All posts by Don Matteo

lebt in der Schweiz, ist System Engineer MCP bei A-Enterprise GmbH. Mitglied des UNBLOG Knowledge Network. Author und Blogger zu den Themen, Tutorials für Linux und Open Source.
Howto Tutorials (EN)

How to Install OpenVPN Client

Home
Leave a comment

Setting Up and customize OpenVPN Client on Windows, macOS and Linux

VPN (Virtual Private Network) is becoming more and more widely used. OpenVPN is a free application for building a virtual private network over an encrypted TLS connection. The increasingly popular OpenVPN client enables VPN connections to access its data from anywhere, for example, when working in the home office, or with a private cloud.

This article shows the client deployment and use of OpenVPN. OpenVPN is available for free for many operating systems, in addition to Windows there is a client for macOS, for iOS, Linux and Android devices.

How to do it

Content

OpenVPN client install on Windows

The OpenVPN client can be deployed from the Windows Package Manager using winget ran in the command prompt.

C:\> winget install --id OpenVPNTechnologies.OpenVPN

OpenVPN for Windows can also be downloaded from the community website here, on Windows 10 with double-clicking OpenVPN-2.5.0-I601-amd64.msi start the setup.

Choose Customize to goes through the setup wizard, because here only the client components are needed, we choose the selection.

Continuous Installing OpenVPN..

OpenVPN Installing Completed.

Start OpenVPN

A glance at the taskbar shows now the OpenVPN icon

OVPN configuration import at the client

The OpenVPN Access Server is available for Windows, Linux and FreeBSD, and there are an increasing number of devices that can be used as OpenVPN servers, such as pfSense and OPNsense or OpenWrt, from commercial manufacturer like Sophos formerly Astaro or Synology NAS and many more.

The file with the configuration for the client, such as openvpn.zip, which was previously exported on the VPN server or router need to unpacked, the files ca.crt, README.txt and VPNConfig.ovpn are usually extracted.

The configuration file here in this example VPNConfig.ovpn may have a different file name. Hint! if you change the file name to i.e. office-davos.ovpn, then this name appears in the context menu at connection.

The file VPNConfig.ovpn usually has to be open in an editor, for this I use Notepad and change YOUR_SERVER_IP to the public IP address of the VPN gateway, or the firewall on which is the NAT mapping to the VPN termination device.

After saving VPNConfig.ovpn, the configuration is imported.

Right-clicking above the icon in the Systemtry opens the context menu from which you choose to import file.

Figure: Importing OpenVPN Connection

Tip! If you rename the file VPNConfig.ovpn eg. Home-Office.ovpn, the corresponding name appears as the target in the Connect context menu.

Connecting from the context menu prompts to enter the user and password, which is the user on the VPN Router or with use LDAP authentication the user on the server.

Figure: OpenVPN Connection

If the connection is successful, the OpenVPN icon will appear green.

Useful post on this topic can be found in OpenVPN Connection Script
you might also be interested in OpenVPN Connect using on iPhone and Android

OpenVPN client setup on macOS

OpenVPN Connect v3 Client for macOS is a complete installation program for macOS, after the installation the ovpn file can be imported for an OpenVPN connection to an access server. If the downloaded OpenVPN Connect v3 for macOS is installed on a Mac on which OpenVPN Connect v3 is already installed and configured, it will be updated to the new version with all settings retained.

OpenVPN Installer on macOS Catalina
OpenVPN Connect for macOS Import and Edit
OVPN file import on macOS catalina.

Deploy OpenVPN client on Linux

With the standard installation, OpenVPN is usually already installed together with the network management tools, in this case you can go directly to Import OVPN configuration file below. The easiest way to deploy the OpenVPN client using the package management system is to run the following commands as root on a Red Hat based Linux distribution such as Fedora or CentOS:

[sam@fedora ~]$ sudo su -
[sudo] password for sam
[root@fedora ~]# dnf install openvpn

Install the OpenVPN on Debian and Ubuntu based distributions as follows:

[sam@debian ~]$ sudo su -
[sudo] password for sam
[root@debian ~]# apt-get install openvpn

Running the OpenVPN client with the downloaded configuration file, using the -config argument to pass the configuration file:

openvpn -config VPNConfig.ovpn

The configuration file here in this example VPNConfig.ovpn may have a different file name. Hint! if you change the file name to i.e. office-davos.ovpn, then this name appears in the context menu at connection

The connection can also be established via a GUI client, to install the OpenVPN GUI from the shell:

sudo apt-get install network-manager-openvpn-gnome

Import OVPN configuration file

Now you can call the Connection Manager by clicking on the network icon – VPN Connections – Configuring VPN.

