Categories
Uncategorized

Deploy OpenVPN Clients for Remote Connectivity

This article is building on a set of guides on how to set up a TP-Link router as an OpenVPN server. However this information isn’t specific to TP-Link, and if you have an .OVPN file, the steps below will get you up and running.

Select a Client

The first thing you’ll need is OpenVPN client software. Any OpenVPN compatible software client will work, and OpenVPN has their own client they produce. Here are some suggestions for various operating systems.

Windows

OpenVPN Connect – From Open VPN is good, and easy to use. The link is for a beta version of the client, there is a link on that page to the current stable release.

Pritunl – An open source client for their OpenVPN system. It’s my personal recommendation. It’s easy to configure and use.

Mac OS

OpenVPN Official Client – I can’t really test these as I am not a Mac user. However, it ranks pretty high on a few lists I looked up for it.

Tunnelblick – Most of the lists I saw put this higher than the OpenVPN client. So it might be better. It seems to be well documented.

Android

OpenVPN Official Client – I tried a bunch of clients for Android. Honestly, this was the easiest to use, and a lot just looked like clones. No ads, just a free OpenVPN client.

iOS

OpenVPN Official Client – As with Android, I tried a few different clients on my iPad and this one was by far the best.

Deploy Clients

Once you’ve picked a client and installed them on your remote device you need to import a profile.

Windows/MacOS

Typically all you need to do to import the profile into the Windows client is find the .OVPN file and double click on it. The client will ask you if you are sure, click OK then click the “Add” button on the upper right once it imports the profile. I assume this works just the same on a Mac.

It will ask if you wan to import the file or not.
Click Add to finish the import.

You can also import directly by opening the client and clicking on the file tab. You simply browse for or drag the .ovpn file into the client.

Android

The process for importing a profile on Android is identical to Windows. The tricky part is getting the .ovpn file to your phone or tablet.

The best method I’ve found to get the file to an Android phone is to use a service like OneDrive or Google Drive to create a shareable link. You can then e-mail or share the link via text messaging services. Once the user clicks on it they’ll be given the option to open it in OpenVPN and add the profile.

You can also e-mail the profile as an attachment, download the attachment then browse for it from the Client.

iOS

iOS does not make this very easy compared to Windows and Android. You can’t use a shareable link.

You can use iTunes Sync to drop the file into OpenVPN Connect according to the instructions. I suggest the less secure but also less annoying method of simply emailing, or Airdropping the .ovpn file and importing it into the client that way.

Connecting to VPN

Once all the profiles are imported, to connect it’s as simple as connecting to the internet somewhere other than the network you’re connecting to. Use a hotspot, go to a coffee shop, McDonalds, or even your home network (assuming you aren’t connecting to your home). Open the OpenVPN client and hit the connect slide, then try to access something on the remote network, like your file server.

2 replies on “Deploy OpenVPN Clients for Remote Connectivity”

I have deployed Open VPN server on a TP-Link Archer VR2100 (brand new) and am now trying to reply the Open VPN Client on my Macbook Air (just downloaded from Open VPN).
Everything seems to have installed OK and I have imported the opvn. However, I’m getting an error that says “Server TLS version too low.”
I’m guessing that the router has some old software that might need updating, but it is brand new.

There’s been some changes to best practices regarding TLS pretty recently. I’d check and see if there’s a firmware update for the router. Just because it’s brand new doesn’t mean it hasn’t been sitting in a warehouse for several months or even a year prior to release. I’ve had them be out of date by 2-3 versions right out of the box. That’s the first thing I’d check. Fortunately, updating the firmware won’t mess up your work or anything. I’ve been using the same config for an AC1750 for at least 3 years and many firmware updates without having to change anything.

Also make sure you’re on a separate network from your home network (I usually disconnect my cell phone from Wi-Fi and tether my laptop or whatever to it to test). VPN servers sometimes give weird errors when you’re on the same network that don’t really indicate the problem is you’re on the same network.

Also I’m not 100% familiar with that model (I’ve been using the same AC1750 for years, as I’ve stated), but there might be a setting somewhere to remove its use of various TLS versions. You’ll want to use TLS 1.2 I think. The other option is you might just need an older version of the OpenVPN client. The router I’ve set up for this is pretty old and seems to work with the new OpenVPN client pretty well. I see some forum posts on TP-Link’s website complaining about this issue so there might be an update in the tube and it might just be a waiting game.

Leave a Reply

Your email address will not be published. Required fields are marked *