There are many great games from the past that we could play with our friends. Unfortunately, many of these games don't support internet properly anymore as they rely on an online service that has been shut down. While we could use a service like Hamachi or Tunggle to create a virtual network, it is much more sensible to set up our own VPN, as we then have control over our own virtual network. In this guide we will be setting up OpenVPN with a focus on playing games on Microsoft Windows.
OpenVPN on the server
First, we will install OpenVPN together with easy-rsa for certificate management:
emerge -a openvpn easy-rsa
OpenVPN uses TSL/SSL to encrypt the traffic between the server and clients. Therefore we have to set up our own certificate authority (CA) to hand out certificates to the users of our VPN. First copy the template directory from easy-rsa to our home directory:
cp -a /usr/share/easy-rsa ~/certs cd ~/certs
We have to modify some variables inside the certs folder we have just created.
First rename the example file
mv vars.example vars
Next, we will have to edit the default settings for new certificates, including properties like the country, the province, the city, the organisation name and the e-mail address.
Those can be found at the bottom of the
Once you have edited the variables, you want to source the file:
We want to ensure that we start in a clean environment:
Build the CA as follows and press ENTER for each field that is being prompted, as the tool will use the variables from
Now we will build a server certificate and key pair:
Once again, the prompts will use the values in
Therefore you can simply press ENTER again.
Make sure to not enter a challenge password when prompted.
When asked to sign and commit the certificate, enter y.
Next, we generate strong Diffie-Hellman keys to use during the key exchange:
Finally, we generate an HMAC signature:
openvpn --genkey --secret keys/ta.key
Now that the keys have been generated, copy them to the OpenVPN directory:
cp ca.crt games.crt games.key ta.key dh2048.pem /etc/openvpn
Add the following to
/etc/openvpn/games.conf to tell OpenVPN where to find the certificate and keys to use:
ca certs/keys/ca.crt cert certs/keys/games.crt key certs/keys/games.key dh certs/keys/dh2048.pem
We will also be using the default port, UDP over both IPv4 and IPv6 and the TAP interface:
port 1194 proto udp proto udp6 dev tap user nobody group nobody
We will set up OpenVPN to allocate IPs from 10.42.42.0/24 for our clients and allow client-to-client communication over the network:
server 10.42.42.0 255.255.255.0 client-to-client push "route 10.42.42.0 255.255.255.0" push 10.42.42.0 255.255.255.0 push "route-metric 512" push "route 0.0.0.0 0.0.0.0" topology subnet
To make sure that we can configure static IPs for our clients, we tell OpenVPN where to find the list of persistent IPs:
persist-key ifconfig pool-persist games-ips.txt
We also enable compression and connection keepalive:
keepalive 10 120 comp-lzo
Finally, we tell OpenVPN where to store the log files:
status /var/log/openvpn/games-status.log log /var/log/openvpn/games.log verb 4
After OpenVPN has been configured we set up the service and start it:
ln -s /etc/init.d/openvpn /etc/init.d/openvpn.games /etc/init.d/openvpn.games start rc-update add openvpn.games default
Generating client certificates
While it is recommended to generate a client certificate and key pair on the client itself and then to sign the certificate by the server/CA, it is also possible to generate a client certificate and key pair on the server for simplicity.
Browse to the directory that we previously created to generate the server certificate and key pair and source the
cd ~/certs source vars
build-key shell script we can generate client certificate and key pairs for as many clients as we like.
For instance, to create one for a client named
client1, run the following command:
We can also create a certificate and key pair that is password-protected using:
Make sure that the client has the
Signing client certificates
To sign a certificate request,
client1.csr for example, run the following command:
./sign-req --sign client1.csr
This should result in a client certificate
client1.crt to send to the client.
Adding static IPs
We can assign static IPs to our clients by adding them to the
For instance, to always assign IP 10.42.42.2 to
client1, we have to add the following entry:
Setting up the client
Download and install the OpenVPN client from the OpenVPN website.
Then browse to where OpenVPN is installed and create a
Download the server certificate
ca.crt to this directory.
Using easy-rsa, we can generate the client certificates as mentioned before:
cd easy-rsa source vars ./build-key client1
This should generate a private key
client1.key and a certificate request
We have to send the
client1.csr to the server to sign it.
Once it is signed, we can get the actual certificate
client1.crt to store in our
Alternatively, the server can also generate a certificate and private key pair.
Finally, we create a client config in the
config directory to connect with the OpenVPN server.
Add the following to
client dev tap proto udp remote example.com 1194 resolv-retry infinite nobind persist-key ca ca.crt cert client1.crt key client1.crt comp-lzo verb 3
Now connect with the server.
One of the problems that many games have is that when you try to find LAN games, that they will end up using the wrong network interface by default. To fix this, the VPN network interface has to be priortised over the default one. Go to Network Connections from Networking and Sharing Center. There you should see a VPN Network TAN-Windows Adapter V9 interface. Right-click it and select "Properties", you should be presented with the following window:
Select "Internet Protocol Version 4 (TCP/IPv4)" and click on "Properties":
Click on "Advanced":
Set the interface metric from automatic to manual and input 5 as its value and close the windows. Now you should be able to find your friend's hosted game using LAN discovery.