VPN Configuration

A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across the VPN may therefore benefit from the functionality, security, and management of the private network.

10.1 Create Server Certificate

Select the OpenVPN Server Certificates Tab then select “+Generate Certificate Key” Icon

Enter a name for the certificate key then select “Generate Certificate” Icon, this will configure and generate a secure certificate key and add it to the list of Certificates.

10.2 Generate Client Key

Select the “Pencil” Icon next to the name of the key you generated to create a client side key.

Select the “+Create Client Key” Icon.

Enter a name for your Client Certificate Name then select the Generate Certificate Icon to generate the client key.

Once generated select the “Down Arrow ” Icon to download the client key config file to be added to your OpenVPN client software or uploaded to client side iShield unit.

10.2.1 Alterations Needed After Downloading The Client Key

• Once downloaded you will need to open the <clientcert>.tgz file using an application like 7zip.

1. Once opened you will need to drill down through three directory levels until you get to the one that contains the following

• “keys” folder
• dh2048.pem
• <clientcert>.conf

1. You can either edit the files in the compressed file or extract them first to alter them.
2. Rename the <clientcert>.conf to <clientcert>.ovpn
3. Edit <clientcert>.ovpn with Wordpad or Notepad++ (Please do not edit it using standard notepad as formatting could be affected)

• Change line 10 where it reads MUST_BE_SET to your DynDNS name or Public facing IP
• If you would like to use your own internal DNS server to access servers by name, you will also need to add the following line to the config.
• i, dhcp-option DNS <DNSServerIP>
• ii. Where <DNSServerIP> is the IP of your internal DNS server.

1. Save and close the file
2. Copy or extract all 3 items into the OpenVPN config directory to complete

• OpenVPN config directory default is C:\Users\<username>\OpenVPN\config

1. You can not (From Externally) right click the OpenVPN icon and click on connect to join the VPN

10.3 OpenVPN Config

To configure the server side of the VPN, select the OpenVPN Config Top Tab and select the “+Add VPN Config” Icon.

Enter and complete the following fields,

• Config Name:
• Config Mode - select server
• Network Mask: - this is the IP range that the VPN will use as a WAN connection and not the IP range of your
• Local Network.
• Keep Alive you can leave as default.
• Protocol: select UDP
• Port: leave as 1194
• Key: select the server key you generated in step 9.1

Push Routes: select the “+Add Push Route” Icon and enter your Local Network IP range. Client Routes: Select the “+Add Client Route” Icon to add the Client side Local network IP range. (this you only have to add if you wish to have a Bidirectional VPN) Select the “Create Config” Icon to create the VPN config with your selected input.

10.4 OpenVPN Client Certificates

If you have a iShield on both networks, (client side and server side) the iShield handle both the Server and Client side of the VPN, no OpenVPN software would be required on the client side machines. From the Client side iShield Unit Select the OpenVPN Client Certificates Top Tab.

Select the “Upload Client Certificate” Icon to upload the Client Key you generated in section 9.2

10.5 OpenVPN Client Config

To configure the client side iShield VPN select the OpenVPN Config from the Top Tab then select the “+Add VPN Config” Icon and type in the name of the client side VPN and select Client in the Mode block.

Complete the following sections,

• Config Mode: Client
• Protocol: UDP
• Port: 1194
• Remote server IP or URL
• Key: Select the Key you uploaded to the Unit, if no key was uploaded it will display in red that No certificates exist
• Compression: leave as disabled

Once all fields are completed select the Create Config Icon to generate the client side VPN configuration

index Traffic Shaping