows Explorer and navigating to that location, you can delete connection profiles. Delete the directory containing your .ovpn file, not the file itself:
If an OpenVPN session is open and using that file, you must first disconnect, otherwise you will get this error: