Knowledge Base/Using Tier 3/Network

How To Configure Client VPN

Jared Wray
posted this on Jan 25 13:00

Overview

Client VPN enables users to connect to their secure isolated network. Each account has their own isolated VPN service that is provided at no charge. This service is built into the platform and managed by the network operation center. If you have any issues please look at the status system or contact support.

The initial configuration just requires a certificate to be downloaded and used when connecting to the vpn service but you can also do two-factor authentication where it requires a user name and password which below there is a configuration guide on this. To learn more about ways to connect such as persistent vpn connections, direct connections please go here.

Current Limitations

There are only a few limitations on this service as it is based on the OpenVPN project.

  • Maximum Concurrent Users: 30 (if you need more than that please contact support)
  • Maximum Connection: 1Gbps 

Getting Connected

Our platform is built to be very efficient with resources which means that the Client VPN service will not be activated until after you build your first server. So first step is to make sure you deploy a server to be able to have your VPN server activated

From the Control Panel go to: Network > VPN to be able to download the certificate and configuration file.

Windows XP:

  1. Download the OpenVPN client here.
  2. Accept all the defaults during installation.
  3. After installing the client, download the certificate from the VPN page and extract the .ZIP file into the ‘config’ subdirectory under your client install location (generally C:\Program Files\OpenVPN).
  4. Start the OpenVPN GUI. This will place an icon in the notification area, right click it and choose connect.

Windows 7 Installation Instructions:

  1. Point your browser to here, download the “exe” file next to the “Windows Installer” option.
  2. Find where you downloaded the OpenVPN Windows Installer, right-click on the file, and then choose Run as an administrator (XP users can just double click on the file to start the installation).
  3. Accept all the defaults during installation.
  4. After installing the client, download the certificate from the VPN page and extract the .ZIP file into the ‘config’ subdirectory under your client install location (generally C:\Program Files (x86)\OpenVPN\config. Whereas for Windows XP users, the directory structure is: C:\Program Files\OpenVPN\config ).

Running the OpenVPN client with Windows 7:

1.       Start the OpenVPN client by right clicking on the icon and select “Run as administrator” (Windows XP users can just double click on the client)

2.       Right click on the OpenVPN client in the Windows Systems Tray (next to the clock on the bottom right of screen), and select Connect


Apple OS X:
  1. Download the OpenVPN client here (Tunnelblick_3.0b28.dmg).
  2. Accept all the defaults during installation.
  3. After installing the client, download the certificate from the VPN page and extract the .ZIP file.
  4. Run Tunnelblick - it will give you two options, select "Open Configuration Folder".
  5. Copy the contents of the unzipped directory (5 files) into this folder.
  6. Close Tunnelblick, and re-run.
  7. Right click Tunnelblick in the running program menu, go to options, choose connect.

Now you should be connected and able to connect to your server. Any issues please refer to the troubleshooting below.

FAQ

  • After I select Connect my OpenVPN client never establishes a connection (or the icon does not turn “green”), what could be wrong?
    • Verify with the NOC which port our engineers have established and then check with your firewall administrator to ensure this port is open on your corporate firewall(s). Also, ensure your IT staff is not blocking this port with your Windows desktop firewall.
  • Is this service using secure ssl?
    • This service uses SSL certificates but does not run on the standard SSL port. In your configuration file (ends in OVPN) you can see the remote information such as: remote <IPHOST> <PORT> (example: remote 64.94.142.9 1194).
  • Is this a shared or isolated service?
    • This is an isolated service for every account. Each account receives their own VPN instance to keep isolation and high security.
  • Who handles the patching/maintenance of this service?
    • The platform handles all of the VPN instance patching and maintenance. Occasionally you will need to upgrade you vpn client application.
  • What if I want to use my own VPN service?
    • There are two ways you can do this:
      1) If it is a physical device you will need to have a persistent connection to your secure network. If you do have that then you can host a physical VPN server yourself and route across the persistent connection.
      2) If you would like to use a software based VPN server then you can install it on a virtual server and configure the firewall rules to allow access. Many of our customers have done this but it will not be supported by the NOC. 
  • When I connect to the service I cant ping/connect to the server?
    • This is one of the most common issues with Windows and the OpenVPN client. Make sure to run it as Administrator by holding down the shift key and right click on the application then select run as administrator. 
  • Can I use this to connect to my office?
    • You cannot use it as a direct connect. To learn more about ways to connect such as persistent vpn connections, direct connections please go here.

Related Articles

Client Connection Troubleshooting

Configure Two Factor Authentication

Connect to Multiple OpenVPN Instances