Own OpenVPN server on Windows

1. Download OpenVPN: openvpn.net/community-downloads

2. EasyRSA (part of OpenVPN) create certificates community.openvpn.net/EasyRSA3-OpenVPN-Howto

3. Add TLS: openvpn.net/hardening-openvpn-security

4. On the Windows server, install Routing and Remote Access (similar to IPtables) and enable NAT between the Tap adapter and the Ethernet (Internet) adapter: openvpn.net/enabling-routing-nat-on-windows

5. Then just create a server config and copy it to the config-auto folder (it starts automatically) and you're done:

server.ovpn:

local xxx.xxx.xxx.xxx 
port xxxx 
proto tcp4 
dev tap 
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt" 
cert "C:\\Program Files\\OpenVPN\\config\\server.crt" 
key "C:\\Program Files\\OpenVPN\\config\\server.key" 
dh "C:\\Program Files\\OpenVPN\\config\\dh.pem" 
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 0 
server 10.5.0.0 255.255.255.0 
push "redirect-gateway def1 bypass-dhcp" 
push "dhcp-option DNS 1.1.1.1" 
topology subnet 
client-to-client 
duplicate-cn 
keepalive 10 120 
cipher CAMELLIA-256-CBC 
data-ciphers CAMELLIA-256-CBC 
max-clients 10 
persist-key 
persist-tun 
verb 3 
mute 5

client.ovpn

client 
dev tap 
proto tcp4 
remote xxx.xxx.xxx.xxx xxxx 
cipher CAMELLIA-256-CBC 
data-ciphers CAMELLIA-256-CBC 
resolv-retry infinite 
remote-cert-tls server 
nobind 
persist-key 
persist-tun 
verb 3 
auth-nocache 
key-direction 1 
<ca>...</ca> 
<cert>...</cert> 
<key>...</key> 
<tls-auth>...</tls-auth>