Step 9 — Generating Client Configurations
If you followed along with the guide, you created a client certificate and key named client1.crt and client1.key, respectively, in Step 4. You can generate a config file for these credentials by moving into your ~/client-configs directory and running Cloud Hosting in Europe the script you made at the end of the previous step:
- cd ~/client-configs
- sudo ./make_config.sh client1
This will create a file named client1.ovpn in your ~/client-configs/files directory:
- ls ~/client-configs/files
Outputclient1.ovpn
You need to transfer this file to the device you plan to use as the client. For instance, this could be VPS in Europe your local computer or a mobile device.
While the exact applications used to accomplish this transfer will depend on your device’s operating system and your personal preferences, a dependable and secure method KVM VPS in US West is to use SFTP (SSH file transfer protocol) or SCP (Secure Copy) on the backend. This will transport your client’s VPN authentication files over an encrypted connection.
Here is an example SFTP command using the client1.ovpn example which you can run from your local computer (macOS or Linux). It places the .ovpn file in your home directory:
- sftp sammy@your_server_ip:client-configs/files/client1.ovpn ~/
Here are several tools and tutorials for securely transferring files from the server to a local computer:
- WinSCP
- How To Use SFTP to Securely Transfer Files with a Remote Server
- How To Use Filezilla to Transfer and Manage Files Securely on your VPS
Step 10 — Installing the Client Configuration
This section covers how to install SSD VPS in Romania a client VPN profile on Windows, macOS, Linux, iOS, and Android. None of these client instructions are dependent on one another, so feel free to skip to whichever is applicable to your device.
The OpenVPN connection will have the same name as whatever you called the .ovpn file. In regards to this tutorial, this means that the connection is named client1.ovpn, aligning with the first client file you generated.
Windows
Installing
Download the OpenVPN client application for Windows from OpenVPN’s Downloads page. Choose the appropriate installer version for your version of Windows.
Note
OpenVPN needs administrative privileges to install.
After installing OpenVPN, copy the .ovpn file to:
C:\Program Files\OpenVPN\configWhen you launch OpenVPN, it will automatically see the profile and makes it available.
You must run OpenVPN as an administrator KVM Cloud VPS in Moldova each time it’s used, even by administrative accounts. To do this without having to right-click and select Run as administrator every time you use the VPN, you must preset this from an administrative account. This also means that standard users will need to enter the administrator’s password to use OpenVPN. On the other hand, standard users can’t properly connect to the server unless the OpenVPN application on the client has admin rights, so the elevated privileges are necessary.
To set the OpenVPN application to always run as an administrator, right-click on its shortcut icon and go to Properties. At the bottom of the Compatibility tab, click the button to Change settings for all users. In the new window, check Run this program as an administrator.
Connecting
Each time you launch the OpenVPN GUI, Windows will ask if you want to allow the program to make changes to your computer. Click Yes. Launching the OpenVPN client application only puts the applet in the system tray so that you can connect Reseller VPS in Europe and disconnect the VPN as needed; it does not actually make the VPN connection.
Once OpenVPN is started, initiate a connection by going into the system tray applet and right-clicking on the OpenVPN applet icon. This opens the context menu. Select client1 at the top of the menu (that’s your client1.ovpn profile) and choose Connect.
A status window will open showing the log output while the connection is established, and a message will show once the client is connected.
Disconnect from the VPN the same way: Go into the system tray applet, right-click the OpenVPN applet icon, select the client profile and click Disconnect.
macOS
Installing
Tunnelblick is a free, open source OpenVPN client for macOS. You can download the latest disk image from the Tunnelblick Downloads page. Double-click the downloaded .dmg file and follow the prompts to install.
Towards the end of the installation Dedicated Server in Europe process, Tunnelblick will ask if you have any configuration files. For simplicity, answer No and let Tunnelblick finish. Open a Finder window and double-click client1.ovpn. Tunnelblick will install the client profile. Administrative privileges are required.
Connecting
Launch Tunnelblick by double-clicking Tunnelblick in the Applications folder. Once Tunnelblick has been launched, there will be a Tunnelblick icon in the menu bar at the top right of the screen for controlling connections. Click on the icon, and then the Connect menu item to initiate the VPN connection. Select the client1 connection.
Linux
Installing
If you are using Linux, there are a variety Xeon Dedicated Server in Romania of tools that you can use depending on your distribution. Your desktop environment or window manager might also include connection utilities.
The most universal way of connecting, however, is to just use the OpenVPN software.
On Ubuntu or Debian, you can install it just as you did on the server by typing:
- sudo apt update
- sudo apt install openvpn
On CentOS you can enable the EPEL repositories and then install it by typing:
- sudo yum install epel-release
- sudo yum install openvpn
Configuring
Check to see if your distribution includes an /etc/openvpn/update-resolv-conf script:
- ls /etc/openvpn
Outputupdate-resolv-conf
Next, edit the OpenVPN client configuration file you transfered:
- nano client1.ovpn
If you were able to find an update-resolv-conf file, uncomment the three lines you added Managed Dedicated Server in Moldova to adjust the DNS settings:
client1.ovpn
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-confIf you are using CentOS, change the group directive from nogroup to nobody to match the distribution's available groups:
client1.ovpn
group nobodySave and close the file.
