Follow

Configure and Deploy OpenVPN Clients for Remote Users

This article will describe how to enable OpenVPN access for remote users.

 

The first step is to enable the OpenVPN server on your NG Firewall appliance by clicking the Settings button on the OpenVPN app, then browsing to the Server tabOn this page place a check next to 'Server Enabled'.

 

The Server tab includes all the configuration for OpenVPN's server functionality.

  • Site Name is the name of the this OpenVPN site. A random name is chosen so that it is unique. A new name can be given, but it should be unique across all Untangle sites in the organization. For example, if the company name is "MyCompany" then "mycompany" is a bad site name if you have multiple Untangles deployed as it might be used elsewhere. The Site Name must be unique.
  • Site URL shows the URL that remote clients will use to connect to this server. This is just for reference. Verify that this address will resolve and be publicly reachable from remote networks. This URL can be configured in Config > Administration > Public Address. You may need to change this if for instance you have a private IP address such as 192.168.1.1 on the External(WAN) network interface rather than a public IP.
  • Address Space defines an IP network/space for the VPN to use internally. The Address Space must be unique and separate from all existing networks and other address spaces on other OpenVPNs. A default will be chosen that does not conflict with the existing configuration.
  • NAT OpenVPN Traffic will NAT all traffic from remote networks to local networks to a local address. This helps solve routing and host-based firewall issues. The default and recommended value is enabled.

 

Next we can add the individual clients. Each remote user will need their own client configured. 

  1. Click 'Add' on OpenVPN Server tab


  2. Enter a unique Client Name that will help identify the client


    • Group will in most cases be 'Default Group', see Wiki Article for more information

    • Type will be 'Individual Client', Site-to-Site configuration will be discussed in another article

  3. Click 'Done'

  4. Repeat steps 1-3 for additional clients

  5. Click 'Apply' in lower right corner to save changes


    With clients configured the next step is deploying the installation files to users.

  6. Click the Settings button on the OpenVPN app, then browse to the Server tabClick the 'Download Client' button for a user. This will generate the client installation files


  7. Select the appropriate installation file for the end user's operating system


  8. Distribute OpenVPN configuration file to user through your preferred method (Ex: E-Mail, USB drive, Google Drive, Dropbox, shared folder on network, etc.)

    The following steps are for Microsoft Windows only, for Apple/Linux/Android/etc. installation please see our OpenVPN Wiki page

  9. Run the client installation file. The OpenVPN client that Untangle distributes is compatible with all versions of Windows, however if you're using Windows Vista or Windows 7 you'll need to both install and run the application as an Administrator - simply right-click and choose Run as Administrator. Running as an administrator is necessarily to allow the application to write routes for the VPN and must be done every time the application is started on Windows Vista or 7.

    Follow the Installation Wizard:










    After installation is complete you will need to run OpenVPN (as administrator) in order to complete the connection process.

  10. Start OpenVPN


  11. Locate OpenVPN in system tray and "right-click", then click "Connect"




  12. The system tray icon will turn green and display a message that OpenVPN is now connected. The IP Address assigned by the OpenVPN server will be displayed


    To disconnect, "right-click" the OpenVPN system tray icon and select "Disconnect"



Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Spencer Kearton

    Can I use a dynamic DNS service like no-ip to access my untangle that's currently in transparent bridge?

  • Avatar
    Daniel Marrero

    You have to change the Public Address setting in Configuration->Administration. Select the option "Use Manually Specified Address" and enter the DNS name there.

Powered by Zendesk