Illustration: OpenVPN GUI Ubuntu

By clicking on Add – Import Saved VPN Configuration – Create a new VPN connection. The next step is to import the previously downloaded VPNConfig.ovpn file. The connection can now be started from the taskbar.

For Linux Mint with Cinnamon desktop, you click on the network icon in the taskbar and go to network settings.

Click + to create a new network connection.

Import saved VPN configuration from the VPNConfig.ovpn file. After entering the user and password, the saved connection can be started in the taskbar.

Import the OVPN file via the Network Manager of Linux Mint and Cinnamon Desktop.

OVPN file import by Network Manager at Linux Mint Cinnamon desktop.
Howto Tutorials (EN)

Windows cannot connect to the printer

Home
Leave a comment

Do you Trust this Printer? Windows cannot connect to the printer. Operation 0x00000006 failed

If you try adding a network printer, the error message appears “Windows cannot connect to the printer”, then may this post can help to solve this issue.

PrintNightmare Printer Issues due to August cumulative update

Windows updates released August 10, 2021 and later will, by default, require administrative privilege to install drivers. Underlying a serious vulnerability in the Windows print spooler (CVE-2021-1678), Microsoft released a patch that was distributed through the August cumulative update. This leads to problems with printing for many users.

With the August Update, the vulnerability has been closed by requiring the installation of printer drivers via administrative rights by default. If there is a newer driver on the server than on the client, the client will attempt to update it by prompting you to enter an admin password.

In fact, the only solution is to reset the behavior back to the state it was before the August update.

Registry Changes default behavior

Microsoft provide an new registry key for this, this is the Key RestrictDriverInstallationToAdministrators with a value of 0 to allow users to install printer drivers. The key does not exist by default. Run by group policy or from script to open a command prompt as administrator and pasting as follows.

REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint" /v RestrictDriverInstallationToAdministrators /t REG_DWORD /d 0 /f

  This measure removes protection against exploits of CVE-2021-1678. Microsoft therefore recommends this step only temporarily to avoid work interruptions.

  A reboot is not required when creating or changing this registry value.

Change behavior of Point and Print Restrictions to trusted servers via group policy

Specify trusted servers with the group policy Point-and-Print-Restrictions under Computer Configuration => Policies => Administrative Templates => Printer.

Restore path to printer driver in registry

Using Windows Printer Shares on a Server, it can happen when adding a network printer, it fails by the client, the reason is that the installation wizard no longer find the printer driver in the local driver store. The wizard looks for the directory path to the printer driver in the registry Key InfPath.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\

Now that the path to the printer driver is no longer valid, the path must be searched in the registry of the server, here in this example it is the printer Sharp MX-C401 PCL6, which saves the path to the printer driver with the INF file in the Key InfPath, the path is here as follows:

C:\Windows\System32\DriverStore\FileRepository\sn0emdeu.inf_amd64_284362ba62125445\

The path is inserted in the Key InfPath as a value, which is probably empty, where the change requires admin rights, regedit.exe run as an administrator, or temporarily grant the user admin rights.

  If there is another printer on the client with the same driver, this value can be copied by InfPath, and the printer with an invalid value, or where the value is empty, can be pasted by double-clicking InfPath.

Installing printers manually

Now open the administrative share print$ to the print server on the client, where the printer drivers of the server are located.

For example, \\SERVER02\print$

Under the print$ share are the printer drivers of the installed printers on the print server. In our example at \\SERVER02\print$\x64\PCC are printer drivers for the Windows 64 bit system architecture.

Search here for the appropriate CAB archive file that has the same driver, i.e. file name, as the file in the RegistryKey InfPath,here is sn0emdeu.inf.

Unzip the compressed CAB archive file matching the printer from the print$ share with 7-Zip and copy the files to the path taken from InfPath.

Connecting and adding network printers is now possible as usual.

  Another simple solution is to add a new printer installed via printer, where by selecting LPT1 as the port, even if LPT1 does not exist, it is re-entered correctly when the path is installed in the InfPath registry key, so that the printer connection to network printers works again, the previously installed printer on LPT1 can be deleted with Device Removal.

  Note. Windows Update KB5005652, released on August 10, 2021, requires administrator privileges by default to install drivers. This change has been made the default behavior to minimize risk on all Windows devices.