Now, you can connect to the VPN by just pointing the openvpn command to the client configuration Cloud Platform in Europe file:
- sudo openvpn — config client1.ovpn
This should connect you to your VPN.
iOS
Installing
From the iTunes App Store, search for and install OpenVPN Connect, the official iOS OpenVPN client application. To transfer your iOS client configuration onto the device, connect it directly to a computer.
The process of completing the transfer with iTunes is outlined here. Open iTunes on the computer and click on iPhone > apps. Scroll down to the bottom to the File Sharing section and click the OpenVPN app. The blank window to the right, OpenVPN Documents, is for sharing files. Drag the .ovpn file to the OpenVPN Documents window.
Now launch the OpenVPN app on the iPhone. You will receive a notification that a new profile is ready to import. Tap the green plus sign to import it.
Connecting
OpenVPN is now ready to use VPS per Hour in Europe with the new profile. Start the connection by sliding the Connect button to the On position. Disconnect by sliding the same button to Off.
Note
The VPN switch under Settings cannot be used to connect to the VPN. If you try, you will receive a notice to only connect using the OpenVPN app.
Android
Installing
Open the Google Play Store. Search for Shared Hosting in Europe and install Android OpenVPN Connect, the official Android OpenVPN client application.
You can transfer the .ovpn profile by connecting the Android device to your computer by USB and copying the file over. Alternatively, if you have an SD card reader, you can remove the device's SD card, copy the profile onto it and then insert the card back into the Android device.
Start the OpenVPN app and tap the menu to import the profile.
Then navigate to the location of the saved profile (the screenshot uses /sdcard/Download/) and select the file. The app will make a note that the profile was imported.
Connecting
To connect Web Hosting in Romania, simply tap the Connect button. You’ll be asked if you trust the OpenVPN application. Choose OK to initiate the connection. To disconnect from the VPN, go back to the OpenVPN app and choose Disconnect.
Step 11 — Testing Your VPN Connection (Optional)
Note: This method for testing your VPN connection will only work if you opted to route all your traffic through the VPN in Step 5.
Once everything is installed, a simple check confirms everything is working properly. Without having a VPN connection enabled, open a browser and go to DNSLeakTest.
The site will return the IP address assigned by your internet service provider and as you appear to the rest of the world. To check your DNS settings through the same website, click on Extended Test and it will tell you which DNS servers you are using.
Now connect the OpenVPN client to your server’s VPN and refresh the browser. A completely different IP address (that of your VPN server) should now appear, and this is how you appear to the world SSD Hosting in Moldova. Again, DNSLeakTest’s Extended Test will check your DNS settings and confirm you are now using the DNS resolvers pushed by your VPN.
Step 12 — Revoking Client Certificates
Occasionally, you may need to revoke a client certificate to prevent further access to the OpenVPN server.
To do so, navigate to the EasyRSA directory on your CA machine:
- cd EasyRSA-3.0.4/
Next, run the easyrsa script with the revoke option, followed by the client name you wish to revoke:
- ./easyrsa revoke client2
This will ask you to confirm the revocation by entering yes:
OutputPlease confirm you wish to revoke the certificate with the following subject:subject=
commonName = client2
Type the word 'yes' to continue, or any other input to abort.
Continue with revocation: yes
After confirming the action, the CA will fully revoke the client’s certificate. However, your OpenVPN server currently has no way to check whether any clients’ certificates have been revoked and the client will still have Data Center in Moldova access to the VPN. To correct this, create a certificate revocation list (CRL) on your CA machine:
- ./easyrsa gen-crl
This will generate a file called crl.pem. Securely transfer this file to your OpenVPN server:
- scp ~/EasyRSA-3.0.4/pki/crl.pem sammy@your_server_ip:/tmp
On your OpenVPN server, copy this file into your /etc/openvpn/ directory:
- sudo cp /tmp/crl.pem /etc/openvpn
Next, open the OpenVPN server configuration file:
- sudo nano /etc/openvpn/server.conf
At the bottom of the file, add the crl-verify option, which will instruct the OpenVPN server to check the certificate revocation list that we've created each time a connection attempt is made:
/etc/openvpn/server.conf
crl-verify crl.pemSave and close the file.
Finally, restart OpenVPN to implement the certificate revocation:
- sudo systemctl restart openvpn@server
The client should no longer be able to successfully connect to the server using the old credential.
To revoke additional clients, follow this process:
- Revoke the certificate with the
./easyrsa revoke client_namecommand - Generate a new CRL
- Transfer the new
crl.pemfile to your OpenVPN server and copy it to the/etc/openvpndirectory to overwrite the old list. - Restart the OpenVPN service.
You can use this process to revoke any certificates that you’ve previously issued for your server.
Conclusion
You are now securely traversing the internet protecting your identity, location, and traffic from snoopers and censors. If at this point you no longer need to issue certificates, it’s recommended that you turn off your CA machine or otherwise disconnect it from the internet until you need to add or revoke certificates. This will help to prevent attackers from gaining access to your VPN.
To configure more clients, you only need to follow steps 4 and 9–11 for each additional device. To revoke access to clients, just follow step 12.
