OpenVPN Gate

Posted on by



-->

Russia VPN Private - Openvpn Gate is a free unlimited VPN tunnel for Android, open sensitive websites, watch online videos, applications, secure WiFi hotspots and browse privately.

Windows clients Download and install the OpenVPN client (version 2.4 or higher) from the official OpenVPN website. Download the VPN profile for the gateway. This can be done from the Point-to-site configuration tab in the Azure portal, or 'New-AzVpnClientConfiguration' in PowerShell. VPN Gate Client download (for Windows, freeware) Simply install VPN Gate Client Plugin to SoftEther VPN Client. It will enable you to connect to any of our Public VPN Relay Servers of VPN Gate in a snap. It has a better throughput than L2TP, OpenVPN or SSTP. OpenVPN Access Server is a network security solution designed to help small to medium sized businesses. Find the right pricing plan for you. Private Internet Access is the leading VPN Service provider specializing in secure, encrypted VPN tunnels which create several layers of privacy and security providing you safety on the internet. Our service is backed by multiple gateways worldwide with access in 78+ countries, 101+ regions.

This article helps you configure a VPN client to connect to a virtual network using Point-to-Site VPN and Azure Active Directory authentication. Before you can connect and authenticate using Azure AD, you must first configure your Azure AD tenant. For more information, see Configure an Azure AD tenant.

Note

  • Azure AD authentication is supported only for OpenVPN® protocol connections.
  • Azure AD authentication requires the Azure VPN client, which is available only for Windows 10.

Working with client profiles

To connect, you need to download the Azure VPN Client and configure a VPN client profile on every computer that wants to connect to the VNet. You can create a client profile on a computer, export it, and then import it to additional computers.

To download the Azure VPN client

Use this link to download the Azure VPN Client. Please ensure that the Azure VPN Client has permission to run in the background. To check/enable the permission follow the steps below:

  1. Go to Start , then select Settings > Privacy > Background apps.
  2. Under Background Apps, make sure Let apps run in the background is turned On.
  3. Under Choose which apps can run in the background, turn settings for Azure VPN Client to On.

To create a certificate-based client profile

When working with a certificate-based profile, make sure that the appropriate certificates are installed on the client computer. For more information about certificates, see Install client certificates.

To create a RADIUS client profile

Note

The Server Secret can be exported in the P2S VPN client profile. Instructions on how to export a client profile can be found here.

To export and distribute a client profile

Once you have a working profile and need to distribute it to other users, you can export it using the following steps:

  1. Highlight the VPN client profile that you want to export, select the ..., then select Export.

  2. Select the location that you want to save this profile to, leave the file name as is, then select Save to save the xml file.

To import a client profile

  1. On the page, select Import.

  2. Browse to the profile xml file and select it. With the file selected, select Open.

  3. Specify the name of the profile and select Save.

  4. Select Connect to connect to the VPN.

  5. Once connected, the icon will turn green and say Connected.

Openvpn Gateway

OpenVPN

To delete a client profile

  1. Select the ellipses next to the client profile that you want to delete. Then, select Remove.

  2. Select Remove to delete.

Create a connection

  1. On the page, select +, then + Add.

  2. Fill out the connection information. If you are unsure of the values, contact your administrator. After filling out the values, select Save.

  3. Select Connect to connect to the VPN.

  4. Select the proper credentials, then select Continue.

  5. Once successfully connected, the icon will turn green and say Connected.

To connect automatically

These steps help you configure your connection to connect automatically with Always-on.

  1. On the home page for your VPN client, select VPN Settings.

  2. Select Yes on the switch apps dialogue box.

  3. Make sure the connection that you want to set is not already connected, then highlight the profile and check the Connect automatically check box.

  4. Select Connect to initiate the VPN connection.

Diagnose connection issues

  1. To diagnose connection issues, you can use the Diagnose tool. Select the ... next to the VPN connection that you want to diagnose to reveal the menu. Then select Diagnose.

  2. On the Connection Properties page, select Run Diagnosis.

  3. Sign in with your credentials.

  4. View the diagnosis results.

FAQ

Is the Azure VPN Client supported with Windows FIPS mode?

