Document toolboxDocument toolbox

OpenVPN Session in IGEL OS12

This article shows how to configure the authentication of the OpenVPN session in IGEL OS.


Menu path: Network > VPN > OpenVPN > [OpenVPN Connection] > Session

 

 

OpenVPN server(s)

Name or public IP address of the OpenVPN server. You can enter multiple values separated by commas.

Authentication type

  • TLS-Certificates: Authentication with user certificate and private key.

  • Name/Password: Authentication with user name and password.

  • Name/Password with TLS-Certificates: Combines name/password with user certificate.

  • Static Key: Authentication with a private key. No PKI infrastructure is needed for this.

TLS Certificates Authentication Type

Persistent storage of files is possible in the folder /wfs resp. subfolders of /wfs only.
Files stored under other paths will be lost when the device is rebooted.

 

Client certificate file

File with the client certificate. Enter a path relative to /wfs/OpenVPN.

 

CA certificate file

File with the CA certificate. Enter a path relative to /wfs/OpenVPN.

 

Private key file

File with the private key. Enter a path relative to /wfs/OpenVPN.

 

Private key password

Password in case one is set for the private key.

If you have a PKCS#12 file which contains the client certificate, CA certificate and private key, always enter its name in the three file fields. The advantage lies in the fact that only a single file needs to be distributed.

 

Name/Password Authentication Type

User name

User name - if you leave this field empty, the user will be asked for it when establishing a connection.

 

Password required

☑ The user must enter a password. (Default)

 

Password

Password - if you leave this field empty, the user will be asked for it when establishing a connection.

 

CA certificate file

File with the CA certificate. Enter a path relative to /wfs/OpenVPN.

Name/Password with TLS-Certificates Authentication Type

User name

User name - if you leave this field empty, the user will be asked for it when establishing a connection.

 

Password required

☑ The user must enter a password. (Default)

 

Password

Password - if you leave this field empty, the user will be asked for it when establishing a connection.

 

Client certificate file

File with the user certificate. Enter a path relative to /wfs/OpenVPN.

CA certificate file

File with the CA certificate. Enter a path relative to /wfs/OpenVPN.

 

Private key file

File with the private key. Enter a path relative to /wfs/OpenVPN.

 

Private key password

Password in case one is set for the private key.

If you have a PKCS#12 file which contains the user certificate, CA certificate and private key, always enter its name in the three file fields. The advantage lies in the fact that only a single file needs to be distributed.

Static Key Authentication Type

Private key file

File with the static key. Enter a path relative to /wfs/OpenVPN.

 

Key Direction

  • None: No key direction. (Default)

  • 0: If the default option is not used, one side of the connection should use Direction 0 and the other Direction 1.

  • 1: If the default option is not used, one side of the connection should use Direction 0 and the other Direction 1.

 

Remote IP address

The VPN IP address of the server

 

Local IP address

The VPN IP address of the client