Configuring a Client

Limitations and Constraints

• When a VPN client connects to multiple servers, ensure that the client CIDR blocks configured for the servers do not overlap with each. Otherwise, the client may be assigned the same IP address for connecting to different servers, causing connection failures.
• A client can establish only one VPN connection with a VPN gateway.
• OpenVPN 2.5 or later is recommended.

Windows Client (OpenVPN Connect)

The following uses OpenVPN Connect 3.4.2 (3160) as an example to describe how to install the client. The installation pages may vary according to the software version.

1. Download OpenVPN Connect from the OpenVPN official website, and install it as prompted.
2. Start the OpenVPN Connect client. Then, add configuration information and establish a VPN connection using either of the following methods.
   • Method 1: Use the configuration file (with the client certificate and private key added) to establish a VPN connection.

     Start the OpenVPN client, import the configuration file (with the client certificate and private key added), and establish a VPN connection.

   • Method 2: Use the original configuration file (without the client certificate and private key) and a USB key to establish a VPN connection.
     1. Initialize a USB key.

        The following uses Longmai's mToken GM3000 administrator tool (v2.2.19.619) as an example to describe how to create a USB key. When the USB key is successfully initialized, remove and insert the USB key.

     2. Import the client certificate to the USB key.

     3. Use the USB key to establish a VPN connection.

        In OpenVPN Connect, import the configuration file without the client CA certificate and private key from the USB key, and click CONNECT.

     

     • When the connection is being established, do not remove the USB key.
     • After the connection is established, it will not be interrupted if you remove the USB key, and you can tear down this connection manually. However, the connection will fail to be re-established after you remove the USB key.
     If information similar to the following is displayed, the connection is successfully established.

     Figure 1 Connection established
     

Windows Client (OpenVPN GUI)

The following uses OpenVPN GUI v2.6.6 (I001) as an example to describe how to install the client. The installation pages may vary according to the software version.

1. Download the OpenVPN GUI installation package and install it as prompted.

   The installation package varies according to the Windows operating system as follows:

   • For a 32-bit Windows operating system, download the Windows 32-bit MSI installer.
   • For a 64-bit Windows operating system, download the Windows 64-bit MSI installer.
   • For a 64-bit Windows ARM-based operating system, download the Windows ARM64 MIS installer.

2. Start the OpenVPN GUI client. In the Windows taskbar, right-click the OpenVPN GUI icon and choose Import > Import file from the shortcut menu.
3. In the Open dialog box, select the configuration file with the client certificate and private key added, and click Open.
4. Right-click the OpenVPN GUI icon and choose Connect.

Linux Client

The following describes how to install the OpenVPN client on the Ubuntu 22.04 (Jammy) operating system (openvpn_2.5.8-0ubuntu0.22.04.1_amd64). The installation commands vary according to the Linux operating system. (Version 2.5 does not support dco. You need to comment out disable-dco in the configuration file.)

1. Open the CLI.
2. Run the following command to install the OpenVPN client:

   yum install -y openvpn

3. Copy the content of the client configuration file (with the client certificate and private key added) to the /etc/openvpn/conf/ directory.
4. Go to the /etc/openvpn/conf/ directory, and run the following command to establish a VPN connection:

   openvpn --config /etc/openvpn/conf/config.ovpn --daemon

macOS Client (Tunnelblick)

The following uses Tunnelblick (3.8.8d) as an example to describe how to install the client. The installation pages may vary according to the software version.

1. Download Tunnelblick from the official website.

   Download the software of a required release. An official release is recommended. You are advised to download the software in DMG format.

2. Install Tunnelblick as prompted.
3. Start the Tunnelblick client, upload the configuration file (with the client certificate and private key added) to the Tunnelblick client, and establish a VPN connection.

macOS Client (OpenVPN Connect)

The following uses OpenVPN Connect (3.4.4.4629) as an example to describe how to install the client. The installation pages may vary according to the software version.

1. Visit the OpenVPN official website, and download the OpenVPN Connect installer based on the hardware of your device.
2. Install OpenVPN Connect as prompted.
3. Start the OpenVPN Connect client, import the configuration file (with the client certificate and private key added), enter the configuration information, and establish a VPN connection.
   If information similar to the following is displayed, the connection is successfully established.

   Figure 2 Connection established
   

Android Client

The following uses OpenVPN (3.3.4) as an example to describe how to install the client. The installation pages may vary according to the software version.

1. Download the OpenVPN client (Android) and install it.
2. Start the OpenVPN client, import the configuration file (with the client certificate and private key added), and establish a VPN connection.

   A connection request is displayed on the app screen. Tap OK.

   If information similar to the following is displayed, the connection is successfully established.

   Figure 3 Connection established
   

iOS Client

The following uses OpenVPN Connect (3.4.0) as an example to describe how to install the client. The installation pages may vary according to the software version.

1. Search for "OpenVPN Connect" in the App Store, download the software, and install it.
2. Download the client configuration file client_config.ovpn, and add the client certificate and private key to this file. Start OpenVPN Connect, and import the client configuration file as prompted.
   If information similar to the following is displayed, the connection is successfully established.

   Figure 4 Connection established