Menu path: Setup > Network > VPN > OpenVPN > [OpenVPN Connection] > Session

  • OpenVPN Server(s): Name or public IP address of the OpenVPN server
  • Authentication type
    • TLS certificates: Authentication with user certificate and private key
    • Name/password: Authentication with user name and password
    • Name/password with TLS-certificates: Combines name/password with user certificate.
    • Static key: Authentication with a private key. No PKI infrastructure is needed for this.

TLS Certificates Authentication Type

Persistent storage of files is possible in the folder /wfs resp. subfolders of /wfs only.
Files stored under other paths will be lost when the thin client is rebooted.

  • Client certificate file: File with the client certificate. Enter a path relative to /wfs/OpenVPN or select using the file selection.
  • CA certificate file: File with the CA certificate. Enter a path relative to /wfs/OpenVPN or select using the file selection.
  • Private key file: File with the private key. Enter a path relative to /wfs/OpenVPN or select using the file selection.
  • Private key password: Password in case one is set for the private key

    If you have a PKCS#12 file which contains the client certificate, CA certificate and private key, always enter its name in the three file fields. The advantage lies in the fact that only a single file needs to be distributed.

    For details of how to distribute certificates and keys securely to thin clients, see the Securely Distributing Keys and Certificates How-To.

Name/Password Authentication Type

  • Username: User name - if you leave this field empty, the user will be asked for it when establishing a connection.
  • Password required

    ☑ The user must enter a password. (default)

  • Password: Password - if you leave this field empty, the user will be asked for it when establishing a connection.
  • CA certificate file: File with the CA certificate. Enter a path relative to /wfs/OpenVPN or select using the file selection.

Name/Password with TLS-Certificates Authentication Type

  • Username: User name - if you leave this field empty, the user will be asked for it when establishing a connection.
  • Password required

    ☑ The user must enter a password. (default)

  • Password: Password - if you leave this field empty, the user will be asked for it when establishing a connection.
  • CA certificate file: File with the CA certificate. Enter a path relative to /wfs/OpenVPN or select using the file selection.
  • Clientcertificate file: File with the user certificate. Enter a path relative to /wfs/OpenVPN or select using the file selection.
  • CA certificate file: File with the CA certificate. Enter a path relative to /wfs/OpenVPN or select using the file selection.
  • Private key file: File with the private key. Enter a path relative to /wfs/OpenVPN or select using the file selection.
  • Private key password: Password in case one is set for the private key

    If you have a PKCS#12 file which contains the user certificate, CA certificate and private key, always enter its name in the three file fields. The advantage lies in the fact that only a single file needs to be distributed.

    For details of how to distribute certificates and keys securely to thin clients, see the Securely Distributing Keys and Certificates how-to.

Static Key Authentication Type

  • Private key file: File with the static key. Enter a path relative to /wfs/OpenVPN or select using the file selection.
  • Key direction:
    • None: No key direction
    • 0: If the default option is not used, one side of the connection should use Direction 0 and the other Direction 1.
    • 1: If the default option is not used, one side of the connection should use Direction 0 and the other Direction 1.
  • Remote IP address: The VPN IP address of the server
  • Local IP address: The VPN IP address of the client