Configuring an OpenVPN Client on a Windows Computer - icom OS Routers

  • Updated on Dec 20, 2024
  • Published on Aug 1, 2024
Prev Next

If a router of INSYS icom is running an OpenVPN-Server, it is possible to establish OpenVPN connections to this from a computer.

Situation

A Windows computer shall be included as a client into an existing OpenVPN network on an INSYS router.

Solution

The OpenVPN package will be installed on the computer. The configuration file will be generated using the OpenVPN server configuration of the INSYS router on the computer. Instructions for configuring an OpenVPN server on an INSYS router can be found in the respective Configuration Guide.

It is prerequisite that the respective certificates and keys are available and the configuration of the server is known.

Installing the OpenVPN package on the computer

  1. Download the latest OpenVPN package for your computer under https://openvpn.net/community-downloads/.

  2. Open the installation file and perform the installation according to the instructions.

The OpenVPN package will be installed on your computer in the default directory C:Program Files\OpenVPN.

Storing the certificates and keys on the computer

  1. Copy the CA certificate, the client certificate and the client key to the directory C:Program Files\OpenVPN\config on the computer. These can also be contained in an PKCS#12 container.

Creating and configuring the OpenVPN configuration file on the computer

  1. Download the OpenVPN client template and edit it in a text editor or copy the content from the window below and insert it into a text editor.

  2. Adapt the content of the template according to the comments behind the parameters and save it under a suitable name.

  3. Copy the file into the directory C:Program Files\OpenVPN\config of the OpenVPN installation.

OpenVPN client template

client              # configures the OpenVPN terminal as client and activates tls-auth and pull
remote 192.168.1.1  # <192.168.1.1> replace with IP address or domain name of the router with the OpenVPN server 
ca ca.crt	    # <ca.crt> replace with file name of the certificate of the Certification Authority (CA)
key client1.key	    # <client1.key> replace with file name of the private client key
cert client1.crt    # <client1.crt> replace with file name of the client certificate
proto udp           # <udp> replace with tcp, if the TCP protocol is used by the server 
rport 1194          # <1194> replace with the port, which is configured on the server for the remote tunnel end 
lport 1194          # <1194> replace with the port, which is configured on the server for the local tunnel end 
comp-lzo            # activates LZO compression; delete, if this is not enabled on the server 
dev tun             # configures the virtual network interface TUN for routing

Please note for above config file template:

For the IP address or domain name of the router, see Determining the IP address of the OpenVPN server accessible from the Internet below.

To find out the protocol, port and LZO compression settings, open the the Network → Interfaces page in the user interface of the router and click in the OpenVPN section on  (edit). Click on to extended view and check the respective settings of the VPN connection.

OpenVPN client template download (right-click and save as)

Please note!

If all certificates are contained in a PKCS#12 container, delete the three lines for the certificates and the key and insert the line pkcs12 client1.p12. Then, replace <client1.p12> with the file name of the PKCS#12 container.

Determining the IP address of the OpenVPN server accessible from the Internet

The IP address that is accessible from the Internet depends on the architecture of the router network. If the router is behind a DSL router like in the following figure for example, its WAN IP address must be used. A corresponding port forwarding rule of the tunnel to the router must be present in the DSL router.

cg m3 openvpn win client ip expl router

If the router is directly connected to a DSL modem without intermediate router like in the following figure, the IP address of the router must be used.

cg m3 openvpn win client ip expl modem

If the router has no fixed IP address, a DynDNS domain name can also be entered, which will then be resolved by the client. For this, DynDNS must be enabled in the DSL router (first example) or in the INSYS router (second example). Notes regarding this are available in the inline and online help of the INSYS router. A DNS server must also be entered in the client for this.

Staring the OpenVPN client

  1. Start the OpenVPN GUI using the Windows key () → OpenVPN → Open-VPN GUI or a click on the desktop icon.

  2. Click on the symbol for showing the hidden symbols in the task bar ().

  3. Right-click on the symbol of the OpenVPN GUI and click on Connect (or <config file name> → Connect if several configuration files are available).

  4. If the client certificate has been provided with a password, enter this password when prompted.

Result testing

The symbol of the OpenVPN GUI is displayed green as soon as the connection to the OpenVPN server has been established successfully. If the symbol remains yellow, the OpenVPN client tries to reach the server, but the connection cannot be established. A connection log can be displayed using the menu item View Log (or <config file name> → View Log if several configuration files are available).

Troubleshooting

  • If the OpenVPN GUI does not find the configuration file in the directory, it may have happened that a text editor has appended the file extension .txt accidentally.