The OpenVPN Client feature offers you the ability to connect the OpenVPN server which helps you communicate in a more secure way. In this guide, we introduce how to set up OpenVPN client on Yeastar S-Series VoIP PBX.
In this Article
Setup OpenVPN Client
S-Series VoIP PBX supports 2 way to configure the OPVN Client: Manual Configuration and Upload OpenVPN Package.
Manual Configuration
Before you start to set up the OpenVPN client, please check the description for OpenVPN client settings on Yeastar S-Series VoIP PBX.
We have an example client.conf as the following figure shows:
Table 1 Description of OpenVPN Client Settings
OpenVPN Client Setting | Description | Setting in the client.conf |
Server Address & Server Port | The hostname/IP and port of the server | remote 110.90.90.18 1194 |
Protocol | The protocol connecting to the server. UDP or TCP. | proto udp |
Device Mode | The device mode connecting to the server. Tun or tap. | dev tun |
Username & Password | Credentials to access the VPN server. Get the information from the VPN provider. | This is not an option in the configuration in a file. |
Encryption |
|
cipher BF-CBC |
Compression | Enable the compression in on the VPN link or not. | comp-lzo |
Proxy Server & Proxy Port | If you are connecting through an HTTP proxy to reach the actual OpenVPN server, enter the proxy server/IP and port number here. | http-proxy www.freevpn.org 80 |
CA Cert | CA certification file. | ca.crt |
Cert | Client certification file. | client.crt |
Key | key client.key | client.key |
TLS Authentication & TA Key | Enable TLS encryption or not. And TLS encryption key file. | tls-auth ta.key 1 |
Case 1 Configuring with OpenVPN Configuration File and Certification Files
If the VPN provider gives you the following files, then you should configure Yeastar-Series IPPBX OpenVPN client according to the configuration file and upload the certification files to S-Series IPPBX.
- Client Configuration File
- CA certification file
- Client certification file
- Client Key
- TLS encryption key (Optional)
STEP 1. Open your OpenVPN *.conf by Notepad application.
STEP 2. Log in Yeastar S-Series IPPBX web user interface, navigate to “Settings > System > Network > OpenVPN”, and check the option “Enable OpenVPN”.
STEP 3. Configure Yeastar S-Series VoIP PBX OpenVPN Client.
STEP 4. Click “Save” and “Apply”.
STEP 5. Check the VPN client status in the Resource Monitor.
Case 2 Configuring with OpenVPN .ovpn Configuration File
If the VPN provider only provides with you a .ovpn configuration file, you need to extract the certificates/keys from the .ovpn file first.
STEP 1. Use the Notepad to open the .ovpn file, and extract the certificates and key.
1) Create CA certification file ca.crt
Copy what's between <ca> and </ca>. Paste the content in a .txt file, and save it as “ca.crt”.
2) Create a client certification file client.crt.
Copy what's between <cert> and </cert>. Paste the content in a .txt file, and save it as “client.crt”.
Note: the certification file name could be customized, but it should be the same as the configuration the server.
3) Create a client key file client.key.
Copy what's between <key> and </key>. Paste the content in a .txt file, and save it as “client.key”.
Note: the certification file name could be customized, but it should be the same as the configuration the server.
STEP 2. Enable OpenVPN client feature on Yeastar S-Series IPPBX.
Log in Yeastar S-Series IPPBX web user interface, navigate to “Settings > System > Network > OpenVPN”, and check the option “Enable OpenVPN”.
STEP 3. Configure Yeastar S-Series IPPBX OpenVPN Client.
STEP 4. Click “Save” and “Apply”.
STEP 5. Check the VPN client status in the Resource Monitor.
Upload OpenVPN Package
Before you start, please read the following notes first:
- The OpenVPN package could be compressed in a Linux or Windows system.
- The OpenVPN configuration file’s name should be “vpn.conf”.
- The certification files and key files need to be placed in the root directory of the compressed file.
- Yeastar S-Series IPPBX supports OpenVPN version 2.0.5, the new option in OpenVPN later version may not work on Yeastar S-Series IPPBX. For example, remote-cert-tls server is not available for S-Series IPPBX, you have to change to it to ns-cert-tls server.
Follow the steps below to configure OpenVPN client in Linux System.
STEP 1. Edit the client.conf according to server configuration, and save it as “vpn.conf”.
STEP 2. Place the configuration file “vpn.conf”, certification files and key files to the same folder and compress the folder into a tar file.
Compress command: sudo tar –vcf ca.crt client.crt client.key vpn.conf
In the following example, we rename my client.crt and client.key to make difference for several devices. For this purpose, we also changed the client certificate name and client key name in the vpn.conf file.
STEP 3. Upload the *.tar file to Yeastar S-Series IPPBX.
STEP 4. Check “Enable OpenVPN”, click “Save” and “Apply”.
STEP 5. Check the VPN client status in the Resource Monitor.
As for Windows system, you can also generate the tar file by a tool called “7-zip file manager” which is free software and can be download from the Internet.
Move the configuration file “vpn.conf”, certification files and key files to the same folder, and click Add button in 7-zip. Choose the archive format as “tar” and click OK to generate the tar file.
Then upload the compressed file to the PBX to enable the VPN client feature.
3 Comments