Configuring a connection to a VPN client (V2 service/self-signed certificate)

This section explains the procedure for configuring a (V2 service) connection to a VPN client.

Note:

This procedure has been confirmed using the following SSL-VPN client PC environment.

  • OS: Windows 7 Professional 64-bit, Japanese Version
  • VPN Client: OpenVPN 2.3.12
  1. Install OpenVPN.

    Download the installer from https://www.openvpn.jp/download/, and then perform installation.

    For details on the installation procedure, refer to the appendix "Setup of an SSL-VPN Client (Windows)" in the "Features Handbook".

  2. Edit the client configuration file.

    In the sample-config folder in the installation directory, copy the file client.ovpn to the config folder.

    It is necessary to save the CA certificate, the client certificates and private keys created in Creating certificates for SSL-VPN to the config folder.

    Open client.ovpn in the config folder using a text editor, and edit it as follows.

    • Lines beginning with "proto"

      proto tcp

    • Lines beginning with "remote"

      remote [Connection Target Server Address (Global IP Address of the SSL-VPN Connection Resource)] [Connection Target Port (443)]

    • Lines beginning with "ca"

      ca <CA Certificate Name>

    • Lines beginning with "cert"

      cert <Client Certificate Name>

    • Lines beginning with "key"

      key <Client_private_key_name>

    • Lines beginning with "comp-lzo"

      #comp-lzo

    • Lines beginning with "cipher"

      cipher AES-128-CBC

    • Lines beginning with "http-proxy" (Specified when connecting using an HTTP proxy server)

      http-proxy <HTTP Proxy Server Address> <HTTP Proxy Server Port Number> stdin basic

      stdin: When connecting to the HTTP proxy server, entry of a user name and password will be requested.

      basic: The authentication method will be basic authentication.

    Note:

    Example:

    proto tcp
remote xxx.xxx.xxx.xxx 443
ca ca.crt
cert client.crt
key client.key
#comp-lzo
cipher AES-128-CBC
http-proxy xxx.xxx.xxx.xxx 8080 stdin basic
  3. Start the OpenVPN client.

    Right-click the OpenVPN client icon, and select "Run as administrator" to start the OpenVPN client with administrator privileges.

  4. Connect over SSL-VPN.
    Note:

    To connect to a virtual server after establishing a SSL-VPN connection, it is necessary for the following to be configured to allow VPN tunnel network addresses to access the relevant virtual server.

    • The firewall of a virtual router for which SSL-VPN functionality has been configured
    • The security group allocated to the virtual server

    Start the client PC terminal, right-click the OpenVPN icon in the system tray, and then select [Connect].

    If the OpenVPN icon in the system tray turns green, then the SSL-VPN connection has been established.

    It is possible to connect to the virtual server by specifying its private IP address on the SSL-VPN client PC.

    * If you wish to terminate the SSL-VPN connection

    To terminate the connection, right-click the OpenVPN icon in the system tray, and select [Disconnect].

    If the OpenVPN icon turns grey, then the SSL-VPN connection has been terminated.