Yes, with the KB4577063 hotfix.

How do I add DNS suffixes to the VPN client?

You can modify the downloaded profile XML file and add the <dnssuffixes><dnssufix> </dnssufix></dnssuffixes> tags

How do I add custom DNS servers to the VPN client?

You can modify the downloaded profile XML file and add the <dnsservers><dnsserver> </dnsserver></dnsservers> tags

Note

The OpenVPN Azure AD client utilizes DNS Name Resolution Policy Table (NRPT) entries, which means DNS servers will not be listed under the output of ipconfig /all. To confirm your in-use DNS settings, please consult Get-DnsClientNrptPolicy in PowerShell.

How do I add custom routes to the VPN client?

You can modify the downloaded profile XML file and add the <includeroutes><route><destination><mask> </destination></mask></route></includeroutes> tags

Vpn Gate Download

How do I block (exclude) routes from the VPN client?

You can modify the downloaded profile XML file and add the <excluderoutes><route><destination><mask> </destination></mask></route></excluderoutes> tags

Can I import the profile from a command line prompt?

You can import the profile from a command line prompt by placing the downloaded azurevpnconfig.xml file in the %userprofile%AppDataLocalPackagesMicrosoft.AzureVpn_8wekyb3d8bbweLocalState folder and running the following command:

to force the import use the -f switch as well

Next steps

For more information, see Create an Azure Active Directory tenant for P2S Open VPN connections that use Azure AD authentication.

-->

This article helps you configure OpenVPN ® Protocol clients.

Before you begin

Verify that you have completed the steps to configure OpenVPN for your VPN gateway. For details, see Configure OpenVPN for Azure VPN Gateway.

Windows clients

  1. Download and install the OpenVPN client (version 2.4 or higher) from the official OpenVPN website.

  2. Download the VPN profile for the gateway. This can be done from the Point-to-site configuration tab in the Azure portal, or 'New-AzVpnClientConfiguration' in PowerShell.

  3. Unzip the profile. Next, open the vpnconfig.ovpn configuration file from the OpenVPN folder using Notepad.

  4. Export the point-to-site client certificate you created and uploaded to your P2S configuration on the gateway. Use the following article links:

    • VPN Gateway instructions

    • Virtual WAN instructions

  5. Extract the private key and the base64 thumbprint from the .pfx. There are multiple ways to do this. Using OpenSSL on your machine is one way. The profileinfo.txt file contains the private key and the thumbprint for the CA and the Client certificate. Be sure to use the thumbprint of the client certificate.

  6. Open profileinfo.txt in Notepad. To get the thumbprint of the client (child) certificate, select the text (including and between)'-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----' for the child certificate and copy it. You can identify the child certificate by looking at the subject=/ line.

  7. Switch to the vpnconfig.ovpn file you opened in Notepad from step 3. Find the section shown below and replace everything between 'cert' and '/cert'.

  8. Open the profileinfo.txt in Notepad. To get the private key, select the text (including and between) '-----BEGIN PRIVATE KEY-----' and '-----END PRIVATE KEY-----' and copy it.

  9. Go back to the vpnconfig.ovpn file in Notepad and find this section. Paste the private key replacing everything between and 'key' and '/key'.

  10. Do not change any other fields. Use the filled in configuration in client input to connect to the VPN.

  11. Copy the vpnconfig.ovpn file to C:Program FilesOpenVPNconfig folder.

  12. Right-click the OpenVPN icon in the system tray and click connect.

Mac clients

  1. Download and install an OpenVPN client, such as TunnelBlick.

  2. Download the VPN profile for the gateway. This can be done from the point-to-site configuration tab in the Azure portal, or by using 'New-AzVpnClientConfiguration' in PowerShell.

  3. Unzip the profile. Open the vpnconfig.ovpn configuration file from the OpenVPN folder in a text editor.

  4. Fill in the P2S client certificate section with the P2S client certificate public key in base64. In a PEM formatted certificate, you can simply open the .cer file and copy over the base64 key between the certificate headers. Use the following article links for information about how to export a certificate to get the encoded public key:

    • VPN Gateway instructions

    • Virtual WAN instructions

  5. Fill in the private key section with the P2S client certificate private key in base64. See the Export your private key on the OpenVPN site for information about how to extract a private key.

  6. Do not change any other fields. Use the filled in configuration in client input to connect to the VPN.

  7. Double-click the profile file to create the profile in Tunnelblick.

  8. Launch Tunnelblick from the applications folder.

  9. Click on the Tunnelblick icon in the system tray and pick connect.

Important

Openvpn Gate Japan

Only iOS 11.0 and above and MacOS 10.13 and above are supported with OpenVPN protocol.

iOS clients

  1. Install the OpenVPN client (version 2.4 or higher) from the App store.

  2. Download the VPN profile for the gateway. This can be done from the point-to-site configuration tab in the Azure portal, or by using 'New-AzVpnClientConfiguration' in PowerShell.

  3. Unzip the profile. Open the vpnconfig.ovpn configuration file from the OpenVPN folder in a text editor.

  4. Fill in the P2S client certificate section with the P2S client certificate public key in base64. In a PEM formatted certificate, you can simply open the .cer file and copy over the base64 key between the certificate headers. Use the following article links for information about how to export a certificate to get the encoded public key:

    • VPN Gateway instructions

    • Virtual WAN instructions

  5. Fill in the private key section with the P2S client certificate private key in base64. See Export your private key on the OpenVPN site for information about how to extract a private key.

  6. Do not change any other fields.

  7. E-mail the profile file (.ovpn) to your email account that is configured in the mail app on your iPhone.

  8. Open the e-mail in the mail app on the iPhone, and tap the attached file

  9. Tap on More if you do not see Copy to OpenVPN option

  10. Tap on Copy to OpenVPN

  11. Tap on ADD in the Import Profile page

  12. Tap on ADD in the Imported Profile page

  13. Launch the OpenVPN app and slide the switch in the Profile page right to connect

OpenVPN Gate

Pfsense Openvpn Gateway

Linux clients

  1. Open a new Terminal session. You can open a new session by pressing 'Ctrl + Alt + t' at the same time.

  2. Enter the following command to install needed components:

  3. Download the VPN profile for the gateway. This can be done from the Point-to-site configuration tab in the Azure portal.

  4. Export the P2S client certificate you created and uploaded to your P2S configuration on the gateway. Use the following article links:

    • VPN Gateway instructions

    • Virtual WAN instructions

  5. Extract the private key and the base64 thumbprint from the .pfx. There are multiple ways to do this. Using OpenSSL on your computer is one way.

    The profileinfo.txt file will contain the private key and the thumbprint for the CA, and the Client certificate. Be sure to use the thumbprint of the client certificate.

  6. Open profileinfo.txt in a text editor. To get the thumbprint of the client (child) certificate, select the text including and between '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----' for the child certificate and copy it. You can identify the child certificate by looking at the subject=/ line.

  7. Open the vpnconfig.ovpn file and find the section shown below. Replace everything between the and 'cert' and '/cert'.

  8. Open the profileinfo.txt in a text editor. To get the private key, select the text including and between '-----BEGIN PRIVATE KEY-----' and '-----END PRIVATE KEY-----' and copy it.

  9. Open the vpnconfig.ovpn file in a text editor and find this section. Paste the private key replacing everything between and 'key' and '/key'.

  10. Do not change any other fields. Use the filled in configuration in client input to connect to the VPN.

  11. To connect using the command line, type the following command:

  12. To connect using the GUI, go to system settings.

  13. Click + to add a new VPN connection.

  14. Under Add VPN, pick Import from file…

  15. Browse to the profile file and double-click or pick Open.

  16. Click Add on the Add VPN window.

  17. You can connect by turning the VPN ON on the Network Settings page, or under the network icon in the system tray.

Next steps

If you want the VPN clients to be able to access resources in another VNet, then follow the instructions on the VNet-to-VNet article to set up a vnet-to-vnet connection. Be sure to enable BGP on the gateways and the connections, otherwise traffic will not flow.

Openvpn Gate

'OpenVPN' is a trademark of OpenVPN Inc.