Document toolboxDocument toolbox

(12.2-en) Session

This article shows how to configure the authentication of the Open VPN session in IGEL OS.


Menu path: Network > VPN > OpenVPN > [OpenVPN Connection] > Session





OpenVPN server(s)

Name or public IP address of the OpenVPN server. You can enter multiple values separated by commas.



Authentication type

  • TLS-Certificates: Authentication with user certificate and private key.

  • Name/Password: Authentication with user name and password.

  • Name/Password with TLS-Certificates: Combines name/password with user certificate.

  • Static Key: Authentication with a private key. No PKI infrastructure is needed for this.

TLS Certificates Authentication Type

Persistent storage of files is possible in the folder /wfs resp. subfolders of /wfs only.
Files stored under other paths will be lost when the device is rebooted.



Client certificate file

File with the client certificate. Enter a path relative to /wfs/OpenVPN.



CA certificate file

File with the CA certificate. Enter a path relative to /wfs/OpenVPN.



Private key file

File with the private key. Enter a path relative to /wfs/OpenVPN.



Private key password

Password in case one is set for the private key.

If you have a PKCS#12 file which contains the client certificate, CA certificate and private key, always enter its name in the three file fields. The advantage lies in the fact that only a single file needs to be distributed.



Name/Password Authentication Type

User name

User name - if you leave this field empty, the user will be asked for it when establishing a connection.



Password required

☑ The user must enter a password. (Default)



Password

Password - if you leave this field empty, the user will be asked for it when establishing a connection.



CA certificate file

File with the CA certificate. Enter a path relative to /wfs/OpenVPN.

Name/Password with TLS-Certificates Authentication Type

User name

User name - if you leave this field empty, the user will be asked for it when establishing a connection.



Password required

☑ The user must enter a password. (Default)



Password

Password - if you leave this field empty, the user will be asked for it when establishing a connection.



Client certificate file

File with the user certificate. Enter a path relative to /wfs/OpenVPN.



CA certificate file

File with the CA certificate. Enter a path relative to /wfs/OpenVPN.



Private key file

File with the private key. Enter a path relative to /wfs/OpenVPN.



Private key password

Password in case one is set for the private key.

If you have a PKCS#12 file which contains the user certificate, CA certificate and private key, always enter its name in the three file fields. The advantage lies in the fact that only a single file needs to be distributed.

Static Key Authentication Type

Private key file

File with the static key. Enter a path relative to /wfs/OpenVPN.



Key Direction

  • None: No key direction. (Default)

  • 0: If the default option is not used, one side of the connection should use Direction 0 and the other Direction 1.

  • 1: If the default option is not used, one side of the connection should use Direction 0 and the other Direction 1.



Remote IP address

The VPN IP address of the server



Local IP address

The VPN IP address of the client