OpenVPN Client Configuraiton Guide

The OpenVPN Client feature offers you the ability to connect the OpenVPN server which helps you communicate in a more secure way. In this guide, we introduce how to set up OpenVPN client on Yeastar S-Series VoIP PBX.

In this Article

Setup OpenVPN Client

S-Series VoIP PBX supports 2 way to configure the OPVN Client: Manual Configuration and Upload OpenVPN Package.

Manual Configuration

Before you start to set up the OpenVPN client, please check the description for OpenVPN client settings on Yeastar S-Series VoIP PBX.

We have an example client.conf as the following figure shows:

 

Table 1 Description of OpenVPN Client Settings

OpenVPN Client Setting Description Setting in the client.conf
Server Address & Server Port The hostname/IP and port of the server remote 110.90.90.18 1194
Protocol The protocol connecting to the server. UDP or TCP. proto udp
Device Mode The device mode connecting to the server. Tun or tap. dev tun
Username & Password Credentials to access the VPN server. Get the information from the VPN provider. This is not an option in the configuration in a file.
Encryption
  • BlowFish
  • AES-128
  • AES-256
  • Triple-DES cipher BF-CBC
cipher BF-CBC
Compression Enable the compression in on the VPN link or not. comp-lzo
Proxy Server & Proxy Port If you are connecting through an HTTP proxy to reach the actual OpenVPN server, enter the proxy server/IP and port number here. http-proxy www.freevpn.org 80
CA Cert CA certification file. ca.crt
Cert Client certification file. client.crt
Key key client.key client.key
TLS Authentication & TA Key Enable TLS encryption or not. And TLS encryption key file. tls-auth ta.key 1


Case 1 Configuring with OpenVPN Configuration File and Certification Files


If the VPN provider gives you the following files, then you should configure Yeastar-Series IPPBX OpenVPN client according to the configuration file and upload the certification files to S-Series IPPBX.

  • Client Configuration File
  • CA certification file
  • Client certification file
  • Client Key
  • TLS encryption key (Optional)

STEP 1. Open your OpenVPN *.conf by Notepad application.


STEP 2. Log in Yeastar S-Series IPPBX web user interface, navigate to “Settings > System > Network > OpenVPN”, and check the option “Enable OpenVPN”.

STEP 3. Configure Yeastar S-Series VoIP PBX OpenVPN Client.

s-series opven vpn client

STEP 4. Click “Save” and “Apply”.

STEP 5. Check the VPN client status in the Resource Monitor.


Case 2 Configuring with OpenVPN .ovpn Configuration File


If the VPN provider only provides with you a .ovpn configuration file, you need to extract the certificates/keys from the .ovpn file first.


STEP 1. Use the Notepad to open the .ovpn file, and extract the certificates and key.


1) Create CA certification file ca.crt
Copy what's between <ca> and </ca>. Paste the content in a .txt file, and save it as “ca.crt”.

2) Create a client certification file client.crt.
Copy what's between <cert> and </cert>. Paste the content in a .txt file, and save it as “client.crt”.
Note: the certification file name could be customized, but it should be the same as the configuration the server.


3) Create a client key file client.key.
Copy what's between <key> and </key>. Paste the content in a .txt file, and save it as “client.key”.
Note: the certification file name could be customized, but it should be the same as the configuration the server.


STEP 2. Enable OpenVPN client feature on Yeastar S-Series IPPBX.
Log in Yeastar S-Series IPPBX web user interface, navigate to “Settings > System > Network > OpenVPN”, and check the option “Enable OpenVPN”.


STEP 3. Configure Yeastar S-Series IPPBX OpenVPN Client.

STEP 4. Click “Save” and “Apply”.


STEP 5. Check the VPN client status in the Resource Monitor.

 

Upload OpenVPN Package
Before you start, please read the following notes first:

  • The OpenVPN package could be compressed in a Linux or Windows system.
  • The OpenVPN configuration file’s name should be “vpn.conf”.
  • The certification files and key files need to be placed in the root directory of the compressed file.
  • Yeastar S-Series IPPBX supports OpenVPN version 2.0.5, the new option in OpenVPN later version may not work on Yeastar S-Series IPPBX. For example, remote-cert-tls server is not available for S-Series IPPBX, you have to change to it to ns-cert-tls server.

Follow the steps below to configure OpenVPN client in Linux System.


STEP 1. Edit the client.conf according to server configuration, and save it as “vpn.conf”.
STEP 2. Place the configuration file “vpn.conf”, certification files and key files to the same folder and compress the folder into a tar file.
Compress command: sudo tar –vcf ca.crt client.crt client.key vpn.conf
In the following example, we rename my client.crt and client.key to make difference for several devices. For this purpose, we also changed the client certificate name and client key name in the vpn.conf file.

STEP 3. Upload the *.tar file to Yeastar S-Series IPPBX.
STEP 4. Check “Enable OpenVPN”, click “Save” and “Apply”.
STEP 5. Check the VPN client status in the Resource Monitor.

open vpn connected


As for Windows system, you can also generate the tar file by a tool called “7-zip file manager” which is free software and can be download from the Internet.


Move the configuration file “vpn.conf”, certification files and key files to the same folder, and click Add button in 7-zip. Choose the archive format as “tar” and click OK to generate the tar file.

Then upload the compressed file to the PBX to enable the VPN client feature.

Have more questions? Submit a request

3 Comments

  • 0
    Avatar

    Hello, it is possible to access the log file for the OpenVPN Client? Because I make my manual configuration and the status display not Running. I would like to see what error I am getting.

  • 0
    Avatar

    not working with me with Issabel, after a manual configuration

    kindly note that version of issabel openvpn is:
    OpenVPN 2.4.6 x86_64-redhat-linux-gnu
    also vpn works correctly with other clients as grandstream ip phones

     

  • 0
    Avatar

    Is this also valid for IOS device? Because I have been trying it with my iPhone but always got error message regarding certificate verification failed. But its connected successfully with my Android device.

    Edited by Hernan Halim
Please sign in to leave a comment.