How Can I Configure OpenVPN with an .ovpn or .conf File?

Solution Based on Experience from the Field

This article provides a solution that has not been approved by the IGEL Research and Development department. Therefore, official support cannot be provided by IGEL. Where applicable, test the solution before deploying it to a productive environment.

Overview

You can use the .ovpn or the .conf file from your firewall to configure OpenVPN for your IGEL OS device.

Creating a Profile

1. Open the .ovpn or the .conf file in “Microsoft Visual Studio Code” (freeware) or any other editor that can save files in UTF-8 and uses LF (not CR-LF) for a newline.
2. In the UMS, create a profile with an appropriate name, e.g. "OS11_OpenVPN".
3. Go to Network > VPN > Open VPN and click  to create an OpenVPN session.
4. Edit the settings of Network > VPN > Open VPN > [your OpenVPN session] > Session as follows:
   
5. Go to Network > VPN > Open VPN > [your OpenVPN session] > Options and edit the settings as follows:
   
6. Go to Network > VPN > Open VPN > [your OpenVPN session] > TLS Options and edit the settings as follows:
   

Creating the Certificate/Key Files

If you already have the following files, you can skip this section and jump to Transferring the Files to the UMS:

• ca.crt
• client.crt
• client.key

If the certificates and the key are embedded in your .ovpn file, extract the certificates and key as follows:

1.  Open the .ovpn file in your editor (must be able to save as UTF-8 and use LF, not CR-LF, for a newline).
2. Go to the section tagged as <ca> ... </ca> and copy the marked certificate, including ----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
   
3. Paste the text to the editor and save it to a file named ca.crt (file type "All files").
4. Go to the section tagged as <cert> ... </cert> and copy the marked certificate, including ----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
   
5. Paste the text to the editor and save it to a file named client.crt (file type "All files").
6. Go to the section tagged as <key> ... </key> and copy the marked key, including ----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----.
   
7. Paste the text to the editor and save it to a file named client.key (file type "All files").

Transferring the Files to the UMS

1. In the UMS, create a file object for each certificate/key file; set Classification to "Common Certificate (all purpose)". For details, see Registering a File on the UMS Server.
2. Assign the file objects to the endpoint devices on which you want to use the OpenVPN connection. For details, see Transferring a File to a Device.

Adjust the Profile

1. In the UMS, open the profile you have created for your OpenVPN connection and go to Network > VPN > Open VPN > [your OpenVPN connection] > Session.
2. Edit the file locations as follows:
   
3. Apply the profile to the endpoint devices on which you want to use the OpenVPN connection.