Configuring a Client

Limitations and Constraints

• When a VPN client connects to multiple servers, ensure that the client CIDR blocks configured for the servers do not overlap with each. Otherwise, the client may be assigned the same IP address for connecting to different servers, causing connection failures.
• A client can establish only one VPN connection with a VPN gateway.
• After DNS is configured on the OpenVPN client, the new DNS configuration inherits or overwrites the original DNS configuration. As a result, domain names in the original DNS configuration fail to be resolved, causing access failures.

Precautions

Exercise caution when adding, deleting, or modifying the local CIDR block of a VPN gateway, client CIDR block of a VPN connection, client authentication type, and access policy, since these operations may interrupt the network.

Windows Client (OpenVPN GUI)

The following uses OpenVPN GUI v2.6.6 (I001) as an example to describe how to install the client. The installation pages may vary according to the software version.

You are advised to use OpenVPN GUI 2.6 or later on Windows operating systems.

1. Download the OpenVPN GUI installation package and install it as prompted.

   The installation package varies according to the Windows operating system as follows:

   • For a 32-bit Windows operating system, download the Windows 32-bit MSI installer.
   • For a 64-bit Windows operating system, download the Windows 64-bit MSI installer.
   • For a 64-bit Windows ARM-based operating system, download the Windows ARM64 MIS installer.

2. Click OpenVPN GUI in the Start menu to start the client.

   The message "OpenVPN GUI is already running. Right click on the tray icon to start." is displayed in the lower right corner.

3. Right-click the icon on the Windows taskbar, choose Import > Import file, and import the configuration file with the client certificate and private key added.

   When the file is imported, the message "File imported successfully." is displayed in the lower right corner.

4. In the Open dialog box, select the configuration file with the client certificate and private key added, and click Open.
5. Right-click the icon on the Windows taskbar, and choose Connect.

Windows Client (OpenVPN Connect)

The following uses OpenVPN Connect 3.5.0 (3818) as an example to describe how to install the client. The installation pages may vary according to the software version.

You are advised to use OpenVPN Connect 3.4.4 or later on Windows operating systems.

1. Download OpenVPN Connect from the OpenVPN official website, and install it as prompted.
2. Start the OpenVPN Connect client. Then, add configuration information and establish a VPN connection using either of the following methods.
   • Method 1: Use the configuration file (with the client certificate and private key added) to establish a VPN connection.

     Start the OpenVPN client, import the configuration file (with the client certificate and private key added), and establish a VPN connection.

   • Method 2: Use the original configuration file (without the client certificate and private key) and a USB key to establish a VPN connection.
     1. Initialize a USB key.

        The following uses Longmai's mToken GM3000 administrator tool (v2.2.19.619) as an example to describe how to create a USB key. When the USB key is successfully initialized, remove and insert the USB key.

     2. Import the client certificate to the USB key.

     3. Use the USB key to establish a VPN connection.

        In OpenVPN Connect, import the configuration file without the client CA certificate and private key from the USB key, and click CONNECT.

     

     • When the connection is being established, do not remove the USB key.
     • After the connection is established, it will not be interrupted if you remove the USB key, and you can tear down this connection manually. However, the connection will fail to be re-established after you remove the USB key.
     If information similar to the following is displayed, the connection is successfully established.

     Figure 1 Connection established
     

Linux Client

The following describes how to install the OpenVPN client on the Ubuntu 22.04 (Jammy) operating system (openvpn_2.5.8-0ubuntu0.22.04.1_amd64). The installation commands vary according to the Linux operating system. You are advised to use OpenVPN 2.5 or later on Linux operating systems. (OpenVPN 2.5 does not support DCO, so you need to comment out disable-dco in the configuration file.)

1. Open the CLI.
2. Run the following command to install the OpenVPN client:

   yum install -y openvpn

3. Copy the content of the client configuration file (with the client certificate and private key added) to the /etc/openvpn/conf/ directory.
4. Go to the /etc/openvpn/conf/ directory, and run the following command to establish a VPN connection:

   openvpn --config /etc/openvpn/conf/config.ovpn --daemon

   

   On Linux, you are advised not to modify the DNS configuration of the OS after starting OpenVPN. Otherwise, the new DNS configuration of the OS will be overwritten by the DNS configuration of the OpenVPN client when OpenVPN is started next time.

macOS Client (OpenVPN Connect)

The following uses OpenVPN Connect (3.4.4.4629) as an example to describe how to install the client. The installation pages may vary according to the software version.

1. Visit the OpenVPN official website, and download the OpenVPN Connect installer based on the hardware of your device.
2. Install OpenVPN Connect as prompted.
3. Start the OpenVPN Connect client, import the configuration file (with the client certificate and private key added), enter the configuration information, and establish a VPN connection.
   If information similar to the following is displayed, the connection is successfully established.

   Figure 2 Connection established
   

macOS Client (Tunnelblick)

The following uses Tunnelblick (3.8.8d) as an example to describe how to install the client. The installation pages may vary according to the software version.

1. Download Tunnelblick from the official website.

   Download the software of a required release. An official release is recommended. You are advised to download the software in DMG format.

2. Install Tunnelblick as prompted.
3. Start the Tunnelblick client, upload the configuration file (with the client certificate and private key added) to the Tunnelblick client, and establish a VPN connection.

   You need to comment out disable-dco in the configuration file.

Android Client

The following uses OpenVPN (3.3.4) as an example to describe how to install the client. The installation pages may vary according to the software version.

You are advised to use OpenVPN 3.3.2 or later on Android operating systems.

1. Download the OpenVPN client (Android) and install it.
2. Start the OpenVPN client, import the configuration file (with the client certificate and private key added), and establish a VPN connection.

   A connection request is displayed on the app screen. Tap OK.

   If information similar to the following is displayed, the connection is successfully established.

   Figure 3 Connection established
   

iOS Client

The following uses OpenVPN Connect (3.4.0) as an example to describe how to install the client. The installation pages may vary according to the software version.

1. Search for "OpenVPN Connect" in the App Store, download the software, and install it.
2. Download the client configuration file client_config.ovpn, and add the client certificate and private key to this file. Start OpenVPN Connect, and import the client configuration file as prompted.
   If information similar to the following is displayed, the connection is successfully established.

   Figure 4 Connection established