Own OpenVPN server on Windows
1. Download OpenVPN: openvpn.net/community-downloads
2. EasyRSA (part of OpenVPN) create certificates community.openvpn.net/EasyRSA3-OpenVPN-Howto
3. Add TLS: openvpn.net/hardening-openvpn-security
4. On the Windows server, install Routing and Remote Access (similar to IPtables) and enable NAT between the Tap adapter and the Ethernet (Internet) adapter: openvpn.net/enabling-routing-nat-on-windows
5. Then just create a server config and copy it to the config-auto folder (it starts automatically) and you're done:
server.ovpn:
local xxx.xxx.xxx.xxx
port xxxx
proto tcp4
dev tap
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh.pem"
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 0
server 10.5.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
topology subnet
client-to-client
duplicate-cn
keepalive 10 120
cipher CAMELLIA-256-CBC
data-ciphers CAMELLIA-256-CBC
max-clients 10
persist-key
persist-tun
verb 3
mute 5
client.ovpn
client
dev tap
proto tcp4
remote xxx.xxx.xxx.xxx xxxx
cipher CAMELLIA-256-CBC
data-ciphers CAMELLIA-256-CBC
resolv-retry infinite
remote-cert-tls server
nobind
persist-key
persist-tun
verb 3
auth-nocache
key-direction 1
<ca>...</ca>
<cert>...</cert>
<key>...</key>
<tls-auth>...</tls-auth>