Create a Client File for Windows Client
You can create a client file with .ovpn extension with a text editor (e.g. notepad++), or download a client.ovpn sample file.
Note: The line beginning with “;” is considered to disable the corresponding option.
-
Open the client.ovpn file with a text editor.
-
Edit the following options according to the VPN server settings on your PBX.
Note: The client and server must use the same settings.
a.Specify the hostname/IP and port of VPN server.
In this example, we have forwarded the VPN server 10.8.0.1 1194 to 172.16.1.63 1194.
remote 172.16.1.63 1194
b. Set the protocol to UDP or TCP.
In this example, UDP is enabled, and TCP is disabled.
proto udp
;proto tcp
c. Set the device mode to TAP or TUN.
In this example, TAP is disabled, and TUN is enabled.
dev tun
;dev tap
d. Set the cryptographic cipher.
|
BlowFish |
cipher BF-CBC |
|
AES-128 |
cipher AES-128-CBC |
|
AES-256 |
cipher AES-256-CBC |
|
Triple-DES |
cipher DES-EDE3-CBC |
In this example, AES-256 is set on server, then enable AES-256-CBC.
;cipher BF-CBC
;cipher AES-128-CBC
cipher AES-256-CBC
;cipher DES-EDE3-CBC
e. If Compression is enabled on server, you need to enable compression on the VPN client.
comp-lzo
f. If SSL/TLS and a ta.key is used on the server, you need to specify the TLS Authentication & TA Key.
tls-auth ta.key 1
g. Specify the CA certificate file used on server.
ca ca.crt
3. Specify the Windows client certificate and key file.
In this example, client.crt and client.key is specified.
cert client.crt
key client.key
4. Edit other options according to your need.
persist-key
persist-tun
verb 3
resolv-retry infinite
remote-cert-tls server
nobind
;dev-node MyTap
;remote-random
;http-proxy-retry
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
;mute 20
5. Save the client file.
You can rename client.ovpn to identify.