OpenVPN

From Stratodesk Knowledge Base
Jump to: navigation, search

OpenVPN is an open source based SSL VPN solution that is growing in popularity due to its cost-effective and lightweight nature and the ease of deployment. NoTouch OS contains OpenVPN and provides an easy to use configuration access. Available out of the box, any NoTouch machine, no matter if on PC or Raspberry Pi, can instantly connect to an OpenVPN-based VPN service.

Please not confuse OpenVPN and OpenConnect. OpenVPN is its own open source based VPN solution, whereas OpenConnect is intended for Cisco, Pulse/Juniper and Palo Alto VPN products. Both options are supported by NoTouch OS.

OpenVPN configuration

You will find the relevant parameters in the Services->OpenVPN section. Only a few parameters need to be set.

  • License Open VPN requires a "device" license. For the device you wish to enable OpenVPN, Select the device / Licenses, select the checkbox for VPN to assign a license to this device
  • Start OpenVPN. The master switch to turn OpenVPN on or off.
  • OpenVPN server. Host name of IP address to connect to. Optionally, you may specify the TCP port number also in host:port notation. The default OpenVPN port is 1194.
  • Protocol. OpenVPN can run based on TCP or UDP. Depending on what your VPN concentrator is using, select the corresponding protocol here.
  • CA certificate. The root certificate of your OpenVPN installation. Simply enter the file name, assuming it has been distributed via Certificates
  • Client certificate. This machine's client certificate. Simply enter the file name, assuming it has been distributed via Certificates
  • Client certificate key. This machine's client certificate's private key. Simply enter the file name, assuming it has been distributed via Certificates
  • Compression. Set it to the compression that the VPN concentrator expects.
  • Float. Allows the server address to change, provided that the certificate authentication still works (load balancing, fail-over)

Customization

The bundled software OpenVPN allows for much more detailed configuration. You can specify any configuration file option that you like, as for example defined in the openvpn.conf man page. If a custom configuration file is needed then this should be placed in the following directory /config/openvpn/client.conf and this will be used for the default connection. Whatever you specify here will be used verbatim, that means you need to familiarize with the OpenVPN software's documentation OpenVPN 2.4 documentation