OpenVPN Client Configuraiton Guide

Introduction

The OpenVPN Client feature offers you the ability to connect the OpenVPN server which helps you communicate in a more secure way. In this guide, we introduce how to configure OpenVPN client on Yeastar S-Series VoIP PBX.

Setup OpenVPN Client

S-Series VoIP PBX supports 2 way to configure the OPVN Client: Manual Configuration and Upload OpenVPN Package.

Manual Configuration

Before you start to configure the OpenVPN client, please check the description for OpenVPN client settings on Yeastar S-Series VoIP PBX.

We have an example client.conf as the following figure shows:

 

Table 1 Description of OpenVPN Client Settings

OpenVPN Client Setting Description Setting in the client.conf
Server Address & Server Port The hostname/IP and port of the server remote 110.90.90.18 1194
Protocol The protocol connecting to the server. UDP or TCP. proto udp
Device Mode The device mode connecting to the server. Tun or tap. dev tun
Username & Password Credentianls to access the VPN server. Get the information from the VPN provider. This is not a option in the configuration in file.
Enryption
  • BlowFish
  • AES-128
  • AES-256
  • Triple-DES cipher BF-CBC
cipher BF-CBC
Compression Enable the compression in on the VPN link or not. comp-lzo
Proxy Server & Proxy Port If you are connecting through an HTTP proxy to reach the actual OpenVPN server, enter the proxy server/IP and port number here. http-proxy www.freevpn.org 80
CA Cert CA certification file. ca.crt
Cert Client certification file. client.crt
Key key client.key client.key
TLS Authetication & TA Key Enable TLS enpryption or not. And TLS encryption key file. tls-auth ta.key 1


Case 1 Configuring with OpenVPN Configuration File and Certification Files


If the VPN provider give you the following files, then you should configure Yeastar-Series IPPBX OpenVPN client according to the configuration file and upload the certification files to S-Series IPPBX.

  • Client Configuration File
  • CA certification file
  • Client certification file
  • Client Key
  • TLS encryption key (Optional)

STEP 1. Open your OpenVPN *.conf by Notepad application.


STEP 2. Log in Yeastar S-Series IPPBX web user interface, navigate to “Settings > System > Network > OpenVPN”, and check the option “Enable OpenVPN”.
STEP 3. Configure Yeastar S-Series VoIP PBX OpenVPN Client.

STEP 4. Click “Save” and “Apply”.
STEP 5. Check the VPN client status in the Resource Monitor.


Case 2 Configuring with OpenVPN .ovpn Configuration File


If the VPN provider only provide you an .ovpn configuration file, you need to extract the certificates/keys from the .ovpn file first.


STEP 1. Use the Notepad to open the .ovpn file, and extract the certificates and key.


1) Create CA certification file ca.crt
Copy what's between <ca> and </ca>. Paste the content in a txt file, and save it as “ca.crt”.

2) Create client certification file client.crt.
Copy what's between <cert> and </cert>. Paste the content in a txt file, and save it as “client.crt”.
Note: the certification file name could be customzied, but it should be the same as the configuratioin the server.


3) Create client key file client.key.
Copy what's between <key> and </key>. Paste the content in a txt file, and save it as “client.key”.
Note: the certification file name could be customzied, but it should be the same as the configuratioin the server.


STEP 2. Enable OpenVPN client feature on Yeastar S-Series IPPBX.
Log in Yeastar S-Series IPPBX web user interface, navigate to “Settings > System > Network > OpenVPN”, and check the option “Enable OpenVPN”.


STEP 3. Configure Yeastar S-Series IPPBX OpenVPN Client.

STEP 4. Click “Save” and “Apply”.


STEP 5. Check the VPN client status in the Resource Monitor.

 

Upload OpenVPN Package
Before you start, please read the following notes first:

  • The OpenVPN package could be compressed in a Linux or Windows system.
  • The OpenVPN configuration file’s name should be “vpn.conf”.
  • The certification files and key files needs to be placed in the root directory of the compressed file.
  • Yeastar S-Series IPPBX supports OpenVPN version 2.0.5, the new option in OpenVPN later version may not work on Yeastar S-Series IPPBX. For example, remote-cert-tls server is not available for S-Series IPPBX, you have to change to it to ns-cert-tls server.

Follow the steps below to configure OpenVPN client in Linux System.


STEP 1. Edit the client.conf according to server confiugration, and save it as “vpn.conf”.
STEP 2. Place the configuration file “vpn.conf”, certification files and key files to the same folder and compress folder into a tar file.
Compress command: sudo tar –vcf ca.crt client.crt client.key vpn.conf
In my example, I rename my client.crt and client.key to make difference for several devices. For this purpose, I also changed the client certificate name and client key name in my vpn.conf file.

STEP 3. Upload the *.tar file to Yeastar S-Series IPPBX.
STEP 4. Check “Enable OpenVPN”, click “Save” and “Apply”.
STEP 5. Check the VPN client status in the Resource Monitor.


As for Windows system, you can also generate the tar file by tool called “7-zip file manager” which is free software and can be download from the Internet.


Move the configuration file “vpn.conf”, certification files and key files to the same folder, and click Add button in 7-zip. Choose the archive format as “tar” and click OK to generate the tar file.

Then upload the compressed file to the PBX to enable the VPN client feature.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.