In this page you find:
In this page appears the list of the Endian UTM Appliance’s connections as OpenVPN clients, i.e., all tunnelled connections to remote OpenVPN servers. For every connection, the list reports the status, the name, any additional option, a remark, and the available actions.
The status is closed when the connection is disabled, established when the connection is enabled, and connecting… while the connection is being established. Beside to enable and to disable a connection, the available actions are to edit or delete it. In the former case, a form will open, that is the same as the one that opens when adding a connection (see below) in which to see and modify the current settings, whereas in the latter case only deletion of that profile from the Endian UTM Appliance is permitted.
The creation of a new OpenVPN client connections is straightforward and can be done in two ways: Either click on the Add tunnel configuration button and enter the necessary information about the OpenVPN server to which to connect (there can be more than one) or import the client settings from the OpenVPN Access Server by clicking on Import profile from OpenVPN Access Server.
There are two types of settings that can be configured for each tunnel configuration: The basic one includes mandatory options for the tunnel to be established, while the advanced one is optional and normally should be changed only if the OpenVPN server has a non-standard setup. To access the advanced settings, click on the >> button next to the Advanced tunnel configuration label. The basic settings are:
myvpn.example.com:port:protocol
. The port and protocol are
optional and left on their default values which are 1194 and
udp respectively when not specified. The protocol must be
specified in lowercase letters.The server certificate needed for the tunnel connection. Browsing the local filesystem is admitted, to search for the file, or the path and filename can be entered.
Note
If the server is configured to use PSK authentication (password/username), the server’s host CA certificate must be uploaded to the Endian UTM Appliance. This can be downloaded from the Download CA certificate link in the OpenVPN server’s section ( ).
Otherwise, to use certificate-based authentication, the server’s
PKCS#12 file must be uploaded. This can be downloaded by going
to the Endian UTM Appliances certificate section
( icon next to
in the action column of the certificate selected for the tunnel.
In this box, that appears when clicking on the >> button in the previous box, additional options can be modified, though the values in this box should be modified only if the server side has not been configured with standard values.
One or more (one per line) fallback OpenVPN servers in the same
format used for the primary server, i.e.,
myvpn.example.com:port:protocol
. The port and protocol values
default to 1194 and udp respectively when omitted. If the
connection to the main server fails, one of these fallback servers
will take over.
Hint
The protocol must be written in lowercase letters.
If the Endian UTM Appliance can access the Internet only through an upstream HTTP proxy, it can still be used as an OpenVPN client in a Gateway-to-Gateway setup, but the TCP protocol for OpenVPN must be selected on both sides. Moreover, the account information for the HTTP upstream proxy must be provided in the text fields:
proxy.example.com:port
, with the
port defaulting to 8080 if not entered.Once the connection has been configured, a new box at the bottom of the page will appear, called TLS authentication, from which to upload a TLS key file to be used for the connection. These options are available:
The second possibility to add an account is to directly import the profile from an OpenVPN Access Server: In this case, the following information must be provided:
The URL of the OpenVPN Access Server.
Note
Note that the Endian UTM Appliance only supports XML-RPC
configuration of the OpenVPN Access Server, therefore a URL
input here has the form: https://<SERVERNAME>/RPC2
.