Configuring Client Side

  • Navigate to VPN > OpenVPN, Client tab on the client system
  • Click   Add to create a new OpenVPN client instance
  • Fill in the fields as follows, with everything else left at defaults:

Server Mode Select Peer to Peer (Shared Key).

Server host or address Enter the public IP address or hostname of the OpenVPN server here (e.g. 198.51.100.3).

Description Enter text to describe the connection (e.g. ExampleCo Site A VPN)

Shared key Uncheck Automatically generate a shared key, then paste in the shared key for the con- nection using the key copied from the server instance created previously.

Tunnel Network Must match the server side exactly (e.g. 10.3.100.0/30)

Remote network Enter the LAN network on the Site A side, 10.3.0.0/24

  • Click Save

A rule must also be added to the OpenVPN interface to pass traffic over the VPN from the Server-side LAN to the Client-side LAN. An “Allow all” style rule may be used, or a set of stricter rules. In this example allowing all traffic is OK so the following rule is made:

  • Navigate to Firewall > Rules, OpenVPN tab
  • Click  Add to create a new rule at the top of the list
  • Set Protocol to any
  • Enter a Description such as Allow all on OpenVPN
  • Click Save
  • Click Apply changes

The configuration of the client is complete. No firewall rules are required on the client side WAN interface because the client only initiates outbound connections. The server never initiates connections to the client.

Note: With remote access PKI configurations, typically routes and other configuration options are not defined on the client configuration, but rather they are pushed from the server to the client. With shared key deployments, routes and other parameters must be defined on both ends as needed, options cannot be pushed from the server to clients when using shared keys.

© Copyright 2025 . All Rights Reserved. AZTCO-FW| Developed By AZTCO-FW. Powered by AZTCO.