How Can I Configure OpenVPN with an .ovpn or .conf File for IGEL OS Devices?

You can use the .ovpn or the .conf file from your firewall to configure OpenVPN for your IGEL OS device.

Solution Based on Experience from the Field

This article provides a solution that has not been approved by the IGEL Research and Development department. Therefore, official support cannot be provided by IGEL. Where applicable, test the solution before deploying it to a productive environment.

Creating a Profile

1. Open the .ovpn or the .conf file in “Microsoft Visual Studio Code” (freeware) or any other editor that can save files in UTF-8 and uses LF (not CR-LF) for a newline.
   
   
2. In the UMS, create a profile with an appropriate name, e.g. "OS11_OpenVPN".
   
   
3. Go to Network > VPN > Open VPN and click   to create an OpenVPN session.
   
   
4. Edit the settings of Network > VPN > Open VPN > [your OpenVPN session] > Session as follows:
   
   
   
5. Go to Network > VPN > Open VPN > [your OpenVPN session] > Options and edit the settings as follows:
   
   
   
6. Go to Network > VPN > Open VPN > [your OpenVPN session] > TLS Options and edit the settings as follows:
   

Creating the Certificate/Key Files

If you already have the following files, you can skip this section and jump to Transferring the Files to the UMS:

• ca.crt
• client.crt
• client.key

If the certificates and the key are embedded in your .ovpn file, extract the certificates and key as follows:

1.  Open the .ovpn file in your editor (must be able to save as UTF-8 and use LF, not CR-LF, for a newline).
   
   
2. Go to the section tagged as <ca> ... </ca> and copy the marked certificate, including ----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
   
   
   
3. Paste the text to the editor and save it to a file named ca.crt (file type "All files").
   
   
4. Go to the section tagged as <cert> ... </cert> and copy the marked certificate, including ----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
   
   
   
5. Paste the text to the editor and save it to a file named client.crt (file type "All files").
   
   
6. Go to the section tagged as <key> ... </key> and copy the marked key, including ----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----.
   
   
   
7. Paste the text to the editor and save it to a file named client.key (file type "All files").

Transferring the Files to the UMS

1. In the UMS, go to Files > [context menu] > New file and create a file object for each certificate/key file; set Classification to "Common Certificate (all purpose)". 
   
   
2. Assign the file objects to the endpoint devices on which you want to use the OpenVPN connection.

For detailed information on how to create file objects in the UMS and transfer them to devices, see Files - Registering Files on the IGEL UMS Server and Transferring Them to Devices.

Adjust the Profile

1. In the UMS, open the profile you have created for your OpenVPN connection and go to Network > VPN > Open VPN > [your OpenVPN connection] > Session.
   
   
2. Edit the file locations as follows:
   
   
   
3. Apply the profile to the endpoint devices on which you want to use the OpenVPN